From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Apr  6 13:02:23 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA68302;
	Fri, 6 Apr 2001 13:02:23 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from serio.al.rim.or.jp (serio.al.rim.or.jp [202.247.191.123])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA68297
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 6 Apr 2001 13:02:23 +0900 (JST)
	(envelope-from cx2@kh.rim.or.jp)
Received: from mail3.rim.or.jp
	by serio.al.rim.or.jp (3.7W/HMX-13) id NAA01725
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 6 Apr 2001 13:02:22 +0900 (JST)
Received: from irene143.com (g044159.ppp.asahi-net.or.jp [211.132.44.159]) by mail3.rim.or.jp (8.9.3/3.7W)
	id NAA09240 for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 6 Apr 2001 13:02:21 +0900 (JST)
Date: Fri, 6 Apr 2001 13:02:21 +0900 (JST)
Message-Id: <200104060402.NAA09240@mail3.rim.or.jp>
To: FreeBSD-users-jp@jp.freebsd.org
X-Gnus-Offline-Backend: Gnus offline backend utiliy v2.20 - "Cup of life"
                        with nnagent 1.0
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=ISO-2022-JP
From: Akitada Koyama <cx2@kh.rim.or.jp>
User-Agent: T-gnus/6.15.0 (based on Oort Gnus v0.01) (revision 09) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/20.7 (i386-unknown-freebsdelf4.3) MULE/4.1 (AOI)
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 60624
Subject: [FreeBSD-users-jp 60624] shell script for cron
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: akira@irene143.com

$B8=:_!"%U%l%C%D(B ISDN $B$G>o;~@\B3$K$7$F!"(BIDS $B$H$7$F(B snort $B$r;H$C$F$$$k$N$G$9$,(B
$B$3$l$N(B log $B$NF~$lBX$($r(B cron $B$+$i<B9T$7$h$&$H;W$$@_Dj$7$F$_$?$N$G$9$,!"(Blog
$B$r<+J,$N(B $B%a!<%k%"%I%l%9$KAw?.$G$-$^$;$s!#DL>o$N%7%'%k%9%/%j%W%H$H$7$F<B9T$7(B
$B$?>l9g$O!"$A$c$s$HAw?.$G$-$F$$$^$9!#(B

$B$I$J$?$+%"%I%P%$%9$r$*4j$$$7$^$9!#(B

$B0J2<4D6-!"@_Dj$*$h$S%7%'%k%9%/%j%W%H$G$9!#(B

FreeBSD 4.3-RC

/etc/periodic.conf $B$K0J2<$rDI2C(B
# 998.rotate-snort-log
daily_status_rotate_snort_log="YES" # Rotate snort logs

/etc/priodic/daily/998.rotate-snort-log ($BE,Ev$K@^$jJV$7$F$^$9!#(B)
>  #!/bin/sh
>
>  if [ -r /etc/defaults/periodic.conf ]
>  then
>      . /etc/defaults/periodic.conf
>      source_periodic_confs
>  fi
>
>  case "$daily_status_rotate_snort_log" in
>      [Yy][Ee][Ss])
>      if [ ! -f /usr/local/snort/rules/snort.conf ]
>      then
>  	echo  '$daily_status_rotate_snort_log is set but \
>		/usr/local/snort/rules/snort.conf' \ <- $B$3$3$^$G(B1$B9T$G$9!#(B
>  		"doesn't exist"
>  	rc=2
>      else
>
>  	snortbase=/usr/local/snort
>  	snort_prog=/usr/local/bin/snort
>  	logforward="cx2@kh.rim.or.jp"
>  	oif=tun0
>  	mask="32"
>  	snortlibdir=$snortbase/rules
>  	snortconf=$snortlibdir/snort.conf
>  	logdir=$snortbase/log
>  	oldlogs=$snortbase/oldlogs
>  	weeklogs=$snortbase/weeklogs
>  	dirdate=`date -v -1d "+%m-%d-%y"`
>  	olddirdate=`date -v -8d "+%m-%d-%y"`
>  	rc=0
>
>  	echo
>  	echo Snort log rotate:
>
>  	if [ ! -d $weeklogs/$dirdate ]
>  	then
>  	    mkdir $weeklogs/$dirdate
>  	fi
>
>  	for logitem in `ls $logdir` ; do
>  	    mv $logdir/$logitem $weeklogs/$dirdate
>  	done
>
>  	kill `cat /var/run/snort_tun0.pid`
>
>  	oip=`/sbin/ifconfig tun0 | sed -n -e "s/.*inet \([0-9.]*\).*$/\1/p"`
>  	oip_chg=s\/internal_net\/$oip\\/$mask/g
>
>  	cd $snortlibdir
>  	cat $snortconf | sed $oip_chg > snortconf_run
>  	$snort_prog -i $oif -D -A full -l $logdir -c snortconf_run > /dev/null \
>        2>&1
>    
>  	if [ -d $weeklogs/$olddirdate ]
>  	then
>  	    rm -r $weeklogs/$olddirdate
>  	fi
>
>  	(cd $weeklogs; tar zcvf $oldlogs/$dirdate.tgz $dirdate > /dev/null 2>&1)
>
>  	cat $weeklogs/$dirdate/alert | mail -s "Snort logs" $logforward
>  	cat $weeklogs/$dirdate/portscan.log | mail -s "Snort portscan logs" \
>           $logforward
>
>      fi;;
>      *) rc=0;;
>  esac
>
>  exit $rc

$B0J>e(B
