blob: b4afaa027f45645f28b3146821c5f25b50e9bc1e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
post_install() {
getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort
getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort
usr/bin/passwd -l snort &>/dev/null
[ -f var/log/snort/alert ] || : >var/log/snort/alert
chown -R snort.snort var/log/snort/
/usr/bin/nohup /usr/bin/pulledpork_update.sh /etc/snort/rules/snort.rules > /dev/null 2>&1 &
cat << _EOF
>>> EDIT /etc/snort/homenet.conf file to match your local network.
>>> Add local rules to /etc/snort/rules/local.rules
>>> TIP: iptables rule to monitor all FORWARDed traffic:
>>> iptables -I FORWARD -j NFQUEUE --queue-bypass
>>> Note: ALERTs are automatically deleted after 60 days
>>> use barnyard2 to store them in database
_EOF
}
post_upgrade() {
post_install $1
}
pre_remove() {
usr/sbin/userdel snort &>/dev/null
usr/sbin/groupdel snort &>/dev/null
}
# vim:set ts=2 sw=2 et:
|