File: snort.config

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: buster, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (141 lines) | stat: -rw-r--r-- 4,314 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
 
#!/bin/sh -e

. /usr/share/debconf/confmodule
test $DEBIAN_SCRIPT_DEBUG && set -v -x

INTERFACES=""
if [ -r /etc/snort/snort.debian.conf ] ; then
    . /etc/snort/snort.debian.conf
    # Set the variables in debconf using the configuration values 
    # (if defined)
    [ ! -z "$DEBIAN_SNORT_STARTUP" ] && { db_set snort/startup "$DEBIAN_SNORT_STARTUP"; db_fset snort/startup seen true ; }
    [ ! -z "$DEBIAN_SNORT_HOME_NET" ] && { db_set snort/address_range "$DEBIAN_SNORT_HOME_NET"; db_fset snort/address_range seen true ; }
    if [ ! -z "$DEBIAN_SNORT_OPTIONS" ] ; then
        # Remove the -p option wich is added in postinst due to the 'DISABLE_PROMISCUOUS' debconf option
        DEBIAN_SNORT_OPTIONS=`echo "$DEBIAN_SNORT_OPTIONS" | sed -e 's/ -p$//'`
        db_get snort/reverse_order
        if [ "x$RET" = "xyes" ]; then
        # Remove the -o option which was introduced by Debconf
        # (snort/reverse_order) in versions previous to 2.8.5.2-2
            DEBIAN_SNORT_OPTIONS=`echo "$DEBIAN_SNORT_OPTIONS" | sed -e 's/ -o$//'`
        fi

        db_set snort/options "$DEBIAN_SNORT_OPTIONS" 
        db_fset snort/options seen true 
    fi
    [ ! -z "$DEBIAN_SNORT_INTERFACE" ] && { db_set snort/interface "$DEBIAN_SNORT_INTERFACE"; db_fset snort/interface seen true ; }
    [ ! -z "$DEBIAN_SNORT_SEND_STATS" ] && { db_set snort/send_stats "$DEBIAN_SNORT_SEND_STATS"; db_fset snort/send_stats seen true ; }
    [ ! -z "$DEBIAN_SNORT_STATS_RCPT" ] && { db_set snort/stats_rcpt "$DEBIAN_SNORT_STATS_RCPT" ; db_fset snort/stats_rcpt  seen true ; }
    [ ! -z "$DEBIAN_SNORT_STATS_THRESHOLD" ] && { db_set snort/stats_treshold "$DEBIAN_SNORT_STATS_THRESHOLD"; db_fset snort/stats_treshold seen true ; }
fi

check_interfaces() {
# Check the interface status, abort with error if one is configured but it
# is not available
      [ -z "$INTERFACES" ] && return 0
      ints=`echo $INTERFACES | sed -e  's/,/ /g'`
      for iface in $ints; do
	      if ! LC_ALL=C ifconfig "$iface" 2>/dev/null | grep -w UP >/dev/null; then
		      return 1
	     fi
      done
      return 0
}

db_input low snort/startup || true
db_go

# /etc/ppp/ip-up.d/snort is called with interface and IP number
db_get snort/startup
if [ "x$RET" = "xdialup" ]; then
  db_set snort/interface ""
  db_set snort/address_range ""
  db_set snort/disable_promiscuous true
else
  db_beginblock
  # Interface default in case the configuration file does not exist
  if [ -z "$DEBIAN_SNORT_INTERFACE" ] ; then
  	INTERFACES=eth0
  else 
  	INTERFACES="$DEBIAN_SNORT_INTERFACE"
  fi

  # Ask for a valid set of interfaces
  ok=''
  count=0
  while [ ! "$ok" ] && [ "$count" -lt 2 ]; do
  # Depending on whether the default interface is up or down we set the
  # question priority
        priority='medium'
	if ! check_interfaces
	then
	    priority='high'
	    db_fset snort/interface seen false 
	fi
	set +e
	db_input $priority snort/interface
        if [ $? -eq 30 ]; then
	# User is not being shown the question, break out
	     break
	fi
	set -e
	db_go || true
   # Check the interfaces
	db_get snort/interface
	INTERFACES=$RET
	if ! check_interfaces ; then
	  db_fset snort/invalid_interface seen false 
	  db_input critical snort/invalid_interface
	else
	  ok='yes'
        fi
	# Increment the count, we only go through this two times
	count=$(($count+1))
  done

  db_input high snort/address_range || true
  db_input low snort/disable_promiscuous || true
  db_endblock
  db_go
fi

db_beginblock
db_input low snort/options || true
db_endblock
db_go

db_beginblock
db_input low snort/send_stats || true
db_go

db_get snort/send_stats
if [ "x$RET" = "xtrue" ]; then
# TODO: This values should not be empty (even
# if we default to 'root' and '1' in the scripts)
# so the config script should check wether the 
# values here are legitimate.
	db_beginblock
	db_input medium snort/stats_rcpt || true
	db_input low snort/stats_treshold || true
	db_endblock
	db_go
fi

DEFAULT=/etc/default/snort
PARAMETERS=/etc/snort/snort.common.parameters
if [ -e "$DEFAULT" ] && [ -e "$PARAMETERS" ] ; then
	db_beginblock
	db_input high snort/config_parameters || true
	db_endblock
	db_go
fi

db_get snort/startup
if [ "x$RET" = "xmanual" ]; then
	db_beginblock
	db_input medium snort/please_restart_manually || true
	db_endblock
	db_go
fi

db_stop