Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: freebsd users: need help testing a patch

From: Michael Scheidell <michael.scheidell () secnap com>
Date: Mon, 22 Aug 2011 15:07:51 -0400


On 8/22/11 2:46 PM, Michael Scheidell wrote:
I have a patch to /usr/local/etc/rc.d/snort that SHOULD allow for complex, multi interface configurations. 
(so, you can have a bge0, bge1, fxp0, fxp1, etc), mostly, unlimited.


fix if you use an arbitrary name other than in interface:--
diff -bBru /tmp/snort_old snort
--- /tmp/snort_old    2011-06-06 10:53:49.000000000 -0400
+++ snort    2011-08-22 14:53:08.000000000 -0400
@@ -22,6 +22,9 @@
 #                restart!
 #                Default: ""
 #
+# to enable multi interface, use:
+# snort_rules="eth0 eth1"
+# defaults will follow, snort.conf becomes 'snort_eth0.conf', etc

 . /etc/rc.subr

@@ -42,4 +45,22 @@
 [ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf"
 [ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"

-run_rc_command "$1"
+if [ -n "$snort_rules" ]; then
+  snort_conf=""
+  snort_flags=""
+  for i in ${snort_rules}; do
+    eval _conf=\$snort_${i}_conf
+    eval _flags=\$snort_${i}_flags
+    [ -z "$_flags" ] && _flags="-D -q"
+    eval _intf=\$snort_${i}_interface
+    eval _expr=\$snort_${i}_expression
+        if [ -n "$_intf" ] ;then
+            _conf="$_conf -i $_intf"
+       eval pidfile="/var/run/snort_$_intf.pid"
+        fi
+    command_args="$_flags -c $_conf $_expr"
+        run_rc_command "$1"
+   done
+else
+   run_rc_command "$1"
+fi

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation

   * Best Mobile Solutions Product of 2011
   * Best Intrusion Prevention Product
   * Hot Company Finalist 2011
   * Best Email Security Product
   * Certified SNORT Integrator


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ 
______________________________________________________________________  
------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: