#!/bin/sh -e

. /usr/share/debconf/confmodule
test $DEBIAN_SCRIPT_DEBUG && set -v -x

# This is a list of deprecated preprocessors used to detect
# bad configuration that will prevent Snort from running
# based on http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/Attic/
OLD_PREPROCESSORS="anomsensor asn1 conversation defrag defrag2 fnord frag2 http_decode httpflow minfrag portscan portscan2 tcp_stream tcp_stream2 tcp_stream3 telnet_negotiation unidecode xlink2state"
# List of valid preprocessors (taken from src/preprocessor)
# or generated using:
# grep RegisterPreprocessor src/preprocessors/* |perl -ne 'print $1."\n" if /\("(.*?)",/' |sort -u
# [Currently not used since the user might have custom preprocessors]
VALID_PREPROCESSORS="arpspoof arpspoof_detect_host backorifice bo frag3 frag3_engine frag3_global frag3insert frag3rebuild http_encode httpinspect normalize_icmp4 normalize_icmp6 normalize_ip4 normalize_ip6 normalize_tcp perfmon PerfMonitor rpcdecode rpc_decode s5 s5icmp s5ip s5tcp s5udp sfportscan stream5_global stream5_icmp stream5_ip stream5_tcp stream5_udp"

CONFIG_FILE=/etc/snort/snort.conf
deprecated=0

if test -f $CONFIG_FILE
then
	for prep in $OLD_PREPROCESSORS
	do
		found_deprecated=`egrep -i "^preprocessor $prep:+" $CONFIG_FILE | sed -e 's/:.*//'`
		if [ -n "$found_deprecated" ] ; then
			deprecated=1
			deprecated_list="$found_deprecated $deprecated_list"
		fi
	done
fi

# We should warn the user if we found some deprecated preprocessor
#
# NOTE: This is done on config to urge the user to
# overwrites the configuration later on if he is given the chance.
if [ "$deprecated" -eq 1 ] ; then
	deprecated_list=`echo $deprecated_list |sed -e 's/ $//'`
#	echo "Your $CONFIG_FILE is using out of date preprocessors ($deprecated_list) you should upgrade!"
	db_subst snort/deprecated_config DEP_CONFIG "$deprecated_list" || true
	db_input high snort/deprecated_config || true
	db_go || true
fi

# Warn the user if we found a deprecated file with information
deprecated_file_list=""
if [ -s /etc/snort/database.conf ]; then
    deprecated_file_list="/etc/snort/database.conf"
fi
        
if [ -n "$deprecated_file_list" ]; then
	db_subst snort/deprecated_file DEP_FILE "$deprecated_file_list" || true
	db_input high snort/deprecated_file || true
	db_go || true
fi

db_stop

 

exit 0