snort: Also monitor assigned alias addresses on red.

Message ID 1445014155-29185-1-git-send-email-stefan.schantl@ipfire.org
State Accepted
Commit c77e962d565b1ae07c9b44e3c864c9bacc9f6b78


Stefan Schantl Oct. 17, 2015, 3:49 a.m. UTC
  These changes will allow snort to also inspect the traffic for
one or more configured alias addresses, which has not been done in the past.

The current situation is, that snort if enabled on red, only inspects
the traffic which is desired to the statically configured red address.

If some alias addresses have been assigned to the red interface the
traffic to these addresses will not be checked by snort and
completely bypasses the IDS.

There is no user interaction required, nor visible-effects or any
backward-compatiblity required, only a restart of snort after the
update process to protect all red addresses.

To do this we will now check if, the RED interface has been set to STATIC (which
is required to use the aliases function) and any aliases have been configured. In
case of this, the modified code will add all enabled alias addresses to the HOMENET
variable in which snort is storing all the monitored addresses.

Fixes #10619.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 src/initscripts/init.d/snort | 15 +++++++++++++++
 1 file changed, 15 insertions(+)