ks888/install_snort.sh

## install_snort.sh
#!/bin/bash

set -e

apt-get install -y snort

# get my ip address
IPADDR=$(hostname -i)

# configure ip address and logging format
sed -i -e "s#192.168.0.0/16#${IPADDR}#" \
  -e 's/DEBIAN_SNORT_OPTIONS=""/DEBIAN_SNORT_OPTIONS="-K ascii -N -A fast"/g' \
  /etc/snort/snort.debian.conf

# 'uricontent' rule somehow does not work when checksum_mode is all.
# See https://groups.google.com/forum/#!topic/mailing.unix.snort/YJz855nRTeI for details
sed -i -e 's#config checksum_mode: all#config checksum_mode: none#' /etc/snort/snort.conf

# allow log collector to read alert file
chmod o+rx /var/log/snort/
sed -i -e 's/create 0640/create 0644/g' /etc/logrotate.d/snort

service snort restart
	#!/bin/bash

	set -e

	apt-get install -y snort

	# get my ip address
	IPADDR=$(hostname -i)

	# configure ip address and logging format
	sed -i -e "s#192.168.0.0/16#${IPADDR}#" \
	-e 's/DEBIAN_SNORT_OPTIONS=""/DEBIAN_SNORT_OPTIONS="-K ascii -N -A fast"/g' \
	/etc/snort/snort.debian.conf

	# 'uricontent' rule somehow does not work when checksum_mode is all.
	# See https://groups.google.com/forum/#!topic/mailing.unix.snort/YJz855nRTeI for details
	sed -i -e 's#config checksum_mode: all#config checksum_mode: none#' /etc/snort/snort.conf

	# allow log collector to read alert file
	chmod o+rx /var/log/snort/
	sed -i -e 's/create 0640/create 0644/g' /etc/logrotate.d/snort

	service snort restart