post_install() {
  getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort
  getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort
  usr/bin/passwd -l snort &>/dev/null

  [ -f var/log/snort/alert ] || : >var/log/snort/alert
  chown snort.snort var/log/snort/ -R

cat << _EOF  

>>> You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network.
>>> If you do not change it, snort may not work.
>>> You will need to download the ruleset from snort (https://www.snort.org/snort-rules/) and install in /etc/snort/rules. It is recomended to get the registered user ruleset. At minimum you will need the community ruleset.
>>> After you do this make sure to edit your snort.conf file accordingly.
>>> You will need to verify 
>>>>> RULE_PATH rules
>>>>> SO_RULE_PATH rules/so_rules
>>>>> PREPROC_RULE_PATH /usr/lib/snort/preproc_rules
>>>>> WHITE_LIST_PATH rules
>>>>> BLACK_LIST_PATH rules 

_EOF
}

post_upgrade() {
  post_install $1
}

pre_remove() {
  usr/sbin/userdel snort &>/dev/null
  usr/sbin/groupdel snort &>/dev/null
}

# vim:set ts=2 sw=2 et:
