Snort
G Rajesh
grajeshiyer at myrealbox.com
Sat Apr 3 13:45:26 UTC 2004
Hi,
Few days ago, I sought your help to make snort start
dynamically/automatically at the connection of dial up modem, as in
Suse. I was suggested to compare the scripts in Suse with that of
Fedora. I did that but I could not make much out of it as I am not the
developer/programmer. But I have given the scripts, as in Suse, as
under. Can some developer be kind enough to correct the same to suit our
Fedora?
The file /etc/init.d/snort is as under:
#! /bin/sh
# Copyright (c) 1995-2002 SuSE, Germany.
#
# Author: Andreas Hasenack
# Mads Martin Jørgensen
#
### BEGIN INIT INFO
# Provides: snort
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop:
# Description: snort packet-sniffer/logger
### END INIT INFO
SNORT_BIN=/usr/bin/snort
if [ -s /etc/rc.status ] ; then
. /etc/rc.status
fi
if [ -s /etc/sysconfig/snort ] ; then
. /etc/sysconfig/snort
else
echo "/etc/sysconfig/snort not found."
return=$rc_failed
rc_exit
fi
if [ ! -n "$SNORT_INTERFACE" -o -z "$SNORT_INTERFACE" ]; then
echo "Error, you must specify an interface in /etc/sysconfig/snort"
return=$rc_failed
rc_exit
fi
if [ "$SNORT_PROMISC" = "yes" ]; then
PROMISC=
else
PROMISC=-p
fi
if [ ! -n "$SNORT_USER" -o -z "$SNORT_USER" ]; then
# safe default
SNORT_USER=snort
fi
if [ ! -n "$SNORT_GROUP" -o -z "$SNORT_GROUP" ]; then
# safe default
SNORT_GROUP=snort
fi
return=$rc_done
case "$1" in
start)
if [ ! "$SNORT_ACTIVATE" = "yes" ]; then
echo -n "Warning, if $SNORT_INTERFACE goes down, snort will "
echo "NOT be restarted automatically!"
echo -n "Check /etc/sysconfig/snort for more details on the"
echo "SNORT_ACTIVATE entry"
fi
echo -n "Starting snort"
if ! /sbin/ip l l $SNORT_INTERFACE > /dev/null 2>&1; then
echo "Interface $SNORT_INTERFACE does not exist or is not up"
return=$rc_failed
rc_exit
fi
# change /etc/snort/snort.conf to reflect this if the user asked for it
# AUTO is defined in /etc/sysconfig/snort
if [ "$SNORT_AUTO" = "yes" ]; then
temp=`mktemp /etc/snort/snort.conf.XXXXXX`
if [ -f $temp ]; then
chown root:snort $temp
chmod 0640 $temp
cat /etc/snort/snort.conf | \
sed -e "s,^var[ ]\+HOME_NET.*$,var HOME_NET
\$${SNORT_INTERFACE}_ADDRESS,g" > $temp
[ -s $temp ] && mv -f $temp /etc/snort/snort.conf \
|| rm $temp
else
echo -n "Warning, couldn't update HOME_NET in "
echo "/etc/snort/snort.conf!"
return=$rc_failed
rc_exit
fi
fi
startproc $SNORT_BIN -d -D -i $SNORT_INTERFACE $PROMISC \
-l /var/log/snort -u $SNORT_USER -g $SNORT_GROUP -c
/etc/snort/snort.conf \
$SNORT_EXTRA_OPTIONS
rc_status -v
;;
stop)
echo -n "Shutting down snort"
killproc -TERM $SNORT_BIN || return=$rc_failed
rm -f /var/run/snort*.pid
#echo -e "$return"
rc_status -v
;;
status)
checkproc $SNORT_BIN
rc_status -v
;;
reload)
echo -n "Reloading snort"
killproc -HUP $SNORT_BIN
rc_status -v
;;
force-reload)
echo -n "Reload snort "
killproc -HUP $SNORT_BIN
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
activate)
echo "Activating automatic snort startup on interface startup"
temp=`mktemp /etc/sysconfig/snort.XXXXXX`
if [ -f $temp ]; then
cat /etc/sysconfig/snort | sed -e
"s,^SNORT_ACTIVATE=.*$,SNORT_ACTIVATE=yes,g" > $temp
if [ -s $temp ]; then
mv -f $temp /etc/sysconfig/snort
rc_status -v
else
echo -n "Couldn't set ACTIVATE to 'yes' in"
echo "/etc/sysconfig/snort"
echo "(zero size file after applying sed)"
return=$rc_failed
rc_exit
fi
rm -f $temp
else
echo -n "Couldn't set ACTIVATE to 'yes' in "
echo "/etc/sysconfig/snort"
echo "(temp file creation error)"
return=$rc_failed
rc_exit
fi
;;
deactivate)
echo "Deactivating automatic snort startup on interface startup"
temp=`mktemp /etc/sysconfig/snort.XXXXXX`
if [ -f $temp ]; then
cat /etc/sysconfig/snort | sed -e
"s,^SNORT_ACTIVATE=.*$,SNORT_ACTIVATE=no,g" > $temp
if [ -s $temp ]; then
mv -f $temp /etc/sysconfig/snort
rc_status -v
else
echo -n "Warning, couldn't set ACTIVATE to 'no' in "
echo "/etc/sysconfig/snort"
echo "(zero size file after applying sed)"
return=$rc_failed
rc_exit
fi
rm -f $temp
else
echo -n "Warning, couldn't set ACTIVATE to 'no' in "
echo "/etc/sysconfig/snort"
echo "(temp file creation error)"
return=$rc_failed
rc_exit.
fi
;;
*)
echo "Usage: $0
{start|stop|status|restart|try-restart|reload|force-reload|activate|deactivate}"
exit 1
;;
esac
rc_exit
The file /etc/sysconfig/snort is as under:
## Path: Network/Monitors/Snort
## Description: System wide configuration file for the snort daemon
## Type: string(eth0)
## Default: eth0
## ServiceRestart: snort
# put here the interface you whish snort to monitor
# please note that the startup script
# will also modify /etc/snort/snort.conf to reflect this
# Note: this interface better be up before starting snort!
SNORT_INTERFACE="ppp0"
## Type: yesno
## Default: no
# set ACTIVATE to 'yes' if you want snort to be run everytime
# the INTERFACE goes up. If you really want to use snort, you
# should set this to 'yes'.
# the init script can also be used to toggle this setting
SNORT_ACTIVATE="yes"
## Type: yesno
## Default: yes
# setting AUTO to 'yes' will have the startup script change the
# HOME_NET variable in /etc/snort/snort.conf to the INTERFACE's
# address everytime snort is started via the init script
# i.e., it will change the line
# var HOME_NET blabla
# to
# var HOME_NET $eth0_ADDRESS
# if INTERFACE were set to eth0
# If you want more control over snort's behaviour, set this to 'no'
SNORT_AUTO="yes"
## Type: yesno
## Default: no
# 'yes' will put the interface in promiscuous mode, anything
# else will disable this
SNORT_PROMISC="no"
## Type: string(snort)
## Default: snort
# user/group privileges with which snort should run
# Unless you are going to use flexresp, don't change these,
# because currently (1.8.7b) flexresp needs root privileges
SNORT_USER="snort"
## Type: string(snort)
## Default: snort
SNORT_GROUP="snort"
## Type: string
## Default: ""
# extra parameters. These are inserted at the end of snort's command
# line. Please do not repeat options already used, check the startup
# script if in doubt
SNORT_EXTRA_OPTIONS=""
Now, you may ask what happened when I copied these files to our Fedora:
The error messages are like this:
rc_status: command not found
rc_exit: commmand not found
I feel this automatic/dynamic activation will be very useful for
newbies/non-techies.
Thanks is advance.
Rajesh
More information about the fedora-list
mailing list