This file is indexed.

/etc/cron.daily/5snort is in snort-common 2.9.2.2-3.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/sh -e

test -f /usr/sbin/snort || exit 0

LOGFILE=/var/log/snort/alert
PATH=/bin:/usr/bin:/sbin:/usr/sbin
CONFIG=/etc/snort/snort.debian.conf
. $CONFIG

# Don't generate stats if we are configured not to
[ "$DEBIAN_SNORT_SEND_STATS" = "false" ] && exit 0

export DEBIAN_SNORT_STATS_RCPT DEBIAN_SNORT_STATS_THRESHOLD

# Just in case it's not properly configured for whatever reason
[ -z "$DEBIAN_SNORT_STATS_THRESHOLD" ] && DEBIAN_SNORT_STATS_THRESHOLD=1
[ -z "$DEBIAN_SNORT_STATS_RCPT" ] && DEBIAN_SNORT_STATS_RCPT=root

# Cannot use logrotate to rotate these logfiles...
# 'rotate' saved RAW-Ethernet streams
# New snort has different naming scheme, old one still here for upgrades
find /var/log/snort -name "snort-*@*.log" -mtime +15 | xargs --no-run-if-empty rm
find /var/log/snort -name "tcpdump.log.*" -mtime +15 | xargs --no-run-if-empty rm
find /var/log/snort -name "snort.log.*" -mtime +15 | xargs --no-run-if-empty rm

# Mail snort stats
if [ -s $LOGFILE ]; then
	(echo "To: $DEBIAN_SNORT_STATS_RCPT"; snort-stat -a -t $DEBIAN_SNORT_STATS_THRESHOLD < $LOGFILE) | sendmail -t
fi

# Restarting snort is now handled by the logrotate configuration.
# The 'intelligence' of not to start in certain startup-modes moved
# to the init.d script as well.

exit 0