Replaced snort gpl community rules by emergingthreats.net rules.

[people/pmueller/ipfire-2.x.git] / src / initscripts / init.d / snort

diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
index a2db0de0fb4286095caabe0dd2724dc5be843c60..2e2f4f2e40cb6bf514c29bf3f1ce1e0ff4183b87 100644 (file)
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -62,10 +62,19 @@ fi
 
 case "$1" in
         start)
+               # Disable incompatible rules
+               for file in $(ls /etc/snort/rules/*.rules); do
+                       sed -i 's|^alert.*!\[\$DNS_SERVERS|#&|g' $file
+                       sed -i 's|^alert.*!\$SSH_PORTS|#&|g' $file
+                       sed -i 's|^alert.*!\$HOME_NET|#&|g' $file
+                       sed -i 's|^alert.*!\$SQL_SERVERS|#&|g' $file
+               done
+
                 for DEVICE in $DEVICES; do
                         boot_mesg "Starting Intrusion Detection System on $DEVICE..."
                         /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
                         evaluate_retval
+                       sleep 1
                         chmod 644 /var/run/snort_$DEVICE.pid
                 done