Date: Tue, 4 Oct 2011 19:33:39 GMT From: Michael Scheidell <scheidell@secnap.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/161286: security/snort update: multi-interface patch for snort.sh.in Message-ID: <201110041933.p94JXd5l073580@red.freebsd.org> Resent-Message-ID: <201110041940.p94Je9Wk027956@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 161286
>Category: ports
>Synopsis: security/snort update: multi-interface patch for snort.sh.in
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 04 19:40:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: lots of them
>Organization:
SECNAP Network Security Corp
>Environment:
>Description:
based on swatch_1.conf multi-conf files, and barnard2_1.conf files. this will allow multiple interfaces to be used with one copy of snort multiple interfaces, multiple conf files, one rc.d file.
(I use it like:
snort_rules="bge0 bge1"
barnyard2_rules="$snort_rules"
note: if you have multiple snort on one interface, you need to use additional rc.conf options to separate out pid's
>How-To-Repeat:
use multiple interfaces, and/ or snort instances.
>Fix:
this patch:
(can be applied to snort 2.8.x also)
note: I don't think you need to do a ports bump.
if you need this, you add it. if not, no reason to rebuild ports.
note2: upward compatible to only one conf file
note3: you can do one conf/inf at a time with:
service snort restart bge0
Patch attached with submission follows:
--- snort.sh.in 2011-02-09 01:50:03.000000000 -0500
+++ /tmp/snort 2011-10-04 15:31:53.000000000 -0400
@@ -22,6 +22,9 @@
# restart!
# Default: ""
#
+# to enable multi interface, use:
+# snort_rules="eth0 eth1"
+# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc
. /etc/rc.subr
@@ -42,4 +45,28 @@
[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf"
[ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"
-run_rc_command "$1"
+if [ -n "$snort_rules" ]; then
+ _1=$1
+ if [ $# -gt 1 ]; then shift; snort_rules=$*; fi
+ snort_conf=""
+ snort_flags=""
+ rc=0
+ for i in ${snort_rules}; do
+ eval _conf=\$snort_${i}_conf
+ eval _flags=\$snort_${i}_flags
+ [ -z "$_flags" ] && _flags="-D -q"
+ eval _intf=\$snort_${i}_interface
+ eval _expr=\$snort_${i}_expression
+ if [ -n "$_intf" ] ;then
+ _conf="$_conf -i $_intf"
+ eval pidfile="/var/run/snort_$_intf.pid"
+ fi
+ command_args="$_flags -c $_conf $_expr"
+ run_rc_command "$_1"
+ if [ $? -ne 0 ]; then rc=1; fi
+ unset _pidcmd _rc_restart_done
+ done
+ exit $rc
+else
+ run_rc_command "$1"
+fi
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110041933.p94JXd5l073580>