From 5a3e0dca58c1efebdd0c4f8d8c3e9c3146d35f3e Mon Sep 17 00:00:00 2001 From: ms Date: Thu, 3 May 2007 17:06:13 +0000 Subject: [PATCH] Snort-Fixes git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@517 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- config/rootfiles/common/snort | 52 +-------------------------------- doc/language_issues.de | 2 ++ doc/language_issues.en | 2 ++ html/cgi-bin/ids.cgi | 47 ++++++++++++++++-------------- html/cgi-bin/upnp.cgi | 55 ++++++++++++++++++++++------------- lfs/oinkmaster | 6 ++-- lfs/snort | 17 +++++++---- 7 files changed, 80 insertions(+), 101 deletions(-) diff --git a/config/rootfiles/common/snort b/config/rootfiles/common/snort index 5e78f2ebbb..637113cb8d 100644 --- a/config/rootfiles/common/snort +++ b/config/rootfiles/common/snort @@ -1,56 +1,6 @@ #etc/snort -etc/snort/attack-responses.rules -etc/snort/backdoor.rules -etc/snort/bad-traffic.rules -etc/snort/chat.rules -etc/snort/classification.config -etc/snort/ddos.rules -etc/snort/deleted.rules -etc/snort/dns.rules -etc/snort/dos.rules -etc/snort/experimental.rules -etc/snort/exploit.rules -etc/snort/finger.rules -etc/snort/ftp.rules -etc/snort/icmp-info.rules -etc/snort/icmp.rules -etc/snort/imap.rules -etc/snort/info.rules -etc/snort/local.rules -etc/snort/misc.rules -etc/snort/multimedia.rules -etc/snort/mysql.rules -etc/snort/netbios.rules -etc/snort/nntp.rules -etc/snort/oracle.rules -etc/snort/other-ids.rules -etc/snort/p2p.rules -etc/snort/policy.rules -etc/snort/pop2.rules -etc/snort/pop3.rules -etc/snort/porn.rules -etc/snort/reference.config -etc/snort/rpc.rules -etc/snort/rservices.rules -etc/snort/scan.rules -etc/snort/shellcode.rules -etc/snort/smtp.rules -etc/snort/snmp.rules +etc/snort/rules etc/snort/snort.conf -etc/snort/sql.rules -etc/snort/telnet.rules -etc/snort/tftp.rules -etc/snort/unicode.map -etc/snort/virus.rules -etc/snort/web-attacks.rules -etc/snort/web-cgi.rules -etc/snort/web-client.rules -etc/snort/web-coldfusion.rules -etc/snort/web-frontpage.rules -etc/snort/web-iis.rules -etc/snort/web-misc.rules -etc/snort/web-php.rules -etc/snort/x11.rules #usr/man/man8/snort.8 usr/sbin/snort var/log/snort diff --git a/doc/language_issues.de b/doc/language_issues.de index eed43da582..65ba255d25 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -315,6 +315,8 @@ WARNING: translation string unused: year WARNING: untranslated string: IPFires hostname WARNING: untranslated string: allmsg WARNING: untranslated string: alt proxy +WARNING: untranslated string: bleeding rules +WARNING: untranslated string: community rules WARNING: untranslated string: dial profile WARNING: untranslated string: down WARNING: untranslated string: firewall graphs diff --git a/doc/language_issues.en b/doc/language_issues.en index ad6d029646..c56c080836 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -318,6 +318,8 @@ WARNING: translation string unused: year WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: IPFires hostname WARNING: untranslated string: alt proxy +WARNING: untranslated string: bleeding rules +WARNING: untranslated string: community rules WARNING: untranslated string: down WARNING: untranslated string: firewall logs ip WARNING: untranslated string: firewall logs port diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 8b74167ac9..9ad5ae46eb 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -6,8 +6,6 @@ # # (c) The SmoothWall Team # -# $Id: ids.cgi,v 1.8.2.18 2005/07/27 21:35:22 franck78 Exp $ -# use LWP::UserAgent; use File::Copy; @@ -24,6 +22,7 @@ require "${General::swroot}/header.pl"; my %snortsettings=(); my %checked=(); +my %selected=(); my %netsettings=(); our $errormessage = ''; our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set @@ -40,17 +39,21 @@ $snortsettings{'ENABLE_SNORT_GREEN'} = 'off'; $snortsettings{'ENABLE_SNORT_BLUE'} = 'off'; $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off'; $snortsettings{'ACTION'} = ''; -$snortsettings{'RULESTYPE'} = ''; +$snortsettings{'RULES'} = ''; $snortsettings{'OINKCODE'} = ''; $snortsettings{'INSTALLDATE'} = ''; $snortsettings{'INSTALLMD5'} = ''; &Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'}); -if ($snortsettings{'RULESTYPE'} eq 'subscripted') { - $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3_s.tar.gz"; +if ($snortsettings{'RULES'} eq 'subscripted') { + $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT_s.tar.gz"; +} elsif ($snortsettings{'RULES'} eq 'registered') { + $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT.tar.gz"; +} elsif ($snortsettings{'RULES'} eq 'bleeding') { + $url="http://www.bleedingsnort.com/bleeding.rules.tar.gz"; } else { - $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3.tar.gz"; + $url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz"; } if ($snortsettings{'ACTION'} eq $Lang::tr{'save'}) @@ -105,7 +108,7 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) { $errormessage = "$Lang::tr{'invalid md5sum'}"; } else { $results = "$Lang::tr{'installed updates'}\n
";
-				$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort 2>&1`;
+				$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules/ 2>&1`;
 				$results .= "
"; } unlink ($filename); @@ -125,10 +128,12 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c $checked{'ENABLE_SNORT_ORANGE'}{'off'} = ''; $checked{'ENABLE_SNORT_ORANGE'}{'on'} = ''; $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'"; -$checked{'RULESTYPE'}{'nothing'} = ''; -$checked{'RULESTYPE'}{'registered'} = ''; -$checked{'RULESTYPE'}{'subscripted'} = ''; -$checked{'RULESTYPE'}{$snortsettings{'RULESTYPE'}} = "checked='checked'"; +$selected{'RULES'}{'nothing'} = ''; +$selected{'RULES'}{'bleeding'} = ''; +$selected{'RULES'}{'community'} = ''; +$selected{'RULES'}{'registered'} = ''; +$selected{'RULES'}{'subscripted'} = ''; +$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'"; &Header::openpage($Lang::tr{'intrusion detection system'}, 1, ''); @@ -180,16 +185,14 @@ print <$Lang::tr{'ids rules update'} - - $Lang::tr{'no'} - - - - $Lang::tr{'registered user rules'} - - - - $Lang::tr{'subscripted user rules'} + +
@@ -199,7 +202,7 @@ print < - Oink Code:  + Oinkcode:  diff --git a/html/cgi-bin/upnp.cgi b/html/cgi-bin/upnp.cgi index d2faaa160f..eb635bb5bd 100644 --- a/html/cgi-bin/upnp.cgi +++ b/html/cgi-bin/upnp.cgi @@ -30,12 +30,12 @@ my %servicenames =('UPnP Daemon' => 'upnpd',); $upnpsettings{'DEBUGMODE'} = '3'; $upnpsettings{'FORWARDRULES'} = 'yes'; -$upnpsettings{'DOWNSTREAM'} = '900000'; -$upnpsettings{'UPSTREAM'} = '16000000'; +$upnpsettings{'DOWNSTREAM'} = '1048576'; +$upnpsettings{'UPSTREAM'} = '131072'; $upnpsettings{'DESCRIPTION'} = 'gatedesc.xml'; $upnpsettings{'XML'} = '/etc/linuxigd'; $upnpsettings{'ENABLED'} = 'off'; -$upnpsettings{'friendlyName'} = 'IpFire Upnp Device'; +$upnpsettings{'friendlyName'} = 'IPFire Gateway'; ### Values that have to be initialized $upnpsettings{'ACTION'} = ''; @@ -51,8 +51,8 @@ $upnpsettings{'ACTION'} = ''; if ($upnpsettings{'ACTION'} eq $Lang::tr{'save'}) { - $upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} * 8; - $upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} * 8; + $upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} * 1024; + $upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} * 1024; &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings); open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!"; @@ -96,8 +96,8 @@ elsif ($upnpsettings{'ACTION'} eq $Lang::tr{'restart'}) } &General::readhash("${General::swroot}/upnp/settings", \%upnpsettings); -$upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} / 8; -$upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} / 8; +$upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} / 1024; +$upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} / 1024; if ($errormessage) { @@ -145,26 +145,41 @@ print < - - - - - + - - - - - + + +
$Lang::tr{'options'}


Debug Mode:
Forward Rules:

Down Stream in KB:
Up Strean in KB:
UPnP Device Name:

XML Document:
Description Document:
Upnp Device Name:


+
Downstream in KB:
Upstream in KB:

-
-
END ; &Header::closebox(); +&Header::openbox('100%', 'center', 'Aktuell geoeffnete Ports'); +my @output = qx(iptables -t nat -n -L PORTFW); +my ($outputline, $extip, $extport, $int); +my @output2; +print ""; +foreach $outputline (@output) { + if ( $outputline =~ /^DNAT/ ) { + @output2 = split(/ /, $outputline); + $extip = $output2[23]; + $extport = $output2[29]; + $extport =~ s/dpt://; + $int = "$output2[31]"; + $int =~ s/to://; + print "
$extip:$extport=>$int"; + + } +} + +print "
"; + +&Header::closebox(); + &Header::closebigbox(); &Header::closepage(); @@ -197,4 +212,4 @@ sub isrunning } return $status; - } \ No newline at end of file + } diff --git a/lfs/oinkmaster b/lfs/oinkmaster index de35104c0c..c052c9f176 100644 --- a/lfs/oinkmaster +++ b/lfs/oinkmaster @@ -71,8 +71,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && chown -R nobody:nobody oinkmaster.pl - cd $(DIR_APP) && cp -R $(DIR_SRC)/$(THISAPP) /etc/snort - cp $(DIR_SRC)/$(THISAPP)/oinkmaster.pl /usr/local/bin/ + cd $(DIR_APP) && chown nobody:nobody oinkmaster.pl + cd $(DIR_APP) && cp -f oinkmaster.conf /var/ipfire/snort/ + cd $(DIR_APP) && install -m 0755 oinkmaster.pl /usr/local/bin/ @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/snort b/lfs/snort index d556265da9..7168c10ec7 100644 --- a/lfs/snort +++ b/lfs/snort @@ -38,11 +38,17 @@ TARGET = $(DIR_INFO)/$(THISAPP) # Top-level Rules ############################################################################### -objects = $(DL_FILE) +objects = $(DL_FILE) \ + Community-Rules-20070503.tar.gz \ + bleeding.rules-20070503.tar.gz $(DL_FILE) = $(DL_FROM)/$(DL_FILE) +Community-Rules-20070503.tar.gz = $(DL_FROM)/Community-Rules-20070503.tar.gz +bleeding.rules-20070503.tar.gz = $(DL_FROM)/bleeding.rules-20070503.tar.gz $(DL_FILE)_MD5 = 70e7f297c9fcf1f46d6fa3e1bb4aae49 +Community-Rules-20070503.tar.gz_MD5 = f236b8a4ac12e99d3e7bd81bf3b5a482 +bleeding.rules-20070503.tar.gz_MD5 = f18f0a08c139b8205270b41a534f15d7 install : $(TARGET) @@ -78,11 +84,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make cd $(DIR_APP) && make install mv /usr/bin/snort /usr/sbin/ - -mkdir /etc/snort + -mkdir -p /etc/snort/rules - # Snort 2.6.X dount use the Directory rules - # cd $(DIR_APP) && install -m 0644 rules/*.rules \ - # etc/unicode.map etc/reference.config etc/classification.config /etc/snort + tar xvfz $(DIR_DL)/Community-Rules-20070503.tar.gz -C /etc/snort/ + tar xvfz $(DIR_DL)/bleeding.rules-20070503.tar.gz -C /etc/snort/ + cd $(DIR_APP) && install -m 0644 etc/unicode.map \ + etc/reference.config etc/classification.config /etc/snort install -m 0644 $(DIR_SRC)/config/snort/snort.conf /etc/snort chown -R nobody:nobody /etc/snort -mkdir -p /var/log/snort -- 2.39.2