Use system environment variable for snort.conf HOME_NET setting
I'm setting up a mass deployment image that includes snort. Since I don't know the network address range that each image will reside on I thought about using an environment variable to hold the network range and use this environment variable in the snort.conf file to set HOME_NET.
But that's where everything falls apart. Can this be done? How? Essentially, I'm envisioning something like:
$ export SYS_HOME_NET=192.168.1.0/16
# snort.conf
ipvar HOME_NET %SYS_HOME_NET%Obviously, this doesn't work. Any ideas?
2 Answers
I would do it slightly differently. Assuming the command that gives you the IP range is
echo ipvar HOME_NET "$(/sbin/ip route | awk '/eth0/ && ++i==2 { print $1 }')"You could write a little wrapper script that launches snort:
#!/usr/bin/env bash
echo ipvar HOME_NET "$(/sbin/ip route | awk '/eth0/ && ++i==2 { print $1 }')" > ~/HOME_NET.conf
snortIf you save that file as snort.sh, make it executable (chmod a+x snort.sh) and run it, it will update the ~/HOME_NET.conf file with the right IP range before launching snort so everything should work as you expect it to.
One method I just thought of is to make an external .conf file that creates this variable and include it in the snort.conf like this:
#snort.conf
#ipvar HOME_NET any
include ./HOME_NET.confThen, create a HOME_NET.conf file that looks like this:
ipvar HOME_NET 192.168.1.0/16and change/replace the contents of HOME_NET.conf with an .sh script during boot or initial image setup.
