Automatic Updates

Use the following command to set up idsupdate. If the directory /usr/nr/bin is not in root's execution path, use the full pathname. The format for the idsupdate command is as follows:

idsupdate username@ftpserver/<directory> <FTP Password> <Day> <hh:mm>

The components of this command are

• ftpserver  Must be an IP address

• /   separates the FTP server and the FTP home directory

• directory   The name of the directory that is relative to the ftp home directory. For example, if the FTP home directory is /usr/home/ftp and the directory name is updates, then the FTP server will look in /usr/home/ftp for a directory named "updates" where the service packs and signature updates can be found. The directory specified can include several levels of subdirectories.

• Day   Consists of a comma-separated list of one to seven digits that have the values of 0–6. Each day of the week is specified by a single number according to the following convention: 0=Sunday, 1=Monday, 2=Tuesday, 3=Wednesday, 4=Thursday, 5=Friday, and 6=Saturday.

• hh:mm   Represents the hour and minutes in 24-hour military convention.

For example, to update the IDS 3.1 sensor at 11:15 p.m. every night with updates from the updates directory on the FTP host 10.1.1.101 using the netrangr account with the password attack, the following command can be used:

sensor# /usr/nr/bin/idsupdate netrangr@10.1.1.101/updates attack 
0,1,2,3,4,5,6 23:15