From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 14 Jun 2010 17:00:26 +0000 (+0200)
Subject: Replaced snort gpl community rules by emergingthreats.net rules.
X-Git-Tag: v2.9-beta1~231
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=ce0e83b3badfd2b4048762ffffc8041c7f92cb19

Replaced snort gpl community rules by emergingthreats.net rules.
---

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 02e0adf639..353643d736 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -268,7 +268,7 @@ if ($snortsettings{'RULES'} eq 'subscripted') {
 	$url="http://dl.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
 	#$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8.tar.gz";
 } else {
-	$url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz";
+	$url="http://www.emergingthreats.net/rules/emerging.rules.tar.gz";
 }
 
 if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" )
@@ -559,6 +559,11 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
 		foreach my $rulefile (sort keys(%snortrules)) {
 			my $rulechecked = '';
 
+			# Hide inkompatible Block rules
+			if ($rulefile =~'-BLOCK.rules') {
+				next;
+			}
+
 			# Check if reached half-way through rule file rules to start new column
  		if ($ruledisplaycnt > $rulecnt) {
 				print "</TABLE></TD><TD VALIGN='TOP'><TABLE>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 00f95f26f1..9572e7a867 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -483,7 +483,7 @@
 'clock last synchronized at' => 'Die Uhr wurde zuletzt synchronisiert um',
 'comment' => 'Kommentar',
 'common name' => 'Gemeinsamer Name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
 'comp-lzo' => 'LZO-Kompression',
 'compression' => 'Kompression:',
 'computer to modem rate' => 'Übertragungsrate zwischen Computer und Modem:',
@@ -919,7 +919,7 @@
 'intrusion detection' => 'Einbruchdetektierung',
 'intrusion detection system' => 'Intrusion Detection System',
 'intrusion detection system log viewer' => 'Betrachter der IDS-Logfiles',
-'intrusion detection system rules' => 'Íntrusion Detection System Regeln',
+'intrusion detection system rules' => 'Intrusion Detection System Regeln',
 'intrusion detection system2' => 'Intrusion Detection System:',
 'invalid broadcast ip' => 'Ungültige Broadcast-IP',
 'invalid cache size' => 'Ungültige Cache-Größe.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index dab1b943ed..9e00a60319 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -507,7 +507,7 @@
 'clock last synchronized at' => 'Clock was last synchronized at',
 'comment' => 'Description:',
 'common name' => 'Common name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
 'comp-lzo' => 'LZO-Compression:',
 'compression' => 'Compression:',
 'computer to modem rate' => 'Computer to modem rate:',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index dab1b943ed..9e00a60319 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -507,7 +507,7 @@
 'clock last synchronized at' => 'Clock was last synchronized at',
 'comment' => 'Description:',
 'common name' => 'Common name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
 'comp-lzo' => 'LZO-Compression:',
 'compression' => 'Compression:',
 'computer to modem rate' => 'Computer to modem rate:',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index 7c8c4f7146..4f8a7b9889 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -507,7 +507,7 @@
 'clock last synchronized at' => 'Clock was last synchronized at',
 'comment' => 'Description:',
 'common name' => 'Common name',
-'community rules' => 'Snort GPL Community Rules',
+'community rules' => 'Emergingthreats.net Community Rules',
 'comp-lzo' => 'LZO-Compression:',
 'compression' => 'Compression:',
 'computer to modem rate' => 'Computer to modem rate:',
diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
index 981362a030..2e2f4f2e40 100644
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -62,6 +62,14 @@ fi
 
 case "$1" in
         start)
+		# Disable incompatible rules
+		for file in $(ls /etc/snort/rules/*.rules); do
+			sed -i 's|^alert.*!\[\$DNS_SERVERS|#&|g' $file
+			sed -i 's|^alert.*!\$SSH_PORTS|#&|g' $file
+			sed -i 's|^alert.*!\$HOME_NET|#&|g' $file
+			sed -i 's|^alert.*!\$SQL_SERVERS|#&|g' $file
+		done
+
                 for DEVICE in $DEVICES; do
                         boot_mesg "Starting Intrusion Detection System on $DEVICE..."
                         /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/