preinst is in snort-rules-default 2.9.6.0-0ubuntu1.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | #!/bin/sh -e
# Preinst for snort-common-rules, currently only handles
# migration from old /etc/snort to new /etc/snort setup
#
check_md5() {
# if the MD5sum matches the user has not modified it, remove it
# if it does not match then just move it to the new location
[ ! -f "$1" ] && return 1
[ -z "$2" ] && return 1
if md5sum $1 2>/dev/null |grep -q $2; then
echo "Removing $1 since it has not been changed"
rm -f $1
else
# Optionally move to a directory
if [ -n "$3" ] && [ -d "$3" ] ; then
echo "Moving $1 to $3"
mv $1 $3
fi
fi
}
if [ ! -d /etc/snort/rules ]
then
mkdir -p /etc/snort/rules
chown root:root /etc/snort/rules
chmod 755 /etc/snort/rules
fi
case "$1" in
install|upgrade)
if [ "x$2" != "x" ] ; then
if dpkg --compare-versions $2 lt 1.9.0beta4-1 ; then
if [ ! -z "`ls /etc/snort/*.rules 2>/dev/null | head -1`" ]
then
echo "Checking if old rulefiles have been changed"
echo "
3bc265bef3ff5fc675f9f1acf8ea6390 attack-responses.rules
3bc265bef3ff5fc675f9f1acf8ea6390 attack-responses.rules
c20eb0f3f140b7659ebd37f2e3553f2d backdoor.rules
08b710276367c03fcd26d1b3512a870d bad-traffic.rules
48683f29e6452e4e43f1af004f537485 ddos.rules
f605e07289ace0adc279aa46225834a5 dns.rules
b231ab5af973df5f06201f16be8a37ff dos.rules
31788f18caaed776f021e5029bdd6757 exploit.rules
3f0c90491298edd0dfc37a6afc9ffac6 finger.rules
a2f2068460b622a85624b664d9108b36 ftp.rules
c580f094d32435915f893c2661fb73dc icmp-info.rules
3abbb384dd222225560ec87b324b63ce icmp.rules
9159fed0eda9c16245f4c6edb94c0d7c info.rules
8005f28d5e2400c474a7b765029eefb5 local.rules
8204b5ce028496bca3f95a06dfca10b9 misc.rules
f63f7c3c9a9f627521b0dcce1e134f1f netbios.rules
fe402fc3c9e795ea22af59be84683be5 policy.rules
00b1e66fe86b46bf94460320ca71d972 porn.rules
c23be32425937a87219ccd0ee4f85813 rpc.rules
82a173d9144a11ea1e686fcec730549a rservices.rules
c9dd621a43c896dde6dd2da09575897f scan.rules
55a0e660ea08c314cf4d5c19f7973f83 shellcode.rules
b304d4b570e94112d6b025d6a55007c1 smtp.rules
ccff2e48615eb7d27466b26a9dd66b66 sql.rules
f68e3bee2ab97ce729f20a0f4751ca04 telnet.rules
a263d7e4526e8012aafd9daf62690519 tftp.rules
2abd1c03364a8a1c01650764cf2af2f1 virus.rules
fe239ae24a682d3d47251c28689fc9ec web-attacks.rules
2e99d333c4ab20bfd3f5694915b6d591 web-cgi.rules
3051d9dda0ed859487580733b2a318d2 web-coldfusion.rules
b7fc9e8371d04b5ec203651c15135657 web-frontpage.rules
e7100df55b15a262f45d0a2940594d1f web-iis.rules
028a217dbdc67fea026a1f7c3dd6560b web-misc.rules
6e85b6a55b84bffc29fd58b8e6747b65 x11.rules
c20eb0f3f140b7659ebd37f2e3553f2d backdoor.rules
08b710276367c03fcd26d1b3512a870d bad-traffic.rules
48683f29e6452e4e43f1af004f537485 ddos.rules
f605e07289ace0adc279aa46225834a5 dns.rules
b231ab5af973df5f06201f16be8a37ff dos.rules
31788f18caaed776f021e5029bdd6757 exploit.rules
3f0c90491298edd0dfc37a6afc9ffac6 finger.rules
a2f2068460b622a85624b664d9108b36 ftp.rules
c580f094d32435915f893c2661fb73dc icmp-info.rules
3abbb384dd222225560ec87b324b63ce icmp.rules
9159fed0eda9c16245f4c6edb94c0d7c info.rules
8005f28d5e2400c474a7b765029eefb5 local.rules
8204b5ce028496bca3f95a06dfca10b9 misc.rules
f63f7c3c9a9f627521b0dcce1e134f1f netbios.rules
fe402fc3c9e795ea22af59be84683be5 policy.rules
00b1e66fe86b46bf94460320ca71d972 porn.rules
c23be32425937a87219ccd0ee4f85813 rpc.rules
82a173d9144a11ea1e686fcec730549a rservices.rules
c9dd621a43c896dde6dd2da09575897f scan.rules
55a0e660ea08c314cf4d5c19f7973f83 shellcode.rules
b304d4b570e94112d6b025d6a55007c1 smtp.rules
ccff2e48615eb7d27466b26a9dd66b66 sql.rules
f68e3bee2ab97ce729f20a0f4751ca04 telnet.rules
a263d7e4526e8012aafd9daf62690519 tftp.rules
2abd1c03364a8a1c01650764cf2af2f1 virus.rules
fe239ae24a682d3d47251c28689fc9ec web-attacks.rules
2e99d333c4ab20bfd3f5694915b6d591 web-cgi.rules
3051d9dda0ed859487580733b2a318d2 web-coldfusion.rules
b7fc9e8371d04b5ec203651c15135657 web-frontpage.rules
e7100df55b15a262f45d0a2940594d1f web-iis.rules
028a217dbdc67fea026a1f7c3dd6560b web-misc.rules
6e85b6a55b84bffc29fd58b8e6747b65 x11.rules
" |
while read md5sum file ; do
check_md5 /etc/snort/$file $md5sum /etc/snort/rules/
done
echo "Finished check of old rulefiles"
# Classification config modified?
check_md5 /etc/snort/classification.config 183a351fc8c3a60ed9fbbb8194e4eda1
fi
fi
fi
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
|