[arch-commits] Commit in snort/trunk (snort.conf.patch snort.install snort.patch)
Hugo Doria
hugo at archlinux.org
Wed Jul 9 14:06:49 UTC 2008
Date: Wednesday, July 9, 2008 @ 10:06:49
Author: hugo
Revision: 4727
snort files added
Added:
snort/trunk/snort.conf.patch
snort/trunk/snort.install
snort/trunk/snort.patch
------------------+
snort.conf.patch | 188 +++++++++++++++++++++++++++++++++++++++++++++++++++++
snort.install | 28 +++++++
snort.patch | 188 +++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 404 insertions(+)
Added: snort.conf.patch
===================================================================
--- snort.conf.patch (rev 0)
+++ snort.conf.patch 2008-07-09 14:06:49 UTC (rev 4727)
@@ -0,0 +1,188 @@
+--- etc/snort.conf.orig 2008-07-03 16:44:57.000000000 -0300
++++ etc/snort.conf 2008-07-03 17:42:57.000000000 -0300
+@@ -1,5 +1,5 @@
+ #--------------------------------------------------
+-# http://www.snort.org Snort 2.8.2.1 Ruleset
++# http://www.snort.org Snort 2.8.2 Ruleset
+ # Contact: snort-sigs at lists.sourceforge.net
+ #--------------------------------------------------
+ # $Id$
+@@ -191,7 +191,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -201,12 +201,12 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++dynamicdetection directory /usr/local/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+@@ -487,7 +487,7 @@
+ # drop { client | server | general | snort_attack }
+ # example:
+ # preprocessor bo: noalert { general server } drop { snort_attack }
+-#
++
+ #
+ # The Back Orifice detector uses Generator ID 105 and uses the
+ # following SIDS for that GID:
+@@ -936,59 +936,87 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
+-
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
+-# include $RULE_PATH/web-attacks.rules
+-# include $RULE_PATH/backdoor.rules
+-# include $RULE_PATH/shellcode.rules
+-# include $RULE_PATH/policy.rules
+-# include $RULE_PATH/porn.rules
+-# include $RULE_PATH/info.rules
+-# include $RULE_PATH/icmp-info.rules
+-# include $RULE_PATH/virus.rules
+-# include $RULE_PATH/chat.rules
+-# include $RULE_PATH/multimedia.rules
+-# include $RULE_PATH/p2p.rules
+-# include $RULE_PATH/spyware-put.rules
+-# include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/local.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/porn.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/experimental.rules
++
++
++# Community Rules
++include $RULE_PATH/community-bot.rules
++include $RULE_PATH/community-deleted.rules
++include $RULE_PATH/community-dos.rules
++include $RULE_PATH/community-exploit.rules
++include $RULE_PATH/community-ftp.rules
++include $RULE_PATH/community-game.rules
++include $RULE_PATH/community-icmp.rules
++include $RULE_PATH/community-imap.rules
++include $RULE_PATH/community-inappropriate.rules
++include $RULE_PATH/community-mail-client.rules
++include $RULE_PATH/community-misc.rules
++include $RULE_PATH/community-nntp.rules
++include $RULE_PATH/community-oracle.rules
++include $RULE_PATH/community-policy.rules
++include $RULE_PATH/community-sip.rules
++include $RULE_PATH/community-smtp.rules
++include $RULE_PATH/community-sql-injection.rules
++include $RULE_PATH/community-virus.rules
++include $RULE_PATH/community-web-attacks.rules
++include $RULE_PATH/community-web-cgi.rules
++include $RULE_PATH/community-web-client.rules
++include $RULE_PATH/community-web-dos.rules
++include $RULE_PATH/community-web-iis.rules
++include $RULE_PATH/community-web-misc.rules
++include $RULE_PATH/community-web-php.rules
+
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules
+@@ -1000,3 +1028,4 @@
+ # such as: c:\snort\etc\threshold.conf
+ # Uncomment if needed.
+ # include threshold.conf
++
Added: snort.install
===================================================================
--- snort.install (rev 0)
+++ snort.install 2008-07-09 14:06:49 UTC (rev 4727)
@@ -0,0 +1,28 @@
+post_install() {
+ getent group snort >/dev/null || usr/sbin/groupadd snort
+ getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -g snort -d /var/log/snort -s /bin/false snort
+ usr/bin/passwd -l snort &>/dev/null
+
+ [ -f var/log/snort/alert ] || : >var/log/snort/alert
+ chown snort.snort var/log/snort/alert
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+pre_remove() {
+ usr/sbin/userdel snort &>/dev/null
+ usr/sbin/groupdel snort &>/dev/null
+}
+
+post_remove() {
+ /bin/true
+}
+
+op=$1
+shift
+
+$op $*
+
+# vim:set ts=2 sw=2 et:
Added: snort.patch
===================================================================
--- snort.patch (rev 0)
+++ snort.patch 2008-07-09 14:06:49 UTC (rev 4727)
@@ -0,0 +1,188 @@
+--- etc/snort.conf.orig 2008-07-03 16:44:57.000000000 -0300
++++ etc/snort.conf 2008-07-03 18:04:45.000000000 -0300
+@@ -1,5 +1,5 @@
+ #--------------------------------------------------
+-# http://www.snort.org Snort 2.8.2.1 Ruleset
++# http://www.snort.org Snort 2.8.2 Ruleset
+ # Contact: snort-sigs at lists.sourceforge.net
+ #--------------------------------------------------
+ # $Id$
+@@ -191,7 +191,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -201,12 +201,12 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++dynamicdetection directory /usr/local/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+@@ -487,7 +487,7 @@
+ # drop { client | server | general | snort_attack }
+ # example:
+ # preprocessor bo: noalert { general server } drop { snort_attack }
+-#
++
+ #
+ # The Back Orifice detector uses Generator ID 105 and uses the
+ # following SIDS for that GID:
+@@ -936,59 +936,87 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
+-
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
+-# include $RULE_PATH/web-attacks.rules
+-# include $RULE_PATH/backdoor.rules
+-# include $RULE_PATH/shellcode.rules
+-# include $RULE_PATH/policy.rules
+-# include $RULE_PATH/porn.rules
+-# include $RULE_PATH/info.rules
+-# include $RULE_PATH/icmp-info.rules
+-# include $RULE_PATH/virus.rules
+-# include $RULE_PATH/chat.rules
+-# include $RULE_PATH/multimedia.rules
+-# include $RULE_PATH/p2p.rules
+-# include $RULE_PATH/spyware-put.rules
+-# include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/local.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/porn.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/experimental.rules
++
++
++# Community Rules
++include $RULE_PATH/community-bot.rules
++include $RULE_PATH/community-deleted.rules
++include $RULE_PATH/community-dos.rules
++include $RULE_PATH/community-exploit.rules
++include $RULE_PATH/community-ftp.rules
++include $RULE_PATH/community-game.rules
++include $RULE_PATH/community-icmp.rules
++include $RULE_PATH/community-imap.rules
++include $RULE_PATH/community-inappropriate.rules
++include $RULE_PATH/community-mail-client.rules
++include $RULE_PATH/community-misc.rules
++include $RULE_PATH/community-nntp.rules
++include $RULE_PATH/community-oracle.rules
++include $RULE_PATH/community-policy.rules
++include $RULE_PATH/community-sip.rules
++#include $RULE_PATH/community-smtp.rules
++include $RULE_PATH/community-sql-injection.rules
++#include $RULE_PATH/community-virus.rules
++include $RULE_PATH/community-web-attacks.rules
++include $RULE_PATH/community-web-cgi.rules
++include $RULE_PATH/community-web-client.rules
++include $RULE_PATH/community-web-dos.rules
++include $RULE_PATH/community-web-iis.rules
++include $RULE_PATH/community-web-misc.rules
++include $RULE_PATH/community-web-php.rules
+
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules
+@@ -1000,3 +1028,4 @@
+ # such as: c:\snort\etc\threshold.conf
+ # Uncomment if needed.
+ # include threshold.conf
++
More information about the arch-commits
mailing list