From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] snort: Also monitor assigned alias addresses on red. Date: Fri, 16 Oct 2015 16:48:52 +0100 Message-ID: <1445010532.18375.76.camel@ipfire.org> In-Reply-To: <5620CCF5.7060101@teissler.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6242896111703907342==" List-Id: --===============6242896111703907342== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Fri, 2015-10-16 at 12:09 +0200, Timo Eissler wrote: > Reviewed-by: Timo Eissler I don't think that this patch is okay. > Am 16.10.2015 um 11:41 schrieb Stefan Schantl: > > These changes will allow snort to also inspect the traffic for > > one or more configured alias addresses, which has not been done in > > the past. What consequences did that have? What does this patch change? Is anything of that user-visible or breaking backward-compatibility? > > > > To do this we will now check if, the RED interface has been set to > > STATIC (which > > is required to use the aliases function) and any aliases have been > > configured. In > > case of this, the modified code will add all enabled alias > > addresses to the HOMENET > > variable in which snort is storing all the monitored addresses. > > > > Fixes #10619. > > > > Signed-off-by: Stefan Schantl > > --- > > src/initscripts/init.d/snort | 15 +++++++++++++++ > > 1 file changed, 15 insertions(+) There are some formatting inconsistencies in this patch. > > > > diff --git a/src/initscripts/init.d/snort > > b/src/initscripts/init.d/snort > > index e03c80f..47e7998 100644 > > --- a/src/initscripts/init.d/snort > > +++ b/src/initscripts/init.d/snort > > @@ -20,6 +20,8 @@ > > PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; > > export PATH > > eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) > > eval $(/usr/local/bin/readhash /var/ipfire/snort/settings) > > > > +ALIASFILE="/var/ipfire/ethernet/aliases" > > + > > case "$1" in > > start) > > if [ "$BLUE_NETADDRESS" ]; then > > @@ -59,6 +61,19 @@ case "$1" in > > if [ "$LOCAL_IP" ]; then > > HOMENET+="$LOCAL_IP," > > fi > > + > > + # Check if the red device is set to static > > and > > + # any aliases have been configured. > > + if [ "$RED_TYPE" == "STATIC" ] && [ -s > > "${ALIASFILE}" ]; then RED_TYPE does not have curly braces, ALIASFILE has these. Pick one based on the rest of the script and be consistent, please. > > + # Read in aliases file. > > + while IFS="," read -r address mode > > remark; do > > + # Check if the alias is > > enabled. > > + [ "${mode}" = "on" ] || > > continue > > + > > + # Add alias to the list of > > HOMENET addresses. > > + HOMENET+="${address}," > > + done < "${ALIASFILE}" > > + fi > > fi > > HOMENET+="127.0.0.1" > > echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars -Michael --===============6242896111703907342== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldJUnhrQUFvSkVJQjU4UDl2a0FrSEtRa1FBSW5rZ2hkZWVDTkovYnhqRnF6QlVNeVMK RjIzdlQ4T0JmZHhucGJrQS9XTkttc2xIQ2V3L2UxRFpBeDhncEk5M1oxdWRyTGU2anNjNS9NS0hq QjI2SENFNgpVSG5kWEw4Ykdyam1aTXZwd3h6NFFKRkxVR3ZqYTBiZlpUcU15T1o2TGVZQVFLYzN1 ZUV5cmFWOHM4STdRcWdLCjd2MEdhWUZlbUhWa2xSaEROb3pMN29rM0ZXWTBRS3R2cnB3TjhkQ3V6 MXBYbUlJZjVMMlEralRHSWJ2Nkx2Y2gKcTFoK2lVMDQyTzAyK3cvS2tZckhIQUhUN2JUd3BvYVFB LzVGRnJxMmJBZC9SVWhNQXlObzlRb1hQMGZEMGR4TQp4UlJsYjIyZHZnandCN2hqQ2w4dTJSb2pu Sm9IN1lnOFNoY1NRZHNCQWIzOWgvVDhERUZHVitkWllkOTFuZzV0Cnd5aG9iQW4vMGFwQ0N1bmlG YXhnQm9salZhRU5wMGVmbVdoMVZPOGpRUWJlTUhkbDRNZVJwSlVqa2FiMDNhb2cKMXEzVVdMbFR5 VS9iQjZuOW9MVHpjZUJ5Y0gyWWFWVVdNcTR4VnNrakVXMVljNWJIUktEN252UTR4TjRmdFVwQwp0 L1Yya25oWXdIUFRoTGFpUUZOLzd2bmxEcFYzRFpuMlo5Q1VKWUx1bysvWFppUTlORFdnU0tlWjQz a2d2dGxuCjZkS1g0bEluQkswMU0ySHdOcGdEVFhCelI5WWhCblhxT0xBaWJiVHdOQVhUd3I4amth eXpjMC9LcnpZNnVjZGUKWW5CVks5RzROR3pUcVZhT2VLcnYvYi9JSjNHMmh1ZTVUQ2YweHJvSkZM ZEowRlZzWXZjU3ZqcVdUV0JBYjZEYwpnZjlDOXcrRnNHUjVGcm9PdkRIQQo9Y0NMcgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============6242896111703907342==--