config is in snort-common 2.9.2.2-3.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | #!/bin/sh -e
. /usr/share/debconf/confmodule
test $DEBIAN_SCRIPT_DEBUG && set -v -x
DBCONF="/etc/snort/database.conf"
# TODO: Having an empty file here is a little bit weird for sysadmins
# it might be better to have a file with just a comment saying
# that it does nothing, but then it makes it difficult for
# snort-common to detect if he has to purge it on postrm
#
# Make sure the database configuration file exists:
[ -d /etc/snort ] && [ ! -e "$DBCONF" ] && touch "$DBCONF"
# This is a list of deprecated preprocessors used to detect
# bad configuration that will prevent Snort from running
# based on http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/Attic/
OLD_PREPROCESSORS="anomsensor asn1 conversation defrag defrag2 fnord frag2 http_decode httpflow minfrag portscan portscan2 tcp_stream tcp_stream2 tcp_stream3 telnet_negotiation unidecode xlink2state"
# List of valid preprocessors (taken from src/preprocessor)
# or generated using:
# grep RegisterPreprocessor src/preprocessors/* |perl -ne 'print $1." " if /\("(.*?)",/' |sort -u
# [Currently not used since the user might have custom preprocessors]
VALID_PREPROCESSORS="s4UDP s4UDPPrune arpspoof arpspoof_detect_host arpspoof bo backorifice flow flow frag3_global frag3_engine frag3 frag3insert frag3rebuild httpinspect PerfMonitor perfmon rpc_decode rpcdecode sfportscan sfportscan stream4 stream4_reassemble stream4_external s4 s4PktInsert s4NewSess s4GetSess s4State s4StateAsync s4StateAction s4Flush s4BuildPacket s4ProcessRebuilt s4StateActionAsync s4Prune stream5_global stream5_tcp stream5_udp stream5_icmp s5 s5tcp s5udp s5icmp"
CONFIG_FILE=/etc/snort/snort.conf
deprecated=0
if test -f $CONFIG_FILE
then
for prep in $OLD_PREPROCESSORS
do
found_deprecated=`egrep -i "^preprocessor $prep:+" $CONFIG_FILE | sed -e 's/:.*//'`
if [ -n "$found_deprecated" ] ; then
deprecated=1
deprecated_list="$found_deprecated $deprecated_list"
fi
done
fi
# We should warn the user if we found some deprecated preprocessor
#
# NOTE: This is done on config to urge the user to
# overwrites the configuration later on if he is given the chance.
if [ "$deprecated" -eq 1 ] ; then
deprecated_list=`echo $deprecated_list |sed -e 's/ $//'`
# echo "Your $CONFIG_FILE is using out of date preprocessors ($deprecated_list) you should upgrade!"
db_subst snort/deprecated_config DEP_CONFIG "$deprecated_list" || true
db_input high snort/deprecated_config || true
db_go || true
fi
db_stop
exit 0
|