Snort mailing list archives
freebsd users: need help testing a patch
From: Michael Scheidell <michael.scheidell () secnap com>
Date: Mon, 22 Aug 2011 14:46:16 -0400
I have a patch to /usr/local/etc/rc.d/snort that SHOULD allow for complex, multi interface configurations.
(so, you can have a bge0, bge1, fxp0, fxp1, etc), mostly, unlimited. this patch used the pattern from swatch.basically, you put a 'snort_rules="1 2"' (or "lan wan") in your rc.conf file and replicate the snort_conf="....." lines as
snort_1_conf (or snort_lan_conf)' rulesshould be upward compatible (ie: if you don't put in snort_rules, nothing happens)
patch ../rc.d/snort with this: (note, 'expression, interface/conf' stuff might not be needed, depending on what you have in your snort_*.conf file.
diff -bBru /tmp/snort_old snort --- /tmp/snort_old 2011-06-06 10:53:49.000000000 -0400 +++ snort 2011-08-22 14:39:13.000000000 -0400 @@ -22,6 +22,9 @@ # restart! # Default: "" # +# to enable multi interface, use: +# snort_rules="eth0 eth1" +# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc . /etc/rc.subr @@ -42,4 +45,20 @@ [ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf" [ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression" -run_rc_command "$1" +if [ -n "$snort_rules" ]; then + snort_conf="" + snort_flags="" + for i in ${snort_rules}; do + eval _conf=\$snort_${i}_conf + eval _flags=\$snort_${i}_flags + [ -z "$_flags" ] && _flags="-D -q" + eval pidfile="/var/run/snort_${i}.pid" + eval _intf=\$snort_${i}_interface + eval _expr=\$snort_${i}_expression + [ -n "$_intf" ] && _conf="$_conf -i $_intf" + command_args="$_flags -c $_conf $_expr" + run_rc_command "$1" + done +else + run_rc_command "$1" +fi -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator ______________________________________________________________________This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- freebsd users: need help testing a patch Michael Scheidell (Aug 22)
- Re: freebsd users: need help testing a patch Michael Scheidell (Aug 22)