From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] snort: Also monitor assigned alias addresses on red.
Date: Fri, 16 Oct 2015 11:41:23 +0200 [thread overview]
Message-ID: <1444988483-22615-1-git-send-email-stefan.schantl@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1797 bytes --]
These changes will allow snort to also inspect the traffic for
one or more configured alias addresses, which has not been done in the past.
To do this we will now check if, the RED interface has been set to STATIC (which
is required to use the aliases function) and any aliases have been configured. In
case of this, the modified code will add all enabled alias addresses to the HOMENET
variable in which snort is storing all the monitored addresses.
Fixes #10619.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
src/initscripts/init.d/snort | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
index e03c80f..47e7998 100644
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -20,6 +20,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
+ALIASFILE="/var/ipfire/ethernet/aliases"
+
case "$1" in
start)
if [ "$BLUE_NETADDRESS" ]; then
@@ -59,6 +61,19 @@ case "$1" in
if [ "$LOCAL_IP" ]; then
HOMENET+="$LOCAL_IP,"
fi
+
+ # Check if the red device is set to static and
+ # any aliases have been configured.
+ if [ "$RED_TYPE" == "STATIC" ] && [ -s "${ALIASFILE}" ]; then
+ # Read in aliases file.
+ while IFS="," read -r address mode remark; do
+ # Check if the alias is enabled.
+ [ "${mode}" = "on" ] || continue
+
+ # Add alias to the list of HOMENET addresses.
+ HOMENET+="${address},"
+ done < "${ALIASFILE}"
+ fi
fi
HOMENET+="127.0.0.1"
echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars
--
2.4.3
next reply other threads:[~2015-10-16 9:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-16 9:41 Stefan Schantl [this message]
2015-10-16 10:09 ` Timo Eissler
2015-10-16 15:48 ` Michael Tremer
2015-10-16 16:37 ` Stefan Schantl
2015-10-16 16:39 ` Michael Tremer
2015-10-16 16:49 ` Stefan Schantl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1444988483-22615-1-git-send-email-stefan.schantl@ipfire.org \
--to=stefan.schantl@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox