[arch-commits] Commit in snort/repos (4 files)

Hugo Doria hugo at archlinux.org
Wed Jul 9 10:22:21 EDT 2008


    Date: Wednesday, July 9, 2008 @ 10:22:21
  Author: hugo
Revision: 4728

Merged revisions 4726-4727 via svnmerge from 
svn+ssh://hugo@archlinux.org/home/svn-packages/snort/trunk

........
  r4727 | hugo | 2008-07-09 11:06:49 -0300 (Wed, 09 Jul 2008) | 1 line
  
  snort files added
........

Added:
  snort/repos/extra-i686/snort.conf.patch
    (from rev 4727, snort/trunk/snort.conf.patch)
  snort/repos/extra-i686/snort.install
    (from rev 4727, snort/trunk/snort.install)
  snort/repos/extra-i686/snort.patch
    (from rev 4727, snort/trunk/snort.patch)
Modified:
  snort/repos/extra-i686/	(properties)

------------------+
 snort.conf.patch |  188 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 snort.install    |   28 +++++++
 snort.patch      |  188 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 404 insertions(+)


Property changes on: snort/repos/extra-i686
___________________________________________________________________
Name: svnmerge-integrated
   - /snort/trunk:1-4725
   + /snort/trunk:1-4727

Copied: snort/repos/extra-i686/snort.conf.patch (from rev 4727, snort/trunk/snort.conf.patch)
===================================================================
--- extra-i686/snort.conf.patch	                        (rev 0)
+++ extra-i686/snort.conf.patch	2008-07-09 14:22:21 UTC (rev 4728)
@@ -0,0 +1,188 @@
+--- etc/snort.conf.orig	2008-07-03 16:44:57.000000000 -0300
++++ etc/snort.conf	2008-07-03 17:42:57.000000000 -0300
+@@ -1,5 +1,5 @@
+ #--------------------------------------------------
+-#   http://www.snort.org     Snort 2.8.2.1 Ruleset
++#   http://www.snort.org     Snort 2.8.2 Ruleset
+ #     Contact: snort-sigs at lists.sourceforge.net
+ #--------------------------------------------------
+ # $Id$
+@@ -191,7 +191,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -201,12 +201,12 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++dynamicdetection directory /usr/local/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+@@ -487,7 +487,7 @@
+ #                      drop    { client | server | general | snort_attack }
+ #   example:
+ #     preprocessor bo: noalert { general server } drop { snort_attack }
+-#
++
+ # 
+ # The Back Orifice detector uses Generator ID 105 and uses the 
+ # following SIDS for that GID:
+@@ -936,59 +936,87 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+ 
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
+-
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
+-# include $RULE_PATH/web-attacks.rules
+-# include $RULE_PATH/backdoor.rules
+-# include $RULE_PATH/shellcode.rules
+-# include $RULE_PATH/policy.rules
+-# include $RULE_PATH/porn.rules
+-# include $RULE_PATH/info.rules
+-# include $RULE_PATH/icmp-info.rules
+-# include $RULE_PATH/virus.rules
+-# include $RULE_PATH/chat.rules
+-# include $RULE_PATH/multimedia.rules
+-# include $RULE_PATH/p2p.rules
+-# include $RULE_PATH/spyware-put.rules
+-# include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/local.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/porn.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/experimental.rules
++
++
++# Community Rules 
++include $RULE_PATH/community-bot.rules
++include $RULE_PATH/community-deleted.rules
++include $RULE_PATH/community-dos.rules
++include $RULE_PATH/community-exploit.rules
++include $RULE_PATH/community-ftp.rules
++include $RULE_PATH/community-game.rules
++include $RULE_PATH/community-icmp.rules
++include $RULE_PATH/community-imap.rules
++include $RULE_PATH/community-inappropriate.rules
++include $RULE_PATH/community-mail-client.rules
++include $RULE_PATH/community-misc.rules
++include $RULE_PATH/community-nntp.rules
++include $RULE_PATH/community-oracle.rules
++include $RULE_PATH/community-policy.rules
++include $RULE_PATH/community-sip.rules
++include $RULE_PATH/community-smtp.rules
++include $RULE_PATH/community-sql-injection.rules
++include $RULE_PATH/community-virus.rules
++include $RULE_PATH/community-web-attacks.rules
++include $RULE_PATH/community-web-cgi.rules
++include $RULE_PATH/community-web-client.rules
++include $RULE_PATH/community-web-dos.rules
++include $RULE_PATH/community-web-iis.rules
++include $RULE_PATH/community-web-misc.rules
++include $RULE_PATH/community-web-php.rules
+ 
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules
+@@ -1000,3 +1028,4 @@
+ # such as:  c:\snort\etc\threshold.conf
+ # Uncomment if needed.
+ # include threshold.conf
++

Copied: snort/repos/extra-i686/snort.install (from rev 4727, snort/trunk/snort.install)
===================================================================
--- extra-i686/snort.install	                        (rev 0)
+++ extra-i686/snort.install	2008-07-09 14:22:21 UTC (rev 4728)
@@ -0,0 +1,28 @@
+post_install() {
+  getent group snort >/dev/null || usr/sbin/groupadd snort
+  getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -g snort -d /var/log/snort -s /bin/false snort
+  usr/bin/passwd -l snort &>/dev/null
+
+  [ -f var/log/snort/alert ] || : >var/log/snort/alert
+  chown snort.snort var/log/snort/alert
+}
+
+post_upgrade() {
+  post_install $1
+}
+
+pre_remove() {
+  usr/sbin/userdel snort &>/dev/null
+  usr/sbin/groupdel snort &>/dev/null
+}
+
+post_remove() {
+  /bin/true
+}
+
+op=$1
+shift
+
+$op $*
+
+# vim:set ts=2 sw=2 et:

Copied: snort/repos/extra-i686/snort.patch (from rev 4727, snort/trunk/snort.patch)
===================================================================
--- extra-i686/snort.patch	                        (rev 0)
+++ extra-i686/snort.patch	2008-07-09 14:22:21 UTC (rev 4728)
@@ -0,0 +1,188 @@
+--- etc/snort.conf.orig	2008-07-03 16:44:57.000000000 -0300
++++ etc/snort.conf	2008-07-03 18:04:45.000000000 -0300
+@@ -1,5 +1,5 @@
+ #--------------------------------------------------
+-#   http://www.snort.org     Snort 2.8.2.1 Ruleset
++#   http://www.snort.org     Snort 2.8.2 Ruleset
+ #     Contact: snort-sigs at lists.sourceforge.net
+ #--------------------------------------------------
+ # $Id$
+@@ -191,7 +191,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -201,12 +201,12 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++dynamicdetection directory /usr/local/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+@@ -487,7 +487,7 @@
+ #                      drop    { client | server | general | snort_attack }
+ #   example:
+ #     preprocessor bo: noalert { general server } drop { snort_attack }
+-#
++
+ # 
+ # The Back Orifice detector uses Generator ID 105 and uses the 
+ # following SIDS for that GID:
+@@ -936,59 +936,87 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+ 
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
+-
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
+-# include $RULE_PATH/web-attacks.rules
+-# include $RULE_PATH/backdoor.rules
+-# include $RULE_PATH/shellcode.rules
+-# include $RULE_PATH/policy.rules
+-# include $RULE_PATH/porn.rules
+-# include $RULE_PATH/info.rules
+-# include $RULE_PATH/icmp-info.rules
+-# include $RULE_PATH/virus.rules
+-# include $RULE_PATH/chat.rules
+-# include $RULE_PATH/multimedia.rules
+-# include $RULE_PATH/p2p.rules
+-# include $RULE_PATH/spyware-put.rules
+-# include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/local.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/porn.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/experimental.rules
++
++
++# Community Rules 
++include $RULE_PATH/community-bot.rules
++include $RULE_PATH/community-deleted.rules
++include $RULE_PATH/community-dos.rules
++include $RULE_PATH/community-exploit.rules
++include $RULE_PATH/community-ftp.rules
++include $RULE_PATH/community-game.rules
++include $RULE_PATH/community-icmp.rules
++include $RULE_PATH/community-imap.rules
++include $RULE_PATH/community-inappropriate.rules
++include $RULE_PATH/community-mail-client.rules
++include $RULE_PATH/community-misc.rules
++include $RULE_PATH/community-nntp.rules
++include $RULE_PATH/community-oracle.rules
++include $RULE_PATH/community-policy.rules
++include $RULE_PATH/community-sip.rules
++#include $RULE_PATH/community-smtp.rules
++include $RULE_PATH/community-sql-injection.rules
++#include $RULE_PATH/community-virus.rules
++include $RULE_PATH/community-web-attacks.rules
++include $RULE_PATH/community-web-cgi.rules
++include $RULE_PATH/community-web-client.rules
++include $RULE_PATH/community-web-dos.rules
++include $RULE_PATH/community-web-iis.rules
++include $RULE_PATH/community-web-misc.rules
++include $RULE_PATH/community-web-php.rules
+ 
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules
+@@ -1000,3 +1028,4 @@
+ # such as:  c:\snort\etc\threshold.conf
+ # Uncomment if needed.
+ # include threshold.conf
++





More information about the arch-commits mailing list