blob: 8a6460c317e3f059e4cbc77f7f1714ebc807c752 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
post_install() {
getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort
getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort
usr/bin/passwd -l snort &>/dev/null
[ -f var/log/snort/alert ] || : >var/log/snort/alert
chown snort.snort var/log/snort/ -R
cat << _EOF
>>> EDIT /etc/snort/homenet.conf file to match your local network.
>>> Also EDIT /etc/snort/rules/emerging.conf as per your requirement.
>>> Add local rules to /etc/snort/rules/local.rules
>>> TIP: iptables rule to monitor all FORWARDed traffic:
>>> iptables -I FORWARD -j NFQUEUE --queue-bypass
>>> Note: ALERTs are automatically deleted after 60 days
>>> use barnyard2 to store them in database
_EOF
if [ ! -x "/usr/lib/daq/daq_nfq.so" ]; then
echo
echo 'WARNING: daq is without NFQUEUE support snort-nfqueue will NOT work'
echo 'WARNING: first download libdaq source, makepkg and install it'
echo
echo 'WEBSITE: https://www.archlinux.org/packages/?q=libdaq'
echo
fi
}
post_upgrade() {
post_install $1
}
pre_remove() {
usr/sbin/userdel snort &>/dev/null
usr/sbin/groupdel snort &>/dev/null
}
# vim:set ts=2 sw=2 et:
|