Snort-Fixes
authorms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Thu, 3 May 2007 17:06:13 +0000 (17:06 +0000)
committerms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Thu, 3 May 2007 17:06:13 +0000 (17:06 +0000)
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@517 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/rootfiles/common/snort
doc/language_issues.de
doc/language_issues.en
html/cgi-bin/ids.cgi
html/cgi-bin/upnp.cgi
lfs/oinkmaster
lfs/snort

index 5e78f2e..637113c 100644 (file)
@@ -1,56 +1,6 @@
 #etc/snort
-etc/snort/attack-responses.rules
-etc/snort/backdoor.rules
-etc/snort/bad-traffic.rules
-etc/snort/chat.rules
-etc/snort/classification.config
-etc/snort/ddos.rules
-etc/snort/deleted.rules
-etc/snort/dns.rules
-etc/snort/dos.rules
-etc/snort/experimental.rules
-etc/snort/exploit.rules
-etc/snort/finger.rules
-etc/snort/ftp.rules
-etc/snort/icmp-info.rules
-etc/snort/icmp.rules
-etc/snort/imap.rules
-etc/snort/info.rules
-etc/snort/local.rules
-etc/snort/misc.rules
-etc/snort/multimedia.rules
-etc/snort/mysql.rules
-etc/snort/netbios.rules
-etc/snort/nntp.rules
-etc/snort/oracle.rules
-etc/snort/other-ids.rules
-etc/snort/p2p.rules
-etc/snort/policy.rules
-etc/snort/pop2.rules
-etc/snort/pop3.rules
-etc/snort/porn.rules
-etc/snort/reference.config
-etc/snort/rpc.rules
-etc/snort/rservices.rules
-etc/snort/scan.rules
-etc/snort/shellcode.rules
-etc/snort/smtp.rules
-etc/snort/snmp.rules
+etc/snort/rules
 etc/snort/snort.conf
-etc/snort/sql.rules
-etc/snort/telnet.rules
-etc/snort/tftp.rules
-etc/snort/unicode.map
-etc/snort/virus.rules
-etc/snort/web-attacks.rules
-etc/snort/web-cgi.rules
-etc/snort/web-client.rules
-etc/snort/web-coldfusion.rules
-etc/snort/web-frontpage.rules
-etc/snort/web-iis.rules
-etc/snort/web-misc.rules
-etc/snort/web-php.rules
-etc/snort/x11.rules
 #usr/man/man8/snort.8
 usr/sbin/snort
 var/log/snort
index eed43da..65ba255 100644 (file)
@@ -315,6 +315,8 @@ WARNING: translation string unused: year
 WARNING: untranslated string: IPFires hostname
 WARNING: untranslated string: allmsg
 WARNING: untranslated string: alt proxy
+WARNING: untranslated string: bleeding rules
+WARNING: untranslated string: community rules
 WARNING: untranslated string: dial profile
 WARNING: untranslated string: down
 WARNING: untranslated string: firewall graphs
index ad6d029..c56c080 100644 (file)
@@ -318,6 +318,8 @@ WARNING: translation string unused: year
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: IPFires hostname
 WARNING: untranslated string: alt proxy
+WARNING: untranslated string: bleeding rules
+WARNING: untranslated string: community rules
 WARNING: untranslated string: down
 WARNING: untranslated string: firewall logs ip
 WARNING: untranslated string: firewall logs port
index 8b74167..9ad5ae4 100644 (file)
@@ -6,8 +6,6 @@
 #
 # (c) The SmoothWall Team
 #
-# $Id: ids.cgi,v 1.8.2.18 2005/07/27 21:35:22 franck78 Exp $
-#
 
 use LWP::UserAgent;
 use File::Copy;
@@ -24,6 +22,7 @@ require "${General::swroot}/header.pl";
 
 my %snortsettings=();
 my %checked=();
+my %selected=();
 my %netsettings=();
 our $errormessage = '';
 our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set
@@ -40,17 +39,21 @@ $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
 $snortsettings{'ACTION'} = '';
-$snortsettings{'RULESTYPE'} = '';
+$snortsettings{'RULES'} = '';
 $snortsettings{'OINKCODE'} = '';
 $snortsettings{'INSTALLDATE'} = '';
 $snortsettings{'INSTALLMD5'} = '';
 
 &Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
 
-if ($snortsettings{'RULESTYPE'} eq 'subscripted') {
-       $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3_s.tar.gz";
+if ($snortsettings{'RULES'} eq 'subscripted') {
+       $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT_s.tar.gz";
+} elsif ($snortsettings{'RULES'} eq 'registered') {
+       $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT.tar.gz";
+} elsif ($snortsettings{'RULES'} eq 'bleeding') {
+       $url="http://www.bleedingsnort.com/bleeding.rules.tar.gz";
 } else {
-       $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3.tar.gz";
+       $url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz";
 }
 
 if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})
@@ -105,7 +108,7 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
                                $errormessage = "$Lang::tr{'invalid md5sum'}";
                        } else {
                                $results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";
-                               $results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort 2>&1`;
+                               $results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules/ 2>&1`;
                                $results .= "</pre>";
                        }
                        unlink ($filename);
@@ -125,10 +128,12 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c
 $checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
-$checked{'RULESTYPE'}{'nothing'} = '';
-$checked{'RULESTYPE'}{'registered'} = '';
-$checked{'RULESTYPE'}{'subscripted'} = '';
-$checked{'RULESTYPE'}{$snortsettings{'RULESTYPE'}} = "checked='checked'";
+$selected{'RULES'}{'nothing'} = '';
+$selected{'RULES'}{'bleeding'} = '';
+$selected{'RULES'}{'community'} = '';
+$selected{'RULES'}{'registered'} = '';
+$selected{'RULES'}{'subscripted'} = '';
+$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
 
 &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
 
@@ -180,16 +185,14 @@ print <<END
        <td><b>$Lang::tr{'ids rules update'}</b></td>
 </tr>
 <tr>
-       <td><input type='radio' name='RULESTYPE' value='nothing' $checked{'RULESTYPE'}{'nothing'} />
-               $Lang::tr{'no'}</td>
-</tr>
-<tr>
-       <td><input type='radio' name='RULESTYPE' value='registered' $checked{'RULESTYPE'}{'registered'} />
-               $Lang::tr{'registered user rules'}</td>
-</tr>
-<tr>
-       <td><input type='radio' name='RULESTYPE' value='subscripted' $checked{'RULESTYPE'}{'subscripted'} />
-               $Lang::tr{'subscripted user rules'}</td>
+       <td><select name='RULES'>
+                               <option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
+                               <option value='bleeding' $selected{'RULES'}{'bleeding'} >$Lang::tr{'bleeding rules'}</option>
+                               <option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
+                               <option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
+                               <option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
+                       </select>
+       </td>
 </tr>
 <tr>
        <td><br />
@@ -199,7 +202,7 @@ print <<END
        </td>
 </tr>
 <tr>
-       <td nowrap='nowrap'>Oink Code:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
+       <td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
 </tr>
 <tr>
        <td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
index d2faaa1..eb635bb 100644 (file)
@@ -30,12 +30,12 @@ my %servicenames =('UPnP Daemon' => 'upnpd',);
 
 $upnpsettings{'DEBUGMODE'} = '3';
 $upnpsettings{'FORWARDRULES'} = 'yes';
-$upnpsettings{'DOWNSTREAM'} = '900000';
-$upnpsettings{'UPSTREAM'} = '16000000';
+$upnpsettings{'DOWNSTREAM'} = '1048576';
+$upnpsettings{'UPSTREAM'} = '131072';
 $upnpsettings{'DESCRIPTION'} = 'gatedesc.xml';
 $upnpsettings{'XML'} = '/etc/linuxigd';
 $upnpsettings{'ENABLED'} = 'off';
-$upnpsettings{'friendlyName'} = 'IpFire Upnp Device';
+$upnpsettings{'friendlyName'} = 'IPFire Gateway';
 ### Values that have to be initialized
 $upnpsettings{'ACTION'} = '';
 
@@ -51,8 +51,8 @@ $upnpsettings{'ACTION'} = '';
 
 if ($upnpsettings{'ACTION'} eq $Lang::tr{'save'})
        {
-       $upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} * 8;
-       $upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} * 8;
+       $upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} * 1024;
+       $upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} * 1024;
        &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
 
        open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
@@ -96,8 +96,8 @@ elsif ($upnpsettings{'ACTION'} eq $Lang::tr{'restart'})
        }
 
 &General::readhash("${General::swroot}/upnp/settings", \%upnpsettings);
-$upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} / 8;
-$upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} / 8;
+$upnpsettings{'DOWNSTREAM'} = $upnpsettings{'DOWNSTREAM'} / 1024;
+$upnpsettings{'UPSTREAM'} = $upnpsettings{'UPSTREAM'} / 1024;
 
 if ($errormessage)
        {
@@ -145,26 +145,41 @@ print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <table width='95%' cellspacing='0'>
 <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>$Lang::tr{'options'}</b></td></tr>
-<tr><td colspan='2' align='left'><br></br></td></tr>
-<tr><td align='left'>Debug Mode:</td><td><input type='text' name='DEBUGMODE' value='$upnpsettings{'DEBUGMODE'}' size="30" /></td></tr>
-<tr><td align='left'>Forward Rules:</td><td><input type='text' name='FORWARDRULES' value='$upnpsettings{'FORWARDRULES'}' size="30" /></td></tr>
 <tr><td align='left' colspan='2'><br /></td></tr>
-<tr><td align='left'>Down Stream in KB:</td><td><input type='text' name='DOWNSTREAM' value='$upnpsettings{'DOWNSTREAM'}' size="30" /></td></tr>
-<tr><td align='left'>Up Strean in KB:</td><td><input type='text' name='UPSTREAM' value='$upnpsettings{'UPSTREAM'}' size="30" /></td></tr>
+<tr><td align='left'>UPnP Device Name:</td><td><input type='text' name='friendlyName' value='$upnpsettings{'friendlyName'}' size="30" /></td></tr>
 <tr><td align='left' colspan='2'><br /></td></tr>
-<tr><td align='left'>XML Document:</td><td><input type='text' name='XML' value='$upnpsettings{'XML'}' size="30" /></td></tr>
-<tr><td align='left'>Description Document:</td><td><input type='text' name='DESCRIPTION' value='$upnpsettings{'DESCRIPTION'}' size="30" /></td></tr>
-<tr><td align='left'>Upnp Device Name:</td><td><input type='text' name='friendlyName' value='$upnpsettings{'friendlyName'}' size="30" /></td></tr>
-<tr><td colspan='2' align='left'><br></br></td></tr>
-<tr><td colspan='2' align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
+<tr><td align='left'>Downstream in KB:</td><td><input type='text' name='DOWNSTREAM' value='$upnpsettings{'DOWNSTREAM'}' size="30" /></td></tr>
+<tr><td align='left'>Upstream in KB:</td><td><input type='text' name='UPSTREAM' value='$upnpsettings{'UPSTREAM'}' size="30" /></td></tr>
+<tr><td align='left' colspan='2'><br /></td></tr>
+<tr><td colspan='2' align='center'>    <input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
                                                                                                                                                <input type='image' alt=$Lang::tr{'save'} src='/images/floppy.gif' /></td></tr>
 </table></form>
-<br />
-<hr />
 END
 ;
 &Header::closebox();
 
+&Header::openbox('100%', 'center', 'Aktuell geoeffnete Ports');
+my @output = qx(iptables -t nat -n -L PORTFW);
+my ($outputline, $extip, $extport, $int);
+my @output2;
+print "<table>";
+foreach $outputline (@output) {
+       if ( $outputline =~ /^DNAT/ ) { 
+               @output2 = split(/ /, $outputline);
+               $extip = $output2[23];
+               $extport = $output2[29];
+               $extport =~ s/dpt://;
+               $int = "$output2[31]";
+               $int =~ s/to://;
+               print "<tr><td>$extip:$extport<td align='center'><img src='/images/forward.gif' alt='=&gt;' /><td>$int";
+
+       }
+}
+
+print "</table>";
+
+&Header::closebox();
+
 &Header::closebigbox();
 &Header::closepage();
 
@@ -197,4 +212,4 @@ sub isrunning
                }
 
                return $status;
-       }
\ No newline at end of file
+       }
index de35104..c052c9f 100644 (file)
@@ -71,8 +71,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf  $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && chown -R nobody:nobody oinkmaster.pl
-       cd $(DIR_APP) && cp -R $(DIR_SRC)/$(THISAPP) /etc/snort
-       cp $(DIR_SRC)/$(THISAPP)/oinkmaster.pl /usr/local/bin/
+       cd $(DIR_APP) && chown nobody:nobody oinkmaster.pl
+       cd $(DIR_APP) && cp -f oinkmaster.conf /var/ipfire/snort/
+       cd $(DIR_APP) && install -m 0755 oinkmaster.pl /usr/local/bin/
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
index d556265..7168c10 100644 (file)
--- a/lfs/snort
+++ b/lfs/snort
@@ -38,11 +38,17 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
 # Top-level Rules
 ###############################################################################
 
-objects = $(DL_FILE)
+objects = $(DL_FILE) \
+       Community-Rules-20070503.tar.gz \
+       bleeding.rules-20070503.tar.gz
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+Community-Rules-20070503.tar.gz = $(DL_FROM)/Community-Rules-20070503.tar.gz
+bleeding.rules-20070503.tar.gz = $(DL_FROM)/bleeding.rules-20070503.tar.gz
 
 $(DL_FILE)_MD5 = 70e7f297c9fcf1f46d6fa3e1bb4aae49
+Community-Rules-20070503.tar.gz_MD5 = f236b8a4ac12e99d3e7bd81bf3b5a482
+bleeding.rules-20070503.tar.gz_MD5 = f18f0a08c139b8205270b41a534f15d7
 
 install : $(TARGET)
 
@@ -78,11 +84,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && make
        cd $(DIR_APP) && make install
        mv /usr/bin/snort /usr/sbin/
-       -mkdir /etc/snort
+       -mkdir -p /etc/snort/rules
 
-       # Snort 2.6.X dount use the Directory rules 
-       # cd $(DIR_APP) && install -m 0644 rules/*.rules \
-       #    etc/unicode.map etc/reference.config etc/classification.config /etc/snort
+       tar xvfz $(DIR_DL)/Community-Rules-20070503.tar.gz -C /etc/snort/
+       tar xvfz $(DIR_DL)/bleeding.rules-20070503.tar.gz -C /etc/snort/
+       cd $(DIR_APP) && install -m 0644 etc/unicode.map \
+               etc/reference.config etc/classification.config /etc/snort
        install -m 0644 $(DIR_SRC)/config/snort/snort.conf /etc/snort
        chown -R nobody:nobody /etc/snort
        -mkdir -p /var/log/snort