API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 8th, 2017
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.91 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh -e
  2.  
  3. CONFIG=/etc/snort/snort.debian.conf
  4.  
  5. . /usr/share/debconf/confmodule
  6. test $DEBIAN_SCRIPT_DEBUG && set -v -x
  7.  
  8. # summary of how this script can be called:
  9. # * <postinst> `configure' <most-recently-configured-version>
  10. # * <old-postinst> `abort-upgrade' <new version>
  11. # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
  12. # <new-version>
  13. # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
  14. # <failed-install-package> <version> `removing'
  15. # <conflicting-package> <version>
  16. # for details, see /usr/doc/packaging-manual/
  17. #
  18. # quoting from the policy:
  19. # Any necessary prompting should almost always be confined to the
  20. # post-installation script, and should be protected with a conditional
  21. # so that unnecessary prompting doesn't happen if a package's
  22. # installation fails and the `postinst' is called with `abort-upgrade',
  23. # `abort-remove' or `abort-deconfigure'.
  24.  
  25. case "$1" in
  26. install)
  27. ;;
  28. upgrade)
  29. db_get snort-mysql/startup || true
  30. if [ "$RET" = "manual" ]; then
  31. #db_fset snort-mysql/please_restart_manually seen false
  32. db_beginblock
  33. db_input high snort-mysql/please_restart_manually || true
  34. db_endblock
  35. db_go
  36. db_stop
  37. fi
  38. ;;
  39. configure)
  40. # edit config file
  41. db_get snort-mysql/startup || true; STARTUP=$RET
  42. db_get snort-mysql/interface || true; INTERFACE="$RET"
  43. db_get snort-mysql/address_range || true; ADDRESS_RANGE="$RET"
  44. db_get snort-mysql/disable_promiscuous || true; DISABLE_PROMISCUOUS=$RET
  45. db_get snort-mysql/reverse_order || true; REVERSE_ORDER=$RET
  46. db_get snort-mysql/send_stats || true; STATS_SEND="$RET"
  47. db_get snort-mysql/stats_rcpt || true; STATS_RCPT="$RET"
  48. db_get snort-mysql/stats_treshold || true; STATS_THRESHOLD="$RET"
  49. db_get snort-mysql/options || true; OPTIONS="$RET"
  50.  
  51. test "$DISABLE_PROMISCUOUS" = "true" && OPTIONS="$OPTIONS -p"
  52. test "$REVERSE_ORDER" = "true" && OPTIONS="$OPTIONS -o"
  53. # Failsafe in case the values above are blank (jfs)
  54. [ -z "$STATS_RCPT" ] && STATS_RCPT=root
  55. [ -z "$STATS_THRESHOLD" ] && STATS_THRESHOLD=1
  56. #STATS_RCPT=`echo "$STATS_RCPT" | sed -e 's/@/\\\\@/g' -e 's/,/\\\\,/g'`
  57.  
  58. cat <<EOF >$CONFIG
  59. # This file is used for options that are changed by Debian to leave
  60. # the original lib files untouched.
  61. # You have to use "dpkg-reconfigure snort" to change them.
  62.  
  63. DEBIAN_SNORT_STARTUP="$STARTUP"
  64. DEBIAN_SNORT_HOME_NET="$ADDRESS_RANGE"
  65. DEBIAN_SNORT_OPTIONS="$OPTIONS"
  66. DEBIAN_SNORT_INTERFACE="$INTERFACE"
  67. DEBIAN_SNORT_SEND_STATS="$STATS_SEND"
  68. DEBIAN_SNORT_STATS_RCPT="$STATS_RCPT"
  69. DEBIAN_SNORT_STATS_THRESHOLD="$STATS_THRESHOLD"
  70. EOF
  71.  
  72. if [ -e /etc/snort/db-pending-config ] ; then
  73. STARTUP="manual"
  74. fi
  75.  
  76. if [ -f /etc/snort/snort.conf ]; then
  77. # insert database config stuff in the configuration file,
  78. # or configure it for syslog-logging.
  79. db_get snort-mysql/configure_db
  80. if [ "$RET" = "true" ]; then
  81. db_get snort-mysql/db_host || true; DB_HOST=$RET
  82. db_get snort-mysql/db_database || true; DB_DATABASE=$RET
  83. db_get snort-mysql/db_user || true; DB_USER=$RET
  84. db_get snort-mysql/db_pass || true; DB_PASS=$RET
  85.  
  86. # Here we put the database stuff in the config file.
  87. TEMPFILE=`mktemp`
  88. cat /etc/snort/snort.conf | while read LINE
  89. do
  90. if [ "$LINE" = "# (#DBSTART#)" ]
  91. then
  92. echo "# (#DBSTART#)" >> $TEMPFILE
  93. echo -n "output database: log, mysql, " >> $TEMPFILE
  94. if [ $DB_USER ]
  95. then
  96. echo -n "user=$DB_USER " >> $TEMPFILE
  97. fi
  98. if [ $DB_PASS ]
  99. then
  100. echo -n "password=$DB_PASS " >> $TEMPFILE
  101. fi
  102. if [ $DB_DATABASE ]
  103. then
  104. echo -n "dbname=$DB_DATABASE " >> $TEMPFILE
  105. fi
  106. if [ $DB_HOST ]
  107. then
  108. echo -n "host=$DB_HOST " >> $TEMPFILE
  109. fi
  110. echo " " >> $TEMPFILE
  111. echo "# (#DBEND#)" >> $TEMPFILE
  112. break
  113. else
  114. echo $LINE >> $TEMPFILE
  115. fi
  116. done
  117.  
  118. WRITE=0
  119. cat /etc/snort/snort.conf | while read LINE
  120. do
  121. if [ $WRITE -eq 1 ]
  122. then
  123. echo $LINE >> $TEMPFILE
  124. fi
  125.  
  126. if [ "$LINE" = "# (#DBEND#)" ]
  127. then
  128. WRITE=1
  129. fi
  130. done
  131. mv -f $TEMPFILE /etc/snort/snort.conf
  132. fi
  133.  
  134. # Ensure the config file is readable by root.root and mode 600
  135. if ! dpkg-statoverride --list /etc/snort/snort.conf >/dev/null
  136. then
  137. chown root:snort /etc/snort/snort.conf
  138. chmod 640 /etc/snort/snort.conf
  139. fi
  140. fi
  141.  
  142. db_stop
  143.  
  144. # Check for left-over files from woody packages.
  145. OLDCONF=/etc/snort/snort.rules.conf
  146. if [ -f $OLDCONF ]; then
  147. mv $OLDCONF $OLDCONF.OBSOLETE
  148. fi
  149.  
  150. # Update the rc.d's
  151. update-rc.d snort defaults >/dev/null
  152.  
  153. # in the case we reconfigure we have to restart and not just to start.
  154. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
  155. invoke-rc.d snort stop || exit $?
  156. else
  157. /etc/init.d/snort stop || exit $?
  158. fi
  159. ;;
  160. abort-upgrade)
  161. ;;
  162. *)
  163. echo "postinst called with unknown argument \`$1'" >&2
  164. exit 0
  165. ;;
  166. esac
  167.  
  168. if [ "$STARTUP" = "dialup" ]; then
  169.  
  170. # Try to guess environments for all pppds we have no .env for...
  171. for PPPD_PID in $(pidof pppd ipppd); do
  172. # If we got an empty PID (however), we break here
  173. test "$PPPD_PID" || continue
  174.  
  175. #
  176. # This is a lot of shell voodoo, let's try to figure it out:
  177. # 1. egrep:
  178. # It greps for our current pppd PID in all pppd and ipppd
  179. # pidfiles.
  180. # It *should* return exactly one file name: the one with
  181. # our current pppd PID in it; however, to be safe, we fence
  182. # it with a head -1.
  183. # 2. basename $(egrep ...) .pid:
  184. # It takes the file name from the egrep and strips off its
  185. # path and the .pid suffix
  186. # 3. sed:
  187. # Unfortunately the filenames of pppd and ipppd differ:
  188. # pppd uses $INTERFACE.pid, while ipppd uses
  189. # ipppd.$INTERFACE.pid.
  190. # The .pid is already stripped off by basename, thus, we
  191. # just strip off any "ipppd." prefix and end up in the
  192. # plain interface name.
  193. # Maybe pppd decides to change it's pidfile naming
  194. # convention according to ipppd somewhere in the future,
  195. # thus, we use '^i\?pppd\.' (sed eregex) and thus strip
  196. # off all "ipppd." and all "pppd." prefixes. This doesn't
  197. # harm anyways.
  198. # Because of the pppd pidfile naming convention, our
  199. # approach works always with ipppd and mostly with pppd:
  200. # the latter only, if the user did not decide to rename
  201. # his ppp interface to something else than ppp*
  202. # (not possible currently, afaics).
  203. #
  204. PPP_IFACE=$(basename $(egrep -l "^[[:space:]]*$PPPD_PID[[:space:]]*\$" /var/run/ppp*.pid /var/run/ipppd.*.pid 2> /dev/null | head -1) .pid | sed -e 's/^i\?pppd\.//')
  205.  
  206. #
  207. # If we got no interface from pidfiles (because there are no
  208. # pidfiles, for example), we assume the most common case:
  209. # one pppd with default route set.
  210. # This is ugly, but there is no other chance. Let's hope,
  211. # nobody ever manages multiple pppds without pidfiles for
  212. # them.
  213. #
  214. test "$PPP_IFACE" || PPP_IFACE=$(route -n | awk '/^0\.0\.0\.0 / { print $8 }')
  215.  
  216. # If we couldn't discover an interface name, we break here
  217. test "$PPP_IFACE" || continue
  218.  
  219. PPP_LOCAL=$(ifconfig $PPP_IFACE | awk '/inet addr:/ { gsub("addr:", ""); print $2 }')
  220.  
  221. # If we couldn't discover a local IP, we break here
  222. test "$PPP_LOCAL" || continue
  223.  
  224. ENVFILE=/var/run/snort_$PPP_IFACE.env
  225.  
  226. # If we already have an .env for that interface, we break here
  227. test -e "$ENVFILE" && continue
  228.  
  229. # Write .env for that interface
  230. echo "Creating missing $ENVFILE"
  231. echo "PPPD_PID=$PPPD_PID" > "$ENVFILE"
  232. echo "PPP_IFACE=$PPP_IFACE" >> "$ENVFILE"
  233. echo "PPP_LOCAL=$PPP_LOCAL" >> "$ENVFILE"
  234.  
  235. # If such a snort is still running, just kill it
  236. ps -ef | grep /usr/sbin/snort | grep "$PPP_LOCAL" |
  237. grep "$PPP_IFACE" | awk '{ print $2 }' |
  238. xargs --no-run-if-empty kill -s KILL >/dev/null
  239. done
  240. fi
  241.  
  242. if [ "$STARTUP" = "boot" ] || [ "$STARTUP" = "dialup" ]; then
  243. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
  244. invoke-rc.d snort start || exit $?
  245. else
  246. /etc/init.d/snort start || exit $?
  247. fi
  248. fi
  249.  
  250. # dh_installdeb will replace this with shell code automatically
  251. # generated by other debhelper scripts.
  252.  
  253. #DEBHELPER#
  254.  
  255. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!