I'm setting up a mass deployment image that includes snort. Since I don't know the network address range that each image will reside on I thought about using an environment variable to hold the network range and use this environment variable in the snort.conf
file to set HOME_NET
.
But that's where everything falls apart. Can this be done? How? Essentially, I'm envisioning something like:
$ export SYS_HOME_NET=192.168.1.0/16
# snort.conf
ipvar HOME_NET %SYS_HOME_NET%
Obviously, this doesn't work. Any ideas?