Updated snort to Version 2.8.3.2
authorStefan Schantl <Stevee@ipfire.org>
Tue, 7 Apr 2009 10:11:15 +0000 (12:11 +0200)
committerStefan Schantl <Stevee@ipfire.org>
Tue, 7 Apr 2009 10:11:15 +0000 (12:11 +0200)
config/rootfiles/common/snort
config/snort/snort.conf
doc/packages-list.txt
lfs/snort

index 173390c290102d024ee67aff07af65e50f5ea2ee..d6ffc67562d513b3519230ec1d11ab2764befb55 100644 (file)
@@ -650,8 +650,13 @@ usr/lib/snort_dynamicengine
 #usr/lib/snort_dynamicengine/libsf_engine.so.0
 #usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
 usr/lib/snort_dynamicpreprocessor
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0.0.0
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
-usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0
@@ -675,6 +680,67 @@ usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
 #usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
 #usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0
 #usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
-#usr/man/man8/snort.8
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
+usr/lib/snort_dynamicrules
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.a
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0
 usr/sbin/snort
+#usr/share/doc/snort
+#usr/share/doc/snort/AUTHORS
+#usr/share/doc/snort/BUGS
+#usr/share/doc/snort/CREDITS
+#usr/share/doc/snort/INSTALL
+#usr/share/doc/snort/NEWS
+#usr/share/doc/snort/PROBLEMS
+#usr/share/doc/snort/README
+#usr/share/doc/snort/README.ARUBA
+#usr/share/doc/snort/README.FLEXRESP
+#usr/share/doc/snort/README.FLEXRESP2
+#usr/share/doc/snort/README.INLINE
+#usr/share/doc/snort/README.PLUGINS
+#usr/share/doc/snort/README.PerfProfiling
+#usr/share/doc/snort/README.SMTP
+#usr/share/doc/snort/README.UNSOCK
+#usr/share/doc/snort/README.WIN32
+#usr/share/doc/snort/README.alert_order
+#usr/share/doc/snort/README.asn1
+#usr/share/doc/snort/README.csv
+#usr/share/doc/snort/README.database
+#usr/share/doc/snort/README.dcerpc
+#usr/share/doc/snort/README.decode
+#usr/share/doc/snort/README.decoder_preproc_rules
+#usr/share/doc/snort/README.dns
+#usr/share/doc/snort/README.event_queue
+#usr/share/doc/snort/README.flow
+#usr/share/doc/snort/README.flow-portscan
+#usr/share/doc/snort/README.flowbits
+#usr/share/doc/snort/README.frag3
+#usr/share/doc/snort/README.ftptelnet
+#usr/share/doc/snort/README.gre
+#usr/share/doc/snort/README.http_inspect
+#usr/share/doc/snort/README.ipip
+#usr/share/doc/snort/README.ipv6
+#usr/share/doc/snort/README.pcap_readmode
+#usr/share/doc/snort/README.ppm
+#usr/share/doc/snort/README.sfportscan
+#usr/share/doc/snort/README.ssh
+#usr/share/doc/snort/README.ssl
+#usr/share/doc/snort/README.stream4
+#usr/share/doc/snort/README.stream5
+#usr/share/doc/snort/README.tag
+#usr/share/doc/snort/README.thresholding
+#usr/share/doc/snort/README.variables
+#usr/share/doc/snort/README.wireless
+#usr/share/doc/snort/TODO
+#usr/share/doc/snort/USAGE
+#usr/share/doc/snort/WISHLIST
+#usr/share/doc/snort/generators
+#usr/share/man/man8/snort.8
 var/log/snort
index 7ded8c0a3f39dcd20237bb4e918e6ee4808fc87c..3a498c62ecc23f5aa331ed942c3cd7a30bb5c07f 100644 (file)
@@ -26,20 +26,42 @@ var SHELLCODE_PORTS !80
 var ORACLE_PORTS    1521
 var AIM_SERVERS     [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
 var RULE_PATH       /etc/snort/rules
+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
 
 ###################################################
 # Do NOT Edit past this line
 ###################################################
 config detection: search-method lowmem
 preprocessor flow: memcap 2097152, stats_interval 0, hash 2
-preprocessor frag2: memcap 2097152
+#preprocessor frag2: memcap 2097152
+preprocessor frag3_global: max_frags 65536
+preprocessor frag3_engine: policy first detect_anomalies
 preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
 preprocessor stream4_reassemble: noalerts
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+preprocessor http_inspect_server: server default profile all ports { 80 8080 }
 preprocessor rpc_decode: 111 32771
 preprocessor bo
-preprocessor telnet_decode
+#preprocessor telnet_decode
+preprocessor ftp_telnet: global \
+   encrypted_traffic yes \
+   inspection_type stateful
+preprocessor ftp_telnet_protocol: telnet \
+   normalize \
+   ayt_attack_thresh 200
+preprocessor ftp_telnet_protocol: ftp server default \
+   def_max_param_len 100 \
+   alt_max_param_len 200 { CWD } \
+   cmd_validity MODE < char ASBCZ > \
+   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+   telnet_cmds yes \
+   data_chan
+preprocessor ftp_telnet_protocol: ftp client default \
+   max_resp_len 256 \
+   bounce yes \
+   telnet_cmds yes
 preprocessor flow-portscan: \
        scoreboard-memcap-talker 1048576 \
        scoreboard-rows-talker 10000 \
index 000bea7b5772d5dc0115b5bb1990a6b2a4a3537e..9aadd7594850d4a090dedc7a0d5772ddfe84eaee 100644 (file)
 * shadow-4.0.15
 * slang-1.4.9
 * smartmontools-5.36
-* snort-2.6.1.5
+* snort-2.8.3.2
 * sox-12.18.1
 * spandsp-0.0.4pre15
 * splix-2.0.0-rc2
index 680d3e9fb5bcb582c79791477a654e36b663f944..cfe1f73bc6b4f178b9b24cb2f3807115a01d4073 100644 (file)
--- a/lfs/snort
+++ b/lfs/snort
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.6.1.5
+VER        = 2.8.3.2
 
 THISAPP    = snort-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 Community-Rules-20070503.tar.gz = $(DL_FROM)/Community-Rules-20070503.tar.gz
 
-$(DL_FILE)_MD5 = e52a7ea6ba9743a8f8ca397cd26fa1bf
+$(DL_FILE)_MD5 = f75547da33446ddb4ca07eefd9ce31dc
 Community-Rules-20070503.tar.gz_MD5 = f236b8a4ac12e99d3e7bd81bf3b5a482
 
 install : $(TARGET)