snort: Also monitor assigned alias addresses on red.
Message ID | 1445014155-29185-1-git-send-email-stefan.schantl@ipfire.org |
---|---|
State | Accepted |
Commit | c77e962d565b1ae07c9b44e3c864c9bacc9f6b78 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.tremer.info [172.28.1.200]) by septima.ipfire.org (Postfix) with ESMTP id 181D162021 for <patchwork@ipfire.org>; Fri, 16 Oct 2015 18:49:36 +0200 (CEST) Received: from hedwig.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id B53833E95; Fri, 16 Oct 2015 18:49:35 +0200 (CEST) Received: from tuxedo.stevee (host228-133-28-81.hiway.at [81.28.133.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 32D0119B; Fri, 16 Oct 2015 18:49:31 +0200 (CEST) From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] snort: Also monitor assigned alias addresses on red. Date: Fri, 16 Oct 2015 18:49:15 +0200 Message-Id: <1445014155-29185-1-git-send-email-stefan.schantl@ipfire.org> X-Mailer: git-send-email 2.4.3 In-Reply-To: <1445013562.18375.93.camel@ipfire.org> References: <1445013562.18375.93.camel@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Stefan Schantl
Oct. 17, 2015, 3:49 a.m. UTC
These changes will allow snort to also inspect the traffic for
one or more configured alias addresses, which has not been done in the past.
The current situation is, that snort if enabled on red, only inspects
the traffic which is desired to the statically configured red address.
If some alias addresses have been assigned to the red interface the
traffic to these addresses will not be checked by snort and
completely bypasses the IDS.
There is no user interaction required, nor visible-effects or any
backward-compatiblity required, only a restart of snort after the
update process to protect all red addresses.
To do this we will now check if, the RED interface has been set to STATIC (which
is required to use the aliases function) and any aliases have been configured. In
case of this, the modified code will add all enabled alias addresses to the HOMENET
variable in which snort is storing all the monitored addresses.
Fixes #10619.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
src/initscripts/init.d/snort | 15 +++++++++++++++
1 file changed, 15 insertions(+)