bluesku/IDS-Snort-run.sh

## IDS-Snort-run.sh
#! /bin/sh
ifconfig -s
read -p 'SET Interface.: ' int_f
#Config
mkdir /etc/snort/rules/iplists
mkdir /etc/snort/preproc_rules
mkdir /usr/local/lib/snort_dynamicrules
mkdir /etc/snort/so_rules
mkdir /var/log/snort
mkdir /var/log/snort/archived_logs
chmod -R 5775 /etc/snort
chmod -R 5775 /var/log/snort
chmod -R 5775 /usr/local/lib/snort_dynamicrules
chown -R snort:snort /etc/snort
chown -R snort:snort /var/log/snort
chown -R snort:snort /usr/local/lib/snort_dynamicrules

snort -A console -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -i $int_f

#snort -A console -e --require-rule-sid -H -I  -y -l /tmp -k all -u snort -g snort -c /etc/snort/snort.conf -i $int_f

# -k checksum-mode :: all virus are HASH from DB checksum of file::  Tune the internal checksum verification  functionality  with  alert-mode.  Valid  checksum modes include all, noip, notcp, noudp, noicmp, and none.
# -K logging-mode: ascii , pcap and none

#  -x = --conf-error-out |  exit  if  flowbits or problems occur such as flowbits without Stream5
#  -y  Include the year in Alert and log files
#  -e     Display/log the link layer packet headers (every GET POST from WWW are the datagram HEADER).
#  -Q     Enable inline mode operation.
#  -s     Send  alert  messages  to  syslog.
#  -T     Snort will start up in self-test mode
#  -w     Show management frames if running on an 802.11  (wireless) network.
#  -p     Turn off promiscuous mode sniffing.
#  -N     Turn off packet logging.   The  program  still   generates alerts normally.
#  -M     Log console messages to syslog when  not  run‐ning  daemon  mode.  This switch has no impact on logging of alerts.

#  --require-rule-sid  IM TESTING THIS RULE
#  -O Obfuscate  the  IP  addresses  when  in  ASCII packet dump mode. Get printed to screen/log if the homenet add is set (-h) only address on homenet will be obfuscated whilw IPs  will be left visible  which is perfect to posting security mailing list

#  -H     Force hash tables to be deterministic  instead of  using  a  random  number generator for the seed & scale.  Useful for testing and generating repeatable results with the same traffic.
	#! /bin/sh
	ifconfig -s
	read -p 'SET Interface.: ' int_f
	#Config
	mkdir /etc/snort/rules/iplists
	mkdir /etc/snort/preproc_rules
	mkdir /usr/local/lib/snort_dynamicrules
	mkdir /etc/snort/so_rules
	mkdir /var/log/snort
	mkdir /var/log/snort/archived_logs
	chmod -R 5775 /etc/snort
	chmod -R 5775 /var/log/snort
	chmod -R 5775 /usr/local/lib/snort_dynamicrules
	chown -R snort:snort /etc/snort
	chown -R snort:snort /var/log/snort
	chown -R snort:snort /usr/local/lib/snort_dynamicrules

	snort -A console -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -i $int_f

	#snort -A console -e --require-rule-sid -H -I -y -l /tmp -k all -u snort -g snort -c /etc/snort/snort.conf -i $int_f

	# -k checksum-mode :: all virus are HASH from DB checksum of file:: Tune the internal checksum verification functionality with alert-mode. Valid checksum modes include all, noip, notcp, noudp, noicmp, and none.
	# -K logging-mode: ascii , pcap and none

	# -x = --conf-error-out \| exit if flowbits or problems occur such as flowbits without Stream5
	# -y Include the year in Alert and log files
	# -e Display/log the link layer packet headers (every GET POST from WWW are the datagram HEADER).
	# -Q Enable inline mode operation.
	# -s Send alert messages to syslog.
	# -T Snort will start up in self-test mode
	# -w Show management frames if running on an 802.11 (wireless) network.
	# -p Turn off promiscuous mode sniffing.
	# -N Turn off packet logging. The program still generates alerts normally.
	# -M Log console messages to syslog when not run‐ning daemon mode. This switch has no impact on logging of alerts.

	# --require-rule-sid IM TESTING THIS RULE
	# -O Obfuscate the IP addresses when in ASCII packet dump mode. Get printed to screen/log if the homenet add is set (-h) only address on homenet will be obfuscated whilw IPs will be left visible which is perfect to posting security mailing list

	# -H Force hash tables to be deterministic instead of using a random number generator for the seed & scale. Useful for testing and generating repeatable results with the same traffic.