/etc/cron.daily/5snort is in snort-common 2.9.2-3ubuntu1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | #!/bin/sh -e
test -f /usr/sbin/snort || exit 0
LOGFILE=/var/log/snort/alert
PATH=/bin:/usr/bin:/sbin:/usr/sbin
CONFIG=/etc/snort/snort.debian.conf
. $CONFIG
# Don't generate stats if we are configured not to
[ "$DEBIAN_SNORT_SEND_STATS" = "false" ] && exit 0
export DEBIAN_SNORT_STATS_RCPT DEBIAN_SNORT_STATS_THRESHOLD
# Just in case it's not properly configured for whatever reason
[ -z "$DEBIAN_SNORT_STATS_THRESHOLD" ] && DEBIAN_SNORT_STATS_THRESHOLD=1
[ -z "$DEBIAN_SNORT_STATS_RCPT" ] && DEBIAN_SNORT_STATS_RCPT=root
# Cannot use logrotate to rotate these logfiles...
# 'rotate' saved RAW-Ethernet streams
# New snort has different naming scheme, old one still here for upgrades
find /var/log/snort -name "snort-*@*.log" -mtime +15 | xargs --no-run-if-empty rm
find /var/log/snort -name "tcpdump.log.*" -mtime +15 | xargs --no-run-if-empty rm
find /var/log/snort -name "snort.log.*" -mtime +15 | xargs --no-run-if-empty rm
# Mail snort stats
if [ -s $LOGFILE ]; then
(echo "To: $DEBIAN_SNORT_STATS_RCPT"; snort-stat -a -t $DEBIAN_SNORT_STATS_THRESHOLD < $LOGFILE) | sendmail -t
fi
# Restarting snort is now handled by the logrotate configuration.
# The 'intelligence' of not to start in certain startup-modes moved
# to the init.d script as well.
exit 0
|