snort-common 2.9.2.2-3 / config

This file is indexed.

config is in snort-common 2.9.2.2-3.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/sh -e

. /usr/share/debconf/confmodule
test $DEBIAN_SCRIPT_DEBUG && set -v -x

DBCONF="/etc/snort/database.conf"
# TODO: Having an empty file here is a little bit weird for sysadmins
# it might be better to have a file with just a comment saying
# that it does nothing, but then it makes it difficult for
# snort-common to detect if he has to purge it on postrm
#
# Make sure the database configuration file exists:
[ -d /etc/snort ] && [ ! -e "$DBCONF" ] && touch "$DBCONF"

# This is a list of deprecated preprocessors used to detect
# bad configuration that will prevent Snort from running
# based on http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/Attic/
OLD_PREPROCESSORS="anomsensor asn1 conversation defrag defrag2 fnord frag2 http_decode httpflow minfrag portscan portscan2 tcp_stream tcp_stream2 tcp_stream3 telnet_negotiation unidecode xlink2state"
# List of valid preprocessors (taken from src/preprocessor)
# or generated using:
# grep RegisterPreprocessor src/preprocessors/* |perl -ne 'print $1." " if /\("(.*?)",/' |sort -u
# [Currently not used since the user might have custom preprocessors]
VALID_PREPROCESSORS="s4UDP s4UDPPrune arpspoof arpspoof_detect_host arpspoof bo backorifice flow flow frag3_global frag3_engine frag3 frag3insert frag3rebuild httpinspect PerfMonitor perfmon rpc_decode rpcdecode sfportscan sfportscan stream4 stream4_reassemble stream4_external s4 s4PktInsert s4NewSess s4GetSess s4State s4StateAsync s4StateAction s4Flush s4BuildPacket s4ProcessRebuilt s4StateActionAsync s4Prune stream5_global stream5_tcp stream5_udp stream5_icmp s5 s5tcp s5udp s5icmp"

CONFIG_FILE=/etc/snort/snort.conf
deprecated=0

if test -f $CONFIG_FILE
then
	for prep in $OLD_PREPROCESSORS
	do
		found_deprecated=`egrep -i "^preprocessor $prep:+" $CONFIG_FILE | sed -e 's/:.*//'`
		if [ -n "$found_deprecated" ] ; then
			deprecated=1
			deprecated_list="$found_deprecated $deprecated_list"
		fi
	done
fi

# We should warn the user if we found some deprecated preprocessor
#
# NOTE: This is done on config to urge the user to
# overwrites the configuration later on if he is given the chance.
if [ "$deprecated" -eq 1 ] ; then
	deprecated_list=`echo $deprecated_list |sed -e 's/ $//'`
#	echo "Your $CONFIG_FILE is using out of date preprocessors ($deprecated_list) you should upgrade!"
	db_subst snort/deprecated_config DEP_CONFIG "$deprecated_list" || true
	db_input high snort/deprecated_config || true
	db_go || true
fi

db_stop

 

exit 0

APT Browse - Built by Thomas Orozco.