Question

3

Use system environment variable for snort.conf HOME_NET setting

rated 0 times [ 3] [ 0] / answers: 1 / hits: 3175 / 2 Years ago, wed, october 19, 2022, 7:40:47

I'm setting up a mass deployment image that includes snort. Since I don't know the network address range that each image will reside on I thought about using an environment variable to hold the network range and use this environment variable in the snort.conf file to set HOME_NET.

But that's where everything falls apart. Can this be done? How? Essentially, I'm envisioning something like:

$ export SYS_HOME_NET=192.168.1.0/16



# snort.conf

ipvar HOME_NET %SYS_HOME_NET%

Obviously, this doesn't work. Any ideas?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ronicod

Add To Favorites

Follow

Total Points: 71

Total Questions: 111

Total Answers: 111

Location: Montenegro

Member since Fri, Dec 10, 2021

2 Years ago

answered 2 Years ago hamostic · Accepted Answer

I would do it slightly differently. Assuming the command that gives you the IP range is

echo ipvar HOME_NET "$(/sbin/ip route | awk '/eth0/ && ++i==2 { print $1 }')"

You could write a little wrapper script that launches snort:

#!/usr/bin/env bash



echo ipvar HOME_NET "$(/sbin/ip route | awk '/eth0/ && ++i==2 { print $1 }')" > ~/HOME_NET.conf

snort

If you save that file as snort.sh, make it executable (chmod a+x snort.sh) and run it, it will update the ~/HOME_NET.conf file with the right IP range before launching snort so everything should work as you expect it to.