API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 8th, 2017
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.91 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh -e
  2.  
  3. CONFIG=/etc/snort/snort.debian.conf
  4.  
  5. . /usr/share/debconf/confmodule
  6. test $DEBIAN_SCRIPT_DEBUG && set -v -x
  7.  
  8. # summary of how this script can be called:
  9. # * <postinst> `configure' <most-recently-configured-version>
  10. # * <old-postinst> `abort-upgrade' <new version>
  11. # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
  12. # <new-version>
  13. # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
  14. # <failed-install-package> <version> `removing'
  15. # <conflicting-package> <version>
  16. # for details, see /usr/doc/packaging-manual/
  17. #
  18. # quoting from the policy:
  19. # Any necessary prompting should almost always be confined to the
  20. # post-installation script, and should be protected with a conditional
  21. # so that unnecessary prompting doesn't happen if a package's
  22. # installation fails and the `postinst' is called with `abort-upgrade',
  23. # `abort-remove' or `abort-deconfigure'.
  24.  
  25. case "$1" in
  26. install)
  27. ;;
  28. upgrade)
  29. db_get snort-mysql/startup || true
  30. if [ "$RET" = "manual" ]; then
  31. #db_fset snort-mysql/please_restart_manually seen false
  32. db_beginblock
  33. db_input high snort-mysql/please_restart_manually || true
  34. db_endblock
  35. db_go
  36. db_stop
  37. fi
  38. ;;
  39. configure)
  40. # edit config file
  41. db_get snort-mysql/startup || true; STARTUP=$RET
  42. db_get snort-mysql/interface || true; INTERFACE="$RET"
  43. db_get snort-mysql/address_range || true; ADDRESS_RANGE="$RET"
  44. db_get snort-mysql/disable_promiscuous || true; DISABLE_PROMISCUOUS=$RET
  45. db_get snort-mysql/reverse_order || true; REVERSE_ORDER=$RET
  46. db_get snort-mysql/send_stats || true; STATS_SEND="$RET"
  47. db_get snort-mysql/stats_rcpt || true; STATS_RCPT="$RET"
  48. db_get snort-mysql/stats_treshold || true; STATS_THRESHOLD="$RET"
  49. db_get snort-mysql/options || true; OPTIONS="$RET"
  50.  
  51. test "$DISABLE_PROMISCUOUS" = "true" && OPTIONS="$OPTIONS -p"
  52. test "$REVERSE_ORDER" = "true" && OPTIONS="$OPTIONS -o"
  53. # Failsafe in case the values above are blank (jfs)
  54. [ -z "$STATS_RCPT" ] && STATS_RCPT=root
  55. [ -z "$STATS_THRESHOLD" ] && STATS_THRESHOLD=1
  56. #STATS_RCPT=`echo "$STATS_RCPT" | sed -e 's/@/\\\\@/g' -e 's/,/\\\\,/g'`
  57.  
  58. cat <<EOF >$CONFIG
  59. # This file is used for options that are changed by Debian to leave
  60. # the original lib files untouched.
  61. # You have to use "dpkg-reconfigure snort" to change them.
  62.  
  63. DEBIAN_SNORT_STARTUP="$STARTUP"
  64. DEBIAN_SNORT_HOME_NET="$ADDRESS_RANGE"
  65. DEBIAN_SNORT_OPTIONS="$OPTIONS"
  66. DEBIAN_SNORT_INTERFACE="$INTERFACE"
  67. DEBIAN_SNORT_SEND_STATS="$STATS_SEND"
  68. DEBIAN_SNORT_STATS_RCPT="$STATS_RCPT"
  69. DEBIAN_SNORT_STATS_THRESHOLD="$STATS_THRESHOLD"
  70. EOF
  71.  
  72. if [ -f /etc/snort/snort.conf ]; then
  73. # insert database config stuff in the configuration file,
  74. # or configure it for syslog-logging.
  75. db_get snort-mysql/configure_db
  76. if [ "$RET" = "true" ]; then
  77. db_get snort-mysql/db_host || true; DB_HOST=$RET
  78. db_get snort-mysql/db_database || true; DB_DATABASE=$RET
  79. db_get snort-mysql/db_user || true; DB_USER=$RET
  80. db_get snort-mysql/db_pass || true; DB_PASS=$RET
  81.  
  82. # Here we put the database stuff in the config file.
  83. TEMPFILE=`mktemp`
  84. cat /etc/snort/snort.conf | while read LINE
  85. do
  86. if [ "$LINE" = "# (#DBSTART#)" ]
  87. then
  88. echo "# (#DBSTART#)" >> $TEMPFILE
  89. echo -n "output database: log, mysql, " >> $TEMPFILE
  90. if [ $DB_USER ]
  91. then
  92. echo -n "user=$DB_USER " >> $TEMPFILE
  93. fi
  94. if [ $DB_PASS ]
  95. then
  96. echo -n "password=$DB_PASS " >> $TEMPFILE
  97. fi
  98. if [ $DB_DATABASE ]
  99. then
  100. echo -n "dbname=$DB_DATABASE " >> $TEMPFILE
  101. fi
  102. if [ $DB_HOST ]
  103. then
  104. echo -n "host=$DB_HOST " >> $TEMPFILE
  105. fi
  106. echo " " >> $TEMPFILE
  107. echo "# (#DBEND#)" >> $TEMPFILE
  108. break
  109. else
  110. echo $LINE >> $TEMPFILE
  111. fi
  112. done
  113.  
  114. WRITE=0
  115. cat /etc/snort/snort.conf | while read LINE
  116. do
  117. if [ $WRITE -eq 1 ]
  118. then
  119. echo $LINE >> $TEMPFILE
  120. fi
  121.  
  122. if [ "$LINE" = "# (#DBEND#)" ]
  123. then
  124. WRITE=1
  125. fi
  126. done
  127. mv -f $TEMPFILE /etc/snort/snort.conf
  128. fi
  129.  
  130. # Ensure the config file is readable by root.root and mode 600
  131. if ! dpkg-statoverride --list /etc/snort/snort.conf >/dev/null
  132. then
  133. chown root:snort /etc/snort/snort.conf
  134. chmod 640 /etc/snort/snort.conf
  135. fi
  136. fi
  137.  
  138. db_stop
  139.  
  140. # Check for left-over files from woody packages.
  141. OLDCONF=/etc/snort/snort.rules.conf
  142. if [ -f $OLDCONF ]; then
  143. mv $OLDCONF $OLDCONF.OBSOLETE
  144. fi
  145.  
  146. # Update the rc.d's
  147. update-rc.d snort defaults >/dev/null
  148.  
  149. # in the case we reconfigure we have to restart and not just to start.
  150. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
  151. invoke-rc.d snort stop || exit $?
  152. else
  153. /etc/init.d/snort stop || exit $?
  154. fi
  155. ;;
  156. abort-upgrade)
  157. ;;
  158. *)
  159. echo "postinst called with unknown argument \`$1'" >&2
  160. exit 0
  161. ;;
  162. esac
  163.  
  164. if [ "$STARTUP" = "dialup" ]; then
  165.  
  166. # Try to guess environments for all pppds we have no .env for...
  167. for PPPD_PID in $(pidof pppd ipppd); do
  168. # If we got an empty PID (however), we break here
  169. test "$PPPD_PID" || continue
  170.  
  171. #
  172. # This is a lot of shell voodoo, let's try to figure it out:
  173. # 1. egrep:
  174. # It greps for our current pppd PID in all pppd and ipppd
  175. # pidfiles.
  176. # It *should* return exactly one file name: the one with
  177. # our current pppd PID in it; however, to be safe, we fence
  178. # it with a head -1.
  179. # 2. basename $(egrep ...) .pid:
  180. # It takes the file name from the egrep and strips off its
  181. # path and the .pid suffix
  182. # 3. sed:
  183. # Unfortunately the filenames of pppd and ipppd differ:
  184. # pppd uses $INTERFACE.pid, while ipppd uses
  185. # ipppd.$INTERFACE.pid.
  186. # The .pid is already stripped off by basename, thus, we
  187. # just strip off any "ipppd." prefix and end up in the
  188. # plain interface name.
  189. # Maybe pppd decides to change it's pidfile naming
  190. # convention according to ipppd somewhere in the future,
  191. # thus, we use '^i\?pppd\.' (sed eregex) and thus strip
  192. # off all "ipppd." and all "pppd." prefixes. This doesn't
  193. # harm anyways.
  194. # Because of the pppd pidfile naming convention, our
  195. # approach works always with ipppd and mostly with pppd:
  196. # the latter only, if the user did not decide to rename
  197. # his ppp interface to something else than ppp*
  198. # (not possible currently, afaics).
  199. #
  200. PPP_IFACE=$(basename $(egrep -l "^[[:space:]]*$PPPD_PID[[:space:]]*\$" /var/run/ppp*.pid /var/run/ipppd.*.pid 2> /dev/null | head -1) .pid | sed -e 's/^i\?pppd\.//')
  201.  
  202. #
  203. # If we got no interface from pidfiles (because there are no
  204. # pidfiles, for example), we assume the most common case:
  205. # one pppd with default route set.
  206. # This is ugly, but there is no other chance. Let's hope,
  207. # nobody ever manages multiple pppds without pidfiles for
  208. # them.
  209. #
  210. test "$PPP_IFACE" || PPP_IFACE=$(route -n | awk '/^0\.0\.0\.0 / { print $8 }')
  211.  
  212. # If we couldn't discover an interface name, we break here
  213. test "$PPP_IFACE" || continue
  214.  
  215. PPP_LOCAL=$(ifconfig $PPP_IFACE | awk '/inet addr:/ { gsub("addr:", ""); print $2 }')
  216.  
  217. # If we couldn't discover a local IP, we break here
  218. test "$PPP_LOCAL" || continue
  219.  
  220. ENVFILE=/var/run/snort_$PPP_IFACE.env
  221.  
  222. # If we already have an .env for that interface, we break here
  223. test -e "$ENVFILE" && continue
  224.  
  225. # Write .env for that interface
  226. echo "Creating missing $ENVFILE"
  227. echo "PPPD_PID=$PPPD_PID" > "$ENVFILE"
  228. echo "PPP_IFACE=$PPP_IFACE" >> "$ENVFILE"
  229. echo "PPP_LOCAL=$PPP_LOCAL" >> "$ENVFILE"
  230.  
  231. # If such a snort is still running, just kill it
  232. ps -ef | grep /usr/sbin/snort | grep "$PPP_LOCAL" |
  233. grep "$PPP_IFACE" | awk '{ print $2 }' |
  234. xargs --no-run-if-empty kill -s KILL >/dev/null
  235. done
  236. fi
  237.  
  238. if [ -e /etc/snort/db-pending-config ] ; then
  239. STARTUP="false"
  240. fi
  241.  
  242.  
  243. if [ "$STARTUP" = "boot" ] || [ "$STARTUP" = "dialup" ]; then
  244. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
  245. invoke-rc.d snort start || exit $?
  246. else
  247. /etc/init.d/snort start || exit $?
  248. fi
  249. fi
  250.  
  251. # dh_installdeb will replace this with shell code automatically
  252. # generated by other debhelper scripts.
  253.  
  254. #DEBHELPER#
  255.  
  256. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!