I'm setting up a mass deployment image that includes snort. Since I don't know the network address range that each image will reside on I thought about using an environment variable to hold the network range and use this environment variable in the snort.conf
file to set HOME_NET
.
But that's where everything falls apart. Can this be done? How? Essentially, I'm envisioning something like:
$ export SYS_HOME_NET=192.168.1.0/16
# snort.conf
ipvar HOME_NET %SYS_HOME_NET%
Obviously, this doesn't work. Any ideas?
Best Answer
I would do it slightly differently. Assuming the command that gives you the IP range is
You could write a little wrapper script that launches
snort
:If you save that file as
snort.sh
, make it executable (chmod a+x snort.sh
) and run it, it will update the~/HOME_NET.conf
file with the right IP range before launchingsnort
so everything should work as you expect it to.