From: Stefan Schantl <Stevee@ipfire.org>
Date: Tue, 7 Apr 2009 10:11:15 +0000 (+0200)
Subject: Updated snort to Version 2.8.3.2
X-Git-Tag: v2.5-beta1~47
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=4fba936cc84379c039c5be634a4dc5571cd86dc3

Updated snort to Version 2.8.3.2
---

diff --git a/config/rootfiles/common/snort b/config/rootfiles/common/snort
index 173390c290..d6ffc67562 100644
--- a/config/rootfiles/common/snort
+++ b/config/rootfiles/common/snort
@@ -650,8 +650,13 @@ usr/lib/snort_dynamicengine
 #usr/lib/snort_dynamicengine/libsf_engine.so.0
 #usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
 usr/lib/snort_dynamicpreprocessor
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0.0.0
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
-usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0
 #usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0
@@ -675,6 +680,67 @@ usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
 #usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
 #usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0
 #usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
-#usr/man/man8/snort.8
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
+usr/lib/snort_dynamicrules
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.a
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0
 usr/sbin/snort
+#usr/share/doc/snort
+#usr/share/doc/snort/AUTHORS
+#usr/share/doc/snort/BUGS
+#usr/share/doc/snort/CREDITS
+#usr/share/doc/snort/INSTALL
+#usr/share/doc/snort/NEWS
+#usr/share/doc/snort/PROBLEMS
+#usr/share/doc/snort/README
+#usr/share/doc/snort/README.ARUBA
+#usr/share/doc/snort/README.FLEXRESP
+#usr/share/doc/snort/README.FLEXRESP2
+#usr/share/doc/snort/README.INLINE
+#usr/share/doc/snort/README.PLUGINS
+#usr/share/doc/snort/README.PerfProfiling
+#usr/share/doc/snort/README.SMTP
+#usr/share/doc/snort/README.UNSOCK
+#usr/share/doc/snort/README.WIN32
+#usr/share/doc/snort/README.alert_order
+#usr/share/doc/snort/README.asn1
+#usr/share/doc/snort/README.csv
+#usr/share/doc/snort/README.database
+#usr/share/doc/snort/README.dcerpc
+#usr/share/doc/snort/README.decode
+#usr/share/doc/snort/README.decoder_preproc_rules
+#usr/share/doc/snort/README.dns
+#usr/share/doc/snort/README.event_queue
+#usr/share/doc/snort/README.flow
+#usr/share/doc/snort/README.flow-portscan
+#usr/share/doc/snort/README.flowbits
+#usr/share/doc/snort/README.frag3
+#usr/share/doc/snort/README.ftptelnet
+#usr/share/doc/snort/README.gre
+#usr/share/doc/snort/README.http_inspect
+#usr/share/doc/snort/README.ipip
+#usr/share/doc/snort/README.ipv6
+#usr/share/doc/snort/README.pcap_readmode
+#usr/share/doc/snort/README.ppm
+#usr/share/doc/snort/README.sfportscan
+#usr/share/doc/snort/README.ssh
+#usr/share/doc/snort/README.ssl
+#usr/share/doc/snort/README.stream4
+#usr/share/doc/snort/README.stream5
+#usr/share/doc/snort/README.tag
+#usr/share/doc/snort/README.thresholding
+#usr/share/doc/snort/README.variables
+#usr/share/doc/snort/README.wireless
+#usr/share/doc/snort/TODO
+#usr/share/doc/snort/USAGE
+#usr/share/doc/snort/WISHLIST
+#usr/share/doc/snort/generators
+#usr/share/man/man8/snort.8
 var/log/snort
diff --git a/config/snort/snort.conf b/config/snort/snort.conf
index 7ded8c0a3f..3a498c62ec 100644
--- a/config/snort/snort.conf
+++ b/config/snort/snort.conf
@@ -26,20 +26,42 @@ var SHELLCODE_PORTS !80
 var ORACLE_PORTS    1521
 var AIM_SERVERS     [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
 var RULE_PATH       /etc/snort/rules
+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
 
 ###################################################
 # Do NOT Edit past this line
 ###################################################
 config detection: search-method lowmem
 preprocessor flow: memcap 2097152, stats_interval 0, hash 2
-preprocessor frag2: memcap 2097152
+#preprocessor frag2: memcap 2097152
+preprocessor frag3_global: max_frags 65536
+preprocessor frag3_engine: policy first detect_anomalies
 preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
 preprocessor stream4_reassemble: noalerts
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+# preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+# preprocessor http_inspect_server: server default profile all ports { 80 8080 }
 preprocessor rpc_decode: 111 32771
 preprocessor bo
-preprocessor telnet_decode
+#preprocessor telnet_decode
+preprocessor ftp_telnet: global \
+   encrypted_traffic yes \
+   inspection_type stateful
+preprocessor ftp_telnet_protocol: telnet \
+   normalize \
+   ayt_attack_thresh 200
+preprocessor ftp_telnet_protocol: ftp server default \
+   def_max_param_len 100 \
+   alt_max_param_len 200 { CWD } \
+   cmd_validity MODE < char ASBCZ > \
+   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+   telnet_cmds yes \
+   data_chan
+preprocessor ftp_telnet_protocol: ftp client default \
+   max_resp_len 256 \
+   bounce yes \
+   telnet_cmds yes
 preprocessor flow-portscan: \
 	scoreboard-memcap-talker 1048576 \
 	scoreboard-rows-talker 10000 \
diff --git a/doc/packages-list.txt b/doc/packages-list.txt
index 000bea7b57..9aadd75948 100644
--- a/doc/packages-list.txt
+++ b/doc/packages-list.txt
@@ -268,7 +268,7 @@
 * shadow-4.0.15
 * slang-1.4.9
 * smartmontools-5.36
-* snort-2.6.1.5
+* snort-2.8.3.2
 * sox-12.18.1
 * spandsp-0.0.4pre15
 * splix-2.0.0-rc2
diff --git a/lfs/snort b/lfs/snort
index 680d3e9fb5..cfe1f73bc6 100644
--- a/lfs/snort
+++ b/lfs/snort
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.6.1.5
+VER        = 2.8.3.2
 
 THISAPP    = snort-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 Community-Rules-20070503.tar.gz = $(DL_FROM)/Community-Rules-20070503.tar.gz
 
-$(DL_FILE)_MD5 = e52a7ea6ba9743a8f8ca397cd26fa1bf
+$(DL_FILE)_MD5 = f75547da33446ddb4ca07eefd9ce31dc
 Community-Rules-20070503.tar.gz_MD5 = f236b8a4ac12e99d3e7bd81bf3b5a482
 
 install : $(TARGET)