#!/bin/sh -e . /usr/share/debconf/confmodule test $DEBIAN_SCRIPT_DEBUG && set -v -x # List all the interfaces which are UP in the system list_interfaces() { interface_list="" if [ -x "$(command -v ip)" ] ; then interface_list=`LC_ALL=C ip link show | grep -E '^[0-9]*: ' | grep -v LOOPBACK | grep UP | awk -F: '{print $2}' | sed "s/ //g"` else if [ -n "$(command -v ifconfig)" ] ; then interface_list=`LC_ALL=C ifconfig -a | grep -E '^[a-z0-9]*:' | grep -v LOOPBACK | grep UP | awk -F: '{print $1}' ` fi fi # Return with error if the interface list is empty if [ -z "$interface_list" ] ; then return 1 fi # convert into space separated interface_list=`echo $interface_list | sed 's/^\|$//g'` echo $interface_list return 0 } # Count how many interfaces are in the interface_list count_interfaces() { interface_list=$1 count=`echo $interface_list | sed -e 's/ /\n/g' | wc -l` echo $count return 0 } check_interfaces() { # Check the interface status, abort with error if one is configured but it # is not available interface_list=$1 [ -z "$interface_list" ] && return 0 for iface in $interface_list; do if [ -z "`LC_ALL=C ip link show $iface | grep UP`" ]; then return 1 fi done return 0 } if [ -r /etc/snort/snort.debian.conf ] ; then . /etc/snort/snort.debian.conf # Set the variables in debconf using the configuration values # (if defined) [ -n "$DEBIAN_SNORT_STARTUP" ] && { db_set snort/startup "$DEBIAN_SNORT_STARTUP"; db_fset snort/startup seen true ; } [ -n "$DEBIAN_SNORT_HOME_NET" ] && { db_set snort/address_range "$DEBIAN_SNORT_HOME_NET"; db_fset snort/address_range seen true ; } if [ ! -z "$DEBIAN_SNORT_OPTIONS" ] ; then # Remove the -p option wich is added in postinst due to the 'DISABLE_PROMISCUOUS' debconf option DEBIAN_SNORT_OPTIONS=`echo "$DEBIAN_SNORT_OPTIONS" | sed -e 's/ -p$//'` db_set snort/options "$DEBIAN_SNORT_OPTIONS" db_fset snort/options seen true fi [ -n "$DEBIAN_SNORT_SEND_STATS" ] && { db_set snort/send_stats "$DEBIAN_SNORT_SEND_STATS"; db_fset snort/send_stats seen true ; } [ -n "$DEBIAN_SNORT_STATS_RCPT" ] && { db_set snort/stats_rcpt "$DEBIAN_SNORT_STATS_RCPT" ; db_fset snort/stats_rcpt seen true ; } [ -n "$DEBIAN_SNORT_STATS_THRESHOLD" ] && { db_set snort/stats_treshold "$DEBIAN_SNORT_STATS_THRESHOLD"; db_fset snort/stats_treshold seen true ; } fi INTERFACES="" # Interface default in case the configuration file does not exist # The default is to select all the interfaces which are UP in the system if [ -z "$DEBIAN_SNORT_INTERFACE" ] ; then INTERFACES=$(list_interfaces) echo "Snort configuration: interface default not set, using '$INTERFACES'" # Set eth0 as default if no interfaces are found, this raise the # priority of the question as the interface is actually not found if [ -z "$INTERFACES" ] ; then INTERFACES=eth0 echo "Snort configuration: WARN: No network interface found, using $INTERFACES as default" fi else INTERFACES="$DEBIAN_SNORT_INTERFACE" echo "Snort configuration: interface default set, using $INTERFACES" fi [ -n "$INTERFACES" ] && { db_set snort/interface "$INTERFACES"; db_fset snort/interface seen true ; } db_input low snort/startup || true db_go # /etc/ppp/ip-up.d/snort is called with interface and IP number db_get snort/startup if [ "x$RET" = "xdialup" ]; then db_set snort/interface "" db_set snort/address_range "" db_set snort/disable_promiscuous true else db_beginblock # Ask for a valid set of interfaces ok='' count=0 while [ ! "$ok" ] && [ "$count" -lt 2 ]; do # Depending on whether the default interface is up or down we set the # question priority priority='medium' if ! check_interfaces "$INTERFACES" then echo "Snort configuration: WARN: One of the interfaces is not UP in the system, raising question priority" priority='high' db_fset snort/interface seen false fi # Raise the priority if there are multiple interfaces which are # active in the system if [ $(count_interfaces "$INTERFACES") -gt 1 ] then priority='high' fi set +e db_input $priority snort/interface if [ $? -eq 30 ]; then # User is not being shown the question, break out break fi set -e db_go || true # Check the interfaces db_get snort/interface INTERFACES=$RET if ! check_interfaces "$INTERFACES" ; then echo "Snort configuration: WARNING: The interfaces configured are not valid" db_fset snort/invalid_interface seen false db_input critical snort/invalid_interface else ok='yes' fi # Increment the count, we only go through this two times count=$(($count+1)) done db_input high snort/address_range || true db_input low snort/disable_promiscuous || true db_endblock db_go fi db_beginblock db_input low snort/options || true db_endblock db_go db_beginblock db_input low snort/send_stats || true db_go db_get snort/send_stats if [ "x$RET" = "xtrue" ]; then # TODO: This values should not be empty (even # if we default to 'root' and '1' in the scripts) # so the config script should check wether the # values here are legitimate. db_beginblock db_input medium snort/stats_rcpt || true db_input low snort/stats_treshold || true db_endblock db_go fi DEFAULT=/etc/default/snort PARAMETERS=/etc/snort/snort.common.parameters if [ -e "$DEFAULT" ] && [ -e "$PARAMETERS" ] ; then db_beginblock db_input high snort/config_parameters || true db_endblock db_go fi db_get snort/startup if [ "x$RET" = "xmanual" ]; then db_beginblock db_input medium snort/please_restart_manually || true db_endblock db_go fi db_stop