Setup should handle more than 10 interfaces correctly #522

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
current code:

IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v 
"127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /opt/bro/etc/node.cfg
                grep -v "^#" $SENSORTAB | awk '{print $1}' |while read SENSOR
                do
                        INTERFACE=`grep $SENSOR $SENSORTAB|awk '{print $4}'`
                        echo "* Configuring Bro to monitor $INTERFACE" >> $LOG 2>&1
                        cat << EOF >> /opt/bro/etc/node.cfg
[$SENSOR]   
type=worker
host=$IP
interface=$INTERFACE
lb_method=pf_ring
lb_procs=$BRO_LB_PROCS

EOF


grep eth1 /etc/nsm/sensortab returns:
eth1
eth10

which results in this:

[$SENSOR]   
type=worker
host=$IP
interface=eth1
eth10
lb_method=pf_ring
lb_procs=$BRO_LB_PROCS

Original issue reported on code.google.com by doug.bu...@gmail.com on 4 Apr 2014 at 8:25

Replaced with the following:

                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /opt/bro/etc/node.cfg

                # Go ahead and populate the file with all available interfaces
                # Comment out inactive interfaces
                # grep -v "^#" $SENSORTAB | awk '{print $1}' |while read SENSOR
                for INTERFACE in $ALL_INTERFACES; do
                        if echo $INTERFACES_CSV |grep "$INTERFACE," >/dev/null 2>&1; then
                        echo "* Configuring Bro to monitor $INTERFACE" >> $LOG 2>&1
                        cat << EOF >> /opt/bro/etc/node.cfg
[$HOSTNAME-$INTERFACE]   
type=worker
host=$IP
interface=$INTERFACE
lb_method=pf_ring
lb_procs=$BRO_LB_PROCS

EOF

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 8:38

  • Added labels: ****
  • Removed labels: ****
Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/my5dRuEsvBQ/discussion

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 9:03

  • Added labels: ****
  • Removed labels: ****
Published:
http://blog.securityonion.net/2014/07/new-securityonion-setup-package.html

Original comment by doug.bu...@gmail.com on 22 Jul 2014 at 2:34

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment