Changes - j0ke.net Open Build Service

Changes of Revision 10

[-] [+]	Changed	snort.spec
@@ -82,7 +82,7 @@ Name: %{realname}%{inlinetext} %{?_with_inline:%define Name: %{realname}-inline } -Version: 2.9.5 +Version: 2.9.5.3 Epoch: 1 Release: %{release} Summary: An open source Network Intrusion Detection System (NIDS)
[-] [+]	Added	snort-2.9.5_snortsam.patch ^
@@ -0,0 +1,5720 @@ +diff -uNr snort-2.9.5.orig/autojunk.sh snort-2.9.5/autojunk.sh +--- snort-2.9.5.orig/autojunk.sh 1970-01-01 01:00:00.000000000 +0100 ++++ snort-2.9.5/autojunk.sh 2013-07-08 22:58:39.886671038 +0200 +@@ -0,0 +1,7 @@ ++#!/bin/sh ++# the list of commands that need to run before we do a compile ++libtoolize -f --automake --copy ++aclocal --verbose -I m4 -I /usr/share/aclocal ++autoheader -f ++automake -f --add-missing --copy ++autoconf -f +diff -uNr snort-2.9.5.orig/etc/snort.conf snort-2.9.5/etc/snort.conf +--- snort-2.9.5.orig/etc/snort.conf 2013-06-04 23:23:28.000000000 +0200 ++++ snort-2.9.5/etc/snort.conf 2013-07-08 22:58:33.182668593 +0200 +@@ -529,11 +529,38 @@ + # pcap + # output log_tcpdump: tcpdump.log + ++################################################### ++# snortsam ++################################################### ++# In order to cause Snort to send a blocking request to the SnortSam agent, ++# that agent has to be listed, including the port it listens on, ++# and the encryption key it is using. The statement for that is: ++# ++# output alert_fwsam: {SnortSam Station}:{port}/{password} ++# ++# {SnortSam Station}: IP address or host name of the host where SnortSam is running. ++# {port}: The port the remote SnortSam agent listens on. ++# {password}: The password, or key, used for encryption of the ++# communication to the remote agent. ++# ++# At the very least, the IP address or host name of the host running SnortSam ++# needs to be specified. If the port is omitted, it defaults to TCP port 898. ++# If the password is omitted, it defaults to a preset password. ++# (In which case it needs to be omitted on the SnortSam agent as well) ++# ++# More than one host can be specified, but has to be done on the same line. ++# Just separate them with one or more spaces. ++# ++# Examples: ++# ++# output alert_fwsam: firewall/idspassword ++# output alert_fwsam: fw1.domain.tld:898/mykey ++# output alert_fwsam: 192.168.0.1/borderfw 192.168.1.254/wanfw ++ + # metadata reference data. do not modify these lines + include classification.config + include reference.config + +- + ################################################### + # Step #7: Customize your rule set + # For more information, see Snort Manual, Writing Snort Rules +diff -uNr snort-2.9.5.orig/etc/snort.conf.orig snort-2.9.5/etc/snort.conf.orig +--- snort-2.9.5.orig/etc/snort.conf.orig 1970-01-01 01:00:00.000000000 +0100 ++++ snort-2.9.5/etc/snort.conf.orig 2013-06-04 23:23:28.000000000 +0200 +@@ -0,0 +1,688 @@ ++#-------------------------------------------------- ++# VRT Rule Packages Snort.conf ++# ++# For more information visit us at: ++# http://www.snort.org Snort Website ++# http://vrt-blog.snort.org/ Sourcefire VRT Blog ++# ++# Mailing list Contact: snort-sigs@lists.sourceforge.net ++# False Positive reports: fp@sourcefire.com ++# Snort bugs: bugs@snort.org ++# ++# Compatible with Snort Versions: ++# VERSIONS : 2.9.5.0 ++# ++# Snort build options: ++# OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 ++# ++# Additional information: ++# This configuration file enables active response, to run snort in ++# test mode -T you are required to supply an interface -i <interface> ++# or test mode will fail to fully validate the configuration and ++# exit with a FATAL error ++#-------------------------------------------------- ++ ++################################################### ++# This file contains a sample snort configuration. ++# You should take the following steps to create your own custom configuration: ++# ++# 1) Set the network variables. ++# 2) Configure the decoder ++# 3) Configure the base detection engine ++# 4) Configure dynamic loaded libraries ++# 5) Configure preprocessors ++# 6) Configure output plugins ++# 7) Customize your rule set ++# 8) Customize preprocessor and decoder rule set ++# 9) Customize shared object rule set ++################################################### ++ ++################################################### ++# Step #1: Set the network variables. For more information, see README.variables ++################################################### ++ ++# Setup the network addresses you are protecting ++ipvar HOME_NET any ++ ++# Set up the external network addresses. Leave as "any" in most situations ++ipvar EXTERNAL_NET any ++ ++# List of DNS servers on your network ++ipvar DNS_SERVERS $HOME_NET ++ ++# List of SMTP servers on your network ++ipvar SMTP_SERVERS $HOME_NET ++ ++# List of web servers on your network ++ipvar HTTP_SERVERS $HOME_NET ++ ++# List of sql servers on your network ++ipvar SQL_SERVERS $HOME_NET ++ ++# List of telnet servers on your network ++ipvar TELNET_SERVERS $HOME_NET ++ ++# List of ssh servers on your network ++ipvar SSH_SERVERS $HOME_NET ++ ++# List of ftp servers on your network ++ipvar FTP_SERVERS $HOME_NET ++ ++# List of sip servers on your network ++ipvar SIP_SERVERS $HOME_NET ++ ++# List of ports you run web servers on ++portvar HTTP_PORTS [80,81,82,83,84,85,86,87,88,89,311,383,591,593,631,901,1220,1414,1741,1830,2301,2381,2809,3037,3057,3128,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555] ++ ++# List of ports you want to look for SHELLCODE on. ++portvar SHELLCODE_PORTS !80 ++ ++# List of ports you might see oracle attacks on ++portvar ORACLE_PORTS 1024: ++ ++# List of ports you want to look for SSH connections on: ++portvar SSH_PORTS 22 ++ ++# List of ports you run ftp servers on ++portvar FTP_PORTS [21,2100,3535] ++ ++# List of ports you run SIP servers on ++portvar SIP_PORTS [5060,5061,5600] ++ ++# List of file data ports for file inspection ++portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] ++ ++# List of GTP ports for GTP preprocessor ++portvar GTP_PORTS [2123,2152,3386] ++ ++# other variables, these should not be modified ++ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] ++ ++# Path to your rules files (this can be a relative path) ++# Note for Windows users: You are advised to make this an absolute path, ++# such as: c:\snort\rules ++var RULE_PATH ../rules ++var SO_RULE_PATH ../so_rules ++var PREPROC_RULE_PATH ../preproc_rules ++ ++# If you are using reputation preprocessor set these ++# Currently there is a bug with relative paths, they are relative to where snort is ++# not relative to snort.conf like the above variables ++# This is completely inconsistent with how other vars work, BUG 89986 ++# Set the absolute path appropriately ++var WHITE_LIST_PATH ../rules ++var BLACK_LIST_PATH ../rules ++ ++################################################### ++# Step #2: Configure the decoder. For more information, see README.decode ++################################################### ++ ++# Stop generic decode events: ++config disable_decode_alerts ++ ++# Stop Alerts on experimental TCP options ++config disable_tcpopt_experimental_alerts ++ ++# Stop Alerts on obsolete TCP options ++config disable_tcpopt_obsolete_alerts ++ ++# Stop Alerts on T/TCP alerts ++config disable_tcpopt_ttcp_alerts ++ ++# Stop Alerts on all other TCPOption type events: ++config disable_tcpopt_alerts ++ ++# Stop Alerts on invalid ip options ++config disable_ipopt_alerts ++ ++# Alert if value in length field (IP, TCP, UDP) is greater th elength of the packet ++# config enable_decode_oversized_alerts ++ ++# Same as above, but drop packet if in Inline mode (requires enable_decode_oversized_alerts)
[-] [+]	Added	snortsam-2.9.4_2.9.5.diff_1 ^
@@ -0,0 +1,31 @@ +--- src/output-plugins/spo_alert_fwsam.c.orig 2013-07-08 22:37:00.143048750 +0200 ++++ src/output-plugins/spo_alert_fwsam.c 2013-07-08 22:43:22.529806701 +0200 +@@ -177,7 +177,7 @@ + * Returns: void function + * + / +-void AlertFWsamInit(char args) ++void AlertFWsamInit(struct _SnortConfig sc, char args) + { char ap; + unsigned long statip,cnt,again,i; + char stathost,statport,statpass; +@@ -395,7 +395,7 @@ + #endif + + /* Set the preprocessor function into the function list / +- AddFuncToOutputList(AlertFWsam, OUTPUT_TYPE_FLAG__ALERT, fwsamlist); ++ AddFuncToOutputList(sc, AlertFWsam, OUTPUT_TYPE_FLAG__ALERT, fwsamlist); + AddFuncToCleanExitList(AlertFWsamCleanExitFunc, fwsamlist); + AddFuncToReloadList(AlertFWsamRestartFunc, fwsamlist); + } +--- src/output-plugins/spo_alert_fwsam.h.orig 2013-07-08 22:46:18.705188991 +0200 ++++ src/output-plugins/spo_alert_fwsam.h 2013-07-08 22:47:43.332967700 +0200 +@@ -196,7 +196,7 @@ + + / functions / + void AlertFWsamSetup(void); +-void AlertFWsamInit(char args); ++void AlertFWsamInit(struct _SnortConfig sc,char args); + void AlertFWsamOptionInit(char args,OptTreeNode otn,int protocol); + void AlertFWsamCleanExitFunc(int signal, void arg); + void AlertFWsamRestartFunc(int signal, void arg);
	Added	snort-2.9.5.3.tar.bz2 ^