snort.install


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

post_install() {
  getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort
  getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort
  usr/bin/passwd -l snort &>/dev/null

  [ -f var/log/snort/alert ] || : >var/log/snort/alert
  chown snort.snort var/log/snort/ -R

cat << _EOF  

>>> EDIT /etc/snort/homenet.conf file to match your local network.
>>> Also EDIT /etc/snort/rules/emerging.conf as per your requirement.
>>> Add local rules to /etc/snort/rules/local.rules

>>> TIP: iptables rule to monitor all FORWARDed traffic:
>>>   iptables -I FORWARD -j NFQUEUE --queue-bypass

>>> Note: ALERTs are automatically deleted after 60 days
>>>   use barnyard2 to store them in database

_EOF

  if [ ! -x "/usr/lib/daq/daq_nfq.so" ]; then
    echo
    echo 'WARNING: daq is without NFQUEUE support snort-nfqueue will NOT work'
    echo 'WARNING: first download libdaq source, makepkg and install it'
    echo
    echo 'WEBSITE: https://www.archlinux.org/packages/?q=libdaq'
    echo
  fi
}

post_upgrade() {
  post_install $1
}

pre_remove() {
  usr/sbin/userdel snort &>/dev/null
  usr/sbin/groupdel snort &>/dev/null
}

# vim:set ts=2 sw=2 et: