chore: Update Snort installation script for macOS

scripts/install.sh

@@ -162,28 +162,45 @@ update_ossec_conf_macos() {
  info_message "Updating $OSSEC_CONF_PATH"
 
  if [[ $ARCH == "arm64" ]]; then
+ # ARM (M1) specific Snort configuration
  content_to_add="<!-- snort -->
- <localfile>
- <log_format>snort-full</log_format>
- <location>/var/log/snort/alert_fast.txt</location>
- </localfile>"
+<localfile>
+ <log_format>snort-full</log_format>
+ <location>/var/log/snort/alert_fast.txt</location>
+</localfile>"
+
+ # Check and add Snort config if not present
+ if ! sudo grep -q "$content_to_add" "$OSSEC_CONF_PATH"; then
+ sudo sed -i '' -e "/<\/ossec_config>/i\\
+<!-- snort -->\\
+<localfile>\\
+ <log_format>snort-full</log_format>\\
+ <location>/var/log/snort/alert_fast.txt</location>\\
+</localfile>" "$OSSEC_CONF_PATH"
+ success_message "ossec.conf updated on macOS ARM (M1)"
+ else
+ info_message "The content already exists in $OSSEC_CONF_PATH"
+ fi
  else
+ # Intel specific Snort configuration
  content_to_add="<!-- snort -->
- <localfile>
-  <log_format>snort-full</log_format>
-  <location>/usr/local/var/log/snort/alert_fast.txt</location>
- </localfile>"
- fi
-
- if ! grep -q "$content_to_add" "$OSSEC_CONF_PATH"; then
- maybe_sudo sed -i '' "/<\/ossec_config>/i\\
+<localfile>
+ <log_format>snort-full<\/log_format>
+ <location>\/usr\/local\/var\/log\/snort\/alert_fast.txt<\/location>
+<\/localfile>"
+
+  # Check and add Snort config if not present
+  if ! grep -q "$content_to_add" "$OSSEC_CONF_PATH"; then
+  maybe_sudo sed -i '' "/<\/ossec_config>/i\\
  $content_to_add" "$OSSEC_CONF_PATH"
- success_message "ossec.conf updated on macOS"
- else
- info_message "The content already exists in $OSSEC_CONF_PATH"
+ success_message "ossec.conf updated on macOS Intel"
+ else
+ info_message "The content already exists in $OSSEC_CONF_PATH"
+ fi
  fi
 }
 
+
 # Function to start Snort on macOS
 start_snort_macos() {
  info_message "Starting Snort"