From c77e962d565b1ae07c9b44e3c864c9bacc9f6b78 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 16 Oct 2015 18:49:15 +0200
Subject: [PATCH] snort: Also monitor assigned alias addresses on red.

These changes will allow snort to also inspect the traffic for
one or more configured alias addresses, which has not been done in the past.

The current situation is, that snort if enabled on red, only inspects
the traffic which is desired to the statically configured red address.

If some alias addresses have been assigned to the red interface the
traffic to these addresses will not be checked by snort and
completely bypasses the IDS.

There is no user interaction required, nor visible-effects or any
backward-compatiblity required, only a restart of snort after the
update process to protect all red addresses.

To do this we will now check if, the RED interface has been set to STATIC (which
is required to use the aliases function) and any aliases have been configured. In
case of this, the modified code will add all enabled alias addresses to the HOMENET
variable in which snort is storing all the monitored addresses.

Fixes #10619.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/init.d/snort | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
index e03c80fea9..58edf1e6db 100644
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -20,6 +20,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
 
+ALIASFILE="/var/ipfire/ethernet/aliases"
+
 case "$1" in
         start)
 		if [ "$BLUE_NETADDRESS" ]; then
@@ -59,6 +61,19 @@ case "$1" in
 			if [ "$LOCAL_IP" ]; then
 				HOMENET+="$LOCAL_IP,"
 			fi
+
+			# Check if the red device is set to static and
+			# any aliases have been configured.
+			if [ "${RED_TYPE}" == "STATIC" ] && [ -s "${ALIASFILE}" ]; then
+				# Read in aliases file.
+				while IFS="," read -r address mode remark; do
+					# Check if the alias is enabled.
+					[ "${mode}" = "on" ] || continue
+
+					# Add alias to the list of HOMENET addresses.
+					HOMENET+="${address},"
+				done < "${ALIASFILE}"
+			fi
 		fi
 		HOMENET+="127.0.0.1"
 		echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars
-- 
2.39.5