[Snort-users] dynamic ip and snort

Andreas Hasenack andreas at ...814...
Sun Nov 19 15:59:45 EST 2000


Em Sun, Nov 19, 2000 at 03:36:33PM -0500, Fyodor escreveu:
> 
> > >
> > > var HOME_NET $ppp0_ADDRESS
> >
> > But snort still has to be restarted if the connection drops, right? And *after* the
> > interface is up again, right?
> >
> 
> yep. You can modify 'ip_up' and 'ip_down' scripts to do so for pppd, I
> guess :)

Here is what I have. This script is called from /etc/ppp/ip-up
and changes the IP for the INTERNAL variabel in /etc/snort/rules.base
Now that I know about the $ppp0_ADDRESS I don't need this part anymore,
only the restart thing... :)

#!/bin/bash

# parameters:
# $1 = interface
# #2 = tty device
# $3 = baudrate
# $4 = interface ip address
# $5 = gateway ip address

arq1=`/bin/mktemp /etc/snort/rules.XXXXXX`
arq2=`/bin/mktemp /etc/rc.d/init.d/snortd.XXXXXX`
if [ -f $arq1 ] && [ -f $arq2 ]; then
	cp /etc/snort/rules.base $arq1
	sed -e "s,\(^var INTERNAL \)\(.*\),\1$4\/32,g" $arq1 > /etc/snort/rules.base
	rm -f $arq1
	cp /etc/rc.d/init.d/snortd $arq2
	sed -e "s,\(^INTERFACE=\)\(.*\),\1$1,g" $arq2 > /etc/rc.d/init.d/snortd
	rm -f $arq2
	service snortd restart
else
	echo "Problems creating temporary files"
	exit 1
fi




More information about the Snort-users mailing list