Date: Tue, 4 Oct 2011 19:33:39 GMT From: Michael Scheidell <scheidell@secnap.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/161286: security/snort update: multi-interface patch for snort.sh.in Message-ID: <201110041933.p94JXd5l073580@red.freebsd.org> Resent-Message-ID: <201110041940.p94Je9Wk027956@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 161286 >Category: ports >Synopsis: security/snort update: multi-interface patch for snort.sh.in >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Oct 04 19:40:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: lots of them >Organization: SECNAP Network Security Corp >Environment: >Description: based on swatch_1.conf multi-conf files, and barnard2_1.conf files. this will allow multiple interfaces to be used with one copy of snort multiple interfaces, multiple conf files, one rc.d file. (I use it like: snort_rules="bge0 bge1" barnyard2_rules="$snort_rules" note: if you have multiple snort on one interface, you need to use additional rc.conf options to separate out pid's >How-To-Repeat: use multiple interfaces, and/ or snort instances. >Fix: this patch: (can be applied to snort 2.8.x also) note: I don't think you need to do a ports bump. if you need this, you add it. if not, no reason to rebuild ports. note2: upward compatible to only one conf file note3: you can do one conf/inf at a time with: service snort restart bge0 Patch attached with submission follows: --- snort.sh.in 2011-02-09 01:50:03.000000000 -0500 +++ /tmp/snort 2011-10-04 15:31:53.000000000 -0400 @@ -22,6 +22,9 @@ # restart! # Default: "" # +# to enable multi interface, use: +# snort_rules="eth0 eth1" +# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc . /etc/rc.subr @@ -42,4 +45,28 @@ [ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf" [ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression" -run_rc_command "$1" +if [ -n "$snort_rules" ]; then + _1=$1 + if [ $# -gt 1 ]; then shift; snort_rules=$*; fi + snort_conf="" + snort_flags="" + rc=0 + for i in ${snort_rules}; do + eval _conf=\$snort_${i}_conf + eval _flags=\$snort_${i}_flags + [ -z "$_flags" ] && _flags="-D -q" + eval _intf=\$snort_${i}_interface + eval _expr=\$snort_${i}_expression + if [ -n "$_intf" ] ;then + _conf="$_conf -i $_intf" + eval pidfile="/var/run/snort_$_intf.pid" + fi + command_args="$_flags -c $_conf $_expr" + run_rc_command "$_1" + if [ $? -ne 0 ]; then rc=1; fi + unset _pidcmd _rc_restart_done + done + exit $rc +else + run_rc_command "$1" +fi >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110041933.p94JXd5l073580>