Ubuntu – Use system environment variable for snort.conf HOME_NET setting

environment-variablessnort

I'm setting up a mass deployment image that includes snort. Since I don't know the network address range that each image will reside on I thought about using an environment variable to hold the network range and use this environment variable in the snort.conf file to set HOME_NET.

But that's where everything falls apart. Can this be done? How? Essentially, I'm envisioning something like:

$ export SYS_HOME_NET=192.168.1.0/16

# snort.conf
ipvar HOME_NET %SYS_HOME_NET%

Obviously, this doesn't work. Any ideas?

Best Answer

I would do it slightly differently. Assuming the command that gives you the IP range is

echo ipvar HOME_NET "$(/sbin/ip route | awk '/eth0/ && ++i==2 { print $1 }')"

You could write a little wrapper script that launches snort:

#!/usr/bin/env bash

echo ipvar HOME_NET "$(/sbin/ip route | awk '/eth0/ && ++i==2 { print $1 }')" > ~/HOME_NET.conf
snort

If you save that file as snort.sh, make it executable (chmod a+x snort.sh) and run it, it will update the ~/HOME_NET.conf file with the right IP range before launching snort so everything should work as you expect it to.

Related Solutions

Ubuntu – Setting global environment variable for everyone

The /etc/environment update will only work on the next session, it's not automatically reloaded.

Which means you cannot change it for sessions that have already started for other users.

If you want to "reload" whatever is in the /etc/environment you need the following command:

source /etc/environment

But again it will only work for your own current session, other users won't be affected until they start a new session or run the above command in their own session.

Ubuntu – Setting system-wide environment variable using /etc/environment

The /etc/environment file is not a script file: AFAIK you can't use export there and it doesn't support variable expansion of the type $HOME, just simplevariable=value pairs. So to use that file, you'd need to simply append your path to the existing definition, like

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/username/R/bin"

However, setting the system-wide PATH to include a user's home directory in this way is a questionable practice IMHO: the normal way would be to use one of the user's own shell startup files: ~/.profile is usually the recommended one for environment variables, however it has the disadvantage of only being invoked by login shells, so in order to get it to take effect you will need to log out and back in - or at least, start a new login shell e.g. using

    su - username

    su -l username

Note that sudo should not be used to edit these personal files, as it will likely leave them owned by root, which can cause further problems down the road. If you have already used sudo vim you may need to use sudo chown to restore their correct ownership e.g.

sudo chown username:username ~/.profile

Then you can add the desired path component using your preferred editor e.g.

vim ~/.profile

You could even consider copying the existing paradigm for ~/bin in that file i.e. add it as

# set PATH so it includes user's private R bin if it exists
if [ -d "$HOME/R/bin" ] ; then
    PATH="$HOME/R/bin:$PATH"
fi

Best Answer

Related Solutions

Ubuntu – Setting global environment variable for everyone

Ubuntu – Setting system-wide environment variable using /etc/environment

Related Question