#!/bin/sh set -e test $DEBIAN_SCRIPT_DEBUG && set -v -x # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' DEFAULT=/etc/default/snort PARAMETERS=/etc/snort/snort.common.parameters # Initialise variables SNORTUSER="" SNORTGROUP="" LOGDIR="" check_parameters() { # Check if the old parameters file is there and this is # an upgrade (default is not) # Abort if either the old parameters file does not exist # or if the new default has already been installed [ ! -r "$PARAMETERS" ] && return [ -r "$DEFAULT" ] && return # Extract our values from there logdir=`cat $PARAMETERS | perl -ne 'print $1 if /-l\s+([\w\/]+)/'` user_snort=`cat $PARAMETERS | perl -ne 'print $1 if /-u\s+(\w+)/'` group_snort=`cat $PARAMETERS | perl -ne 'print $1 if /-g\s+(\w+)/'` extraparms=`cat $PARAMETERS | sed -e 's/-l[[:space:]]\+[\/[:alnum:]]\+[[:space:]]\+//g; s/-u[[:space:]]\+[[:alnum:]]\+[[:space:]]*//g; s/-g[[:space:]]\+[[:alnum:]]\+[[:space:]]*//g;'` echo "Creating new $DEFAULT configuration based on $PARAMETERS" cat <$DEFAULT # Parameters for the daemon PARAMS="$extraparms" # Logging directory LOGDIR="$logdir" # Snort user SNORTUSER="$user_snort" # Snort group SNORTGROUP="$group_snort" EOF return } case "$1" in install|upgrade) check_parameters [ -r "$DEFAULT" ] && . $DEFAULT # Sane defaults, just in case [ -z "$SNORTUSER" ] && SNORTUSER=snort [ -z "$SNORTGROUP" ] && SNORTGROUP=snort [ -z "$LOGDIR" ] && LOGDIR=/var/log/snort # create snort user to avoid running snort as root # 1. create group if not existing if ! getent group | grep -q "^$SNORTGROUP:" ; then addgroup --quiet --system $SNORTGROUP 2>/dev/null || true fi # 2. create homedir if not existing test -d $LOGDIR || mkdir $LOGDIR # 3. create user if not existing if ! getent passwd | grep -q "^$SNORTUSER:"; then adduser --quiet \ --system \ --ingroup $SNORTGROUP \ --no-create-home \ --disabled-password \ $SNORTUSER 2>/dev/null || true fi # 4. adjust passwd entry usermod -c "Snort IDS" \ -d $LOGDIR \ -g $SNORTGROUP \ $SNORTUSER > /dev/null 2>&1 || true # 5. adjust file and directory permissions if ! dpkg-statoverride --list $LOGDIR >/dev/null && [ -d $LOGDIR ] then chown $SNORTUSER:adm $LOGDIR for logfile in $LOGDIR/*; do [ -f "$logfile" ] && chown $SNORTUSER:adm $logfile done chmod u=rwx,g=rxs,o= $LOGDIR fi # setup /etc/snort test -d /etc/snort || mkdir /etc/snort # move config file to new location if [ -e /etc/snort.conf ]; then mv /etc/snort.conf /etc/snort/snort.conf fi # rename probably existing cron job with old name if [ -e /etc/cron.daily/snort ]; then mv /etc/cron.daily/snort /etc/cron.daily/snort-common fi ;; configure) ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. exit 0