From mboxrd@z Thu Jan  1 00:00:00 1970
From: Timo Eissler <timo@teissler.de>
To: development@lists.ipfire.org
Subject: Re: [PATCH] snort: Also monitor assigned alias addresses on red.
Date: Fri, 16 Oct 2015 12:09:57 +0200
Message-ID: <5620CCF5.7060101@teissler.de>
In-Reply-To: <1444988483-22615-1-git-send-email-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8700805106365293160=="
List-Id: <development.lists.ipfire.org>

--===============8700805106365293160==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Timo Eissler <timo.eissler(a)ipfire.org>

Am 16.10.2015 um 11:41 schrieb Stefan Schantl:
> These changes will allow snort to also inspect the traffic for
> one or more configured alias addresses, which has not been done in the past.
>
> To do this we will now check if, the RED interface has been set to STATIC (=
which
> is required to use the aliases function) and any aliases have been configur=
ed. In
> case of this, the modified code will add all enabled alias addresses to the=
 HOMENET
> variable in which snort is storing all the monitored addresses.
>
> Fixes #10619.
>
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  src/initscripts/init.d/snort | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
>
> diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
> index e03c80f..47e7998 100644
> --- a/src/initscripts/init.d/snort
> +++ b/src/initscripts/init.d/snort
> @@ -20,6 +20,8 @@ PATH=3D/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin=
:/usr/sbin; export PATH
>  eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
>  eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
> =20
> +ALIASFILE=3D"/var/ipfire/ethernet/aliases"
> +
>  case "$1" in
>          start)
>  		if [ "$BLUE_NETADDRESS" ]; then
> @@ -59,6 +61,19 @@ case "$1" in
>  			if [ "$LOCAL_IP" ]; then
>  				HOMENET+=3D"$LOCAL_IP,"
>  			fi
> +
> +			# Check if the red device is set to static and
> +			# any aliases have been configured.
> +			if [ "$RED_TYPE" =3D=3D "STATIC" ] && [ -s "${ALIASFILE}" ]; then
> +				# Read in aliases file.
> +				while IFS=3D"," read -r address mode remark; do
> +					# Check if the alias is enabled.
> +					[ "${mode}" =3D "on" ] || continue
> +
> +					# Add alias to the list of HOMENET addresses.
> +					HOMENET+=3D"${address},"
> +				done < "${ALIASFILE}"
> +			fi
>  		fi
>  		HOMENET+=3D"127.0.0.1"
>  		echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars

--=20
Timo Eissler
Senior Project Engineer / Consultant

Am Zuckerberg 54
D-71640 Ludwigsburg

Tel.: +49 7141 4094003
Mobil.: +49 151 20650311
Email: timo(a)teissler.de



--===============8700805106365293160==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC
Q0FBR0JRSldJTXoxQUFvSkVFbVJDWjYzY3RFdFRjZ1FBSnMyUmpuUlhDODg3TDYrWHluMTFKcU0K
ek9NbXVDcFBNN2sxRXBvYzJDNWVzMUhram9CMS9xMTBMMndIamE5d0oxUHg2TVg4eUdyV3Ezajc1
SVRnNEF4dApuMzR1WFgxd0RBUGJtaFVvTGwwYzdLNFlrSjdxajVUVkNxcjJFZGR1K3dnY0dpOTlT
b015VEVJZ1o1UWRQNDFxCk9uYmwvb3JWd2JFdGYzUEpVM0l4MkEzSVpEVndwU0NHTFk1Sit6RjJw
SVlXM1FtS0wyN2o2MCtLamlGOHphelgKMkhSYVFtTGlsKzBBQXNBbWZYWWVxRnpvUkk3eHg1VTM4
YXhVSDdIRGRNd3pNUHhtNDJ0ZE84SlZURWZBRlhZMQo5NU10Y1Qzb0dsR0lTUUZSKy9vd08xblFB
dVRFbzV2T2dtNDJJb3dBbzFvQTFMbTl2OThSWWd4RDFKVUlHbFVhCmpBWEJ6YzM4V1NpNUNuaTI4
UmtwOUJkU290eGg1aURnaDQrcGkxV24rTEJLZlhzMno4KzJEU3Vwd0NXTFdqN1cKRTFjdG93NHJu
ODd3dTVGTVVheWhBWjlrYmY3QzZQUTlFcFcrNVJLcUs3a3IzZWVCeXlIMjU3RzM2ckRMWC90Rgpz
dG9FakxkbnowTmpNWGtRRVV0cm1mYkQ3WHRpek52MGJLd0pia0t6TFBOQ2lEZ0oya3dlWEQ3djY2
dlg3TkdXCmJodlRURzZwaEc2WElkMENtSTFHckdaRHJ3SWpwbm5WeTA4clU0OHVTQVhVMVhrMW5C
ZFF1ZU5odzA4ZEduYloKYmQwdXA4aU1nbzZUSG9WVG5jT2JzaC9qVVNQYm1YeGpyR3hNamk5U3Mz
dWQ1ckVENHVIR0tQQlBORmVCSHhIbwpMc0FwYmVVUUlIbWlwYUVMdEx4Mwo9aG9McgotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============8700805106365293160==--