[arch-commits] Commit in snort/repos (7 files)

Eric Belanger eric at archlinux.org
Wed Jul 9 17:25:48 EDT 2008


    Date: Wednesday, July 9, 2008 @ 17:25:48
  Author: eric
Revision: 4773

Merged revisions 3540-4772 via svnmerge from 
svn+ssh://svn.archlinux.org/home/svn-packages/snort/trunk

........
  r4725 | hugo | 2008-07-09 09:40:57 -0400 (Wed, 09 Jul 2008) | 2 lines
  
  upgpkg: snort 2.8.2.1-3
      snort updated! lots of bugs fixed. see FS#10775 and FS#10072 for details
........
  r4727 | hugo | 2008-07-09 10:06:49 -0400 (Wed, 09 Jul 2008) | 1 line
  
  snort files added
........
  r4729 | hugo | 2008-07-09 10:35:30 -0400 (Wed, 09 Jul 2008) | 2 lines
  
  upgpkg: snort 2.8.2.1-4
      snort updated! snort.patch and snort.install were added
........
  r4772 | eric | 2008-07-09 17:25:32 -0400 (Wed, 09 Jul 2008) | 2 lines
  
  upgpkg: snort 2.8.2.1-4
      Removed references out of $startdir/src
........

Added:
  snort/repos/extra-x86_64/snort.conf.patch
    (from rev 4772, snort/trunk/snort.conf.patch)
  snort/repos/extra-x86_64/snort.install
    (from rev 4772, snort/trunk/snort.install)
  snort/repos/extra-x86_64/snort.patch
    (from rev 4772, snort/trunk/snort.patch)
Modified:
  snort/repos/extra-x86_64/	(properties)
  snort/repos/extra-x86_64/PKGBUILD
  snort/repos/extra-x86_64/snort
  snort/repos/extra-x86_64/snort.conf.d

------------------+
 PKGBUILD         |   35 ++++++---
 snort            |    4 -
 snort.conf.d     |    8 +-
 snort.conf.patch |  188 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 snort.install    |   23 ++++++
 snort.patch      |  188 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 429 insertions(+), 17 deletions(-)


Property changes on: snort/repos/extra-x86_64
___________________________________________________________________
Name: svnmerge-integrated
   - /snort/trunk:1-3539
   + /snort/trunk:1-4772

Modified: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD	2008-07-09 21:25:32 UTC (rev 4772)
+++ extra-x86_64/PKGBUILD	2008-07-09 21:25:48 UTC (rev 4773)
@@ -1,10 +1,11 @@
 # $Id$
-# Maintainer: Andreas Radke <andyrtr at archlinux.org>
+# Maintainer: Hugo Doria <hugo at archlinux.org>
+# Contributor: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com>
 # Contributor: dorphell <dorphell at archlinux.org>
 # Contributor: Gregor Ibic <gregor.ibic at intelicom.si>
 pkgname=snort
 pkgver=2.8.2.1
-pkgrel=1
+pkgrel=4
 pkgdesc="A lightweight network intrusion detection system"
 arch=('i686' 'x86_64')
 license=('GPL')
@@ -12,25 +13,35 @@
 backup=(etc/conf.d/snort
 	etc/snort/{snort,threshold}.conf
 	etc/snort/{confreference,classification}.config)
-source=(http://www.snort.org/dl/current/$pkgname-$pkgver.tar.gz snort snort.conf.d
-	http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz) # rules RELEASED: 2007-04-27
+install=snort.install
+source=("http://www.snort.org/dl/current/$pkgname-$pkgver.tar.gz"
+        'snort' 
+	'snort.conf.d' 
+	'http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz' 
+	'snort.conf.patch')
+md5sums=('b39e784dd8a5cf180aae20e94a7b52dd' '361b8b9e40b9af0164f6b3e3da2e8277'\
+         'b4fb8a68490589cd34df93de7609bfac' 'f236b8a4ac12e99d3e7bd81bf3b5a482'\
+         'd6ee07e7e23a0b7f5a0dd7d605828946')
 url="http://www.snort.org"
 options=('!makeflags' '!libtool')
-md5sums=('b39e784dd8a5cf180aae20e94a7b52dd'
-         '53284a7996ee41c4c58d13c65d46d776'
-         'e861a59739151ee12798f31e029d43c5'
-         'f236b8a4ac12e99d3e7bd81bf3b5a482')
 
 build() {
   cd $startdir/src/$pkgname-$pkgver
+
+  patch -Np0 < ${startdir}/src/snort.conf.patch || return 1
+
   ./configure --prefix=/usr --sysconfdir=/etc/snort --with-libpcap-includes=/usr/include/pcap \
-    --without-mysql --without-postgresql --without-oracle --without-odbc
+  --without-mysql --without-postgresql --without-oracle --without-odbc
   make || return 1
   make DESTDIR=$startdir/pkg install
-  mkdir -p $startdir/pkg/{etc/rc.d,etc/snort/rules,var/log/snort}
+
+  mkdir -p $startdir/pkg/{etc/rc.d,etc/snort/rules}
+
+  install -d -m744 -o snort -g snort $startdir/pkg/var/log/snort
   install -D -m644 etc/{*.conf*,*.map} $startdir/pkg/etc/snort
-  install -D -m644 ../../snort.conf.d $startdir/pkg/etc/conf.d/snort
+  install -D -m644 ../snort.conf.d $startdir/pkg/etc/conf.d/snort
   install -D -m644 $startdir/src/rules/*.rules $startdir/pkg/etc/snort/rules
-  install -D -m755 $startdir/snort $startdir/pkg/etc/rc.d/snort
+  install -D -m755 $startdir/src/snort $startdir/pkg/etc/rc.d/snort
+
   sed 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|' -i $startdir/pkg/etc/snort/snort.conf
 }

Modified: extra-x86_64/snort
===================================================================
--- extra-x86_64/snort	2008-07-09 21:25:32 UTC (rev 4772)
+++ extra-x86_64/snort	2008-07-09 21:25:48 UTC (rev 4773)
@@ -4,14 +4,14 @@
 . /etc/rc.d/functions
 
 # source application-specific settings
-SNORT_ARGS=
 [ -f /etc/conf.d/snort ] && . /etc/conf.d/snort
 
 PID=`pidof -o %PPID /usr/bin/snort`
 case "$1" in
   start)
     stat_busy "Starting Intrusion Database System: SNORT"
-    [ -z "$PID" ] && /usr/bin/snort ${SNORT_ARGS}
+    [ -z "$PID" ] && /usr/bin/snort ${SNORT_OPTIONS} -u ${USER} -g ${GROUP} \
+                    -i ${INTERFACE} -c ${SNORT_CONF}
 	 if [ $? -gt 0 ]; then
       stat_fail
     else

Modified: extra-x86_64/snort.conf.d
===================================================================
--- extra-x86_64/snort.conf.d	2008-07-09 21:25:32 UTC (rev 4772)
+++ extra-x86_64/snort.conf.d	2008-07-09 21:25:48 UTC (rev 4773)
@@ -5,14 +5,17 @@
 # options taken from Fedora
 # http://cvs.fedoraproject.org/viewcvs/devel/snort/sysconfig.snort?rev=1.2&view=markup
 
+# Where is the snort.conf file.
+SNORT_CONF="/etc/snort/snort.conf"
+
 # What user account should we run under.
-USER="root"
+USER="snort"
 
 # What group account should we run under. 
-GROUP="root"
+GROUP="snort"
 
 # define the interface we listen on
 INTERFACE="eth0"
 
 # If you are using prelude, delete the '-A fast' option
-SNORT_OPTIONS="-A fast -b -l /var/log/snort -D -p"
\ No newline at end of file
+SNORT_OPTIONS="-A fast -b -l /var/log/snort -D -p"

Copied: snort/repos/extra-x86_64/snort.conf.patch (from rev 4772, snort/trunk/snort.conf.patch)
===================================================================
--- extra-x86_64/snort.conf.patch	                        (rev 0)
+++ extra-x86_64/snort.conf.patch	2008-07-09 21:25:48 UTC (rev 4773)
@@ -0,0 +1,188 @@
+--- etc/snort.conf.orig	2008-07-03 16:44:57.000000000 -0300
++++ etc/snort.conf	2008-07-03 17:42:57.000000000 -0300
+@@ -1,5 +1,5 @@
+ #--------------------------------------------------
+-#   http://www.snort.org     Snort 2.8.2.1 Ruleset
++#   http://www.snort.org     Snort 2.8.2 Ruleset
+ #     Contact: snort-sigs at lists.sourceforge.net
+ #--------------------------------------------------
+ # $Id$
+@@ -191,7 +191,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -201,12 +201,12 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++dynamicdetection directory /usr/local/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+@@ -487,7 +487,7 @@
+ #                      drop    { client | server | general | snort_attack }
+ #   example:
+ #     preprocessor bo: noalert { general server } drop { snort_attack }
+-#
++
+ # 
+ # The Back Orifice detector uses Generator ID 105 and uses the 
+ # following SIDS for that GID:
+@@ -936,59 +936,87 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+ 
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
+-
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
+-# include $RULE_PATH/web-attacks.rules
+-# include $RULE_PATH/backdoor.rules
+-# include $RULE_PATH/shellcode.rules
+-# include $RULE_PATH/policy.rules
+-# include $RULE_PATH/porn.rules
+-# include $RULE_PATH/info.rules
+-# include $RULE_PATH/icmp-info.rules
+-# include $RULE_PATH/virus.rules
+-# include $RULE_PATH/chat.rules
+-# include $RULE_PATH/multimedia.rules
+-# include $RULE_PATH/p2p.rules
+-# include $RULE_PATH/spyware-put.rules
+-# include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/local.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/porn.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/experimental.rules
++
++
++# Community Rules 
++include $RULE_PATH/community-bot.rules
++include $RULE_PATH/community-deleted.rules
++include $RULE_PATH/community-dos.rules
++include $RULE_PATH/community-exploit.rules
++include $RULE_PATH/community-ftp.rules
++include $RULE_PATH/community-game.rules
++include $RULE_PATH/community-icmp.rules
++include $RULE_PATH/community-imap.rules
++include $RULE_PATH/community-inappropriate.rules
++include $RULE_PATH/community-mail-client.rules
++include $RULE_PATH/community-misc.rules
++include $RULE_PATH/community-nntp.rules
++include $RULE_PATH/community-oracle.rules
++include $RULE_PATH/community-policy.rules
++include $RULE_PATH/community-sip.rules
++include $RULE_PATH/community-smtp.rules
++include $RULE_PATH/community-sql-injection.rules
++include $RULE_PATH/community-virus.rules
++include $RULE_PATH/community-web-attacks.rules
++include $RULE_PATH/community-web-cgi.rules
++include $RULE_PATH/community-web-client.rules
++include $RULE_PATH/community-web-dos.rules
++include $RULE_PATH/community-web-iis.rules
++include $RULE_PATH/community-web-misc.rules
++include $RULE_PATH/community-web-php.rules
+ 
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules
+@@ -1000,3 +1028,4 @@
+ # such as:  c:\snort\etc\threshold.conf
+ # Uncomment if needed.
+ # include threshold.conf
++

Copied: snort/repos/extra-x86_64/snort.install (from rev 4772, snort/trunk/snort.install)
===================================================================
--- extra-x86_64/snort.install	                        (rev 0)
+++ extra-x86_64/snort.install	2008-07-09 21:25:48 UTC (rev 4773)
@@ -0,0 +1,23 @@
+post_install() {
+  getent group snort >/dev/null || usr/sbin/groupadd snort
+  getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -g snort -d /var/log/snort -s /bin/false snort
+  usr/bin/passwd -l snort &>/dev/null
+
+  [ -f var/log/snort/alert ] || : >var/log/snort/alert
+  chown snort.snort var/log/snort/alert
+}
+
+post_upgrade() {
+  post_install $1
+}
+
+pre_remove() {
+  usr/sbin/userdel snort &>/dev/null
+  usr/sbin/groupdel snort &>/dev/null
+}
+
+post_remove() {
+  /bin/true
+}
+
+# vim:set ts=2 sw=2 et:

Copied: snort/repos/extra-x86_64/snort.patch (from rev 4772, snort/trunk/snort.patch)
===================================================================
--- extra-x86_64/snort.patch	                        (rev 0)
+++ extra-x86_64/snort.patch	2008-07-09 21:25:48 UTC (rev 4773)
@@ -0,0 +1,188 @@
+--- etc/snort.conf.orig	2008-07-03 16:44:57.000000000 -0300
++++ etc/snort.conf	2008-07-03 18:04:45.000000000 -0300
+@@ -1,5 +1,5 @@
+ #--------------------------------------------------
+-#   http://www.snort.org     Snort 2.8.2.1 Ruleset
++#   http://www.snort.org     Snort 2.8.2 Ruleset
+ #     Contact: snort-sigs at lists.sourceforge.net
+ #--------------------------------------------------
+ # $Id$
+@@ -191,7 +191,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -201,12 +201,12 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++dynamicdetection directory /usr/local/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+@@ -487,7 +487,7 @@
+ #                      drop    { client | server | general | snort_attack }
+ #   example:
+ #     preprocessor bo: noalert { general server } drop { snort_attack }
+-#
++
+ # 
+ # The Back Orifice detector uses Generator ID 105 and uses the 
+ # following SIDS for that GID:
+@@ -936,59 +936,87 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+ 
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
+-
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
+-# include $RULE_PATH/web-attacks.rules
+-# include $RULE_PATH/backdoor.rules
+-# include $RULE_PATH/shellcode.rules
+-# include $RULE_PATH/policy.rules
+-# include $RULE_PATH/porn.rules
+-# include $RULE_PATH/info.rules
+-# include $RULE_PATH/icmp-info.rules
+-# include $RULE_PATH/virus.rules
+-# include $RULE_PATH/chat.rules
+-# include $RULE_PATH/multimedia.rules
+-# include $RULE_PATH/p2p.rules
+-# include $RULE_PATH/spyware-put.rules
+-# include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/local.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/porn.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/experimental.rules
++
++
++# Community Rules 
++include $RULE_PATH/community-bot.rules
++include $RULE_PATH/community-deleted.rules
++include $RULE_PATH/community-dos.rules
++include $RULE_PATH/community-exploit.rules
++include $RULE_PATH/community-ftp.rules
++include $RULE_PATH/community-game.rules
++include $RULE_PATH/community-icmp.rules
++include $RULE_PATH/community-imap.rules
++include $RULE_PATH/community-inappropriate.rules
++include $RULE_PATH/community-mail-client.rules
++include $RULE_PATH/community-misc.rules
++include $RULE_PATH/community-nntp.rules
++include $RULE_PATH/community-oracle.rules
++include $RULE_PATH/community-policy.rules
++include $RULE_PATH/community-sip.rules
++#include $RULE_PATH/community-smtp.rules
++include $RULE_PATH/community-sql-injection.rules
++#include $RULE_PATH/community-virus.rules
++include $RULE_PATH/community-web-attacks.rules
++include $RULE_PATH/community-web-cgi.rules
++include $RULE_PATH/community-web-client.rules
++include $RULE_PATH/community-web-dos.rules
++include $RULE_PATH/community-web-iis.rules
++include $RULE_PATH/community-web-misc.rules
++include $RULE_PATH/community-web-php.rules
+ 
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules
+@@ -1000,3 +1028,4 @@
+ # such as:  c:\snort\etc\threshold.conf
+ # Uncomment if needed.
+ # include threshold.conf
++





More information about the arch-commits mailing list