From 8581d1ef9e2378f4800a803708f3208a830d460f Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 24 Apr 2009 12:01:17 +0200 Subject: [PATCH] Updated snort to Version 2.8.4 --- config/rootfiles/common/snort | 6 + config/rootfiles/snort | 680 ++++++++++++++++++++++++++++++++++ config/snort/snort.conf | 168 ++------- doc/packages-list.txt | 2 +- lfs/snort | 4 +- 5 files changed, 712 insertions(+), 148 deletions(-) create mode 100644 config/rootfiles/snort diff --git a/config/rootfiles/common/snort b/config/rootfiles/common/snort index d6ffc67562..ac635dceba 100644 --- a/config/rootfiles/common/snort +++ b/config/rootfiles/common/snort @@ -691,6 +691,11 @@ usr/lib/snort_dynamicrules #usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so #usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0 #usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0 +#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a +#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la +#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so +#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0 +#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0 usr/sbin/snort #usr/share/doc/snort #usr/share/doc/snort/AUTHORS @@ -714,6 +719,7 @@ usr/sbin/snort #usr/share/doc/snort/README.csv #usr/share/doc/snort/README.database #usr/share/doc/snort/README.dcerpc +#usr/share/doc/snort/README.dcerpc2 #usr/share/doc/snort/README.decode #usr/share/doc/snort/README.decoder_preproc_rules #usr/share/doc/snort/README.dns diff --git a/config/rootfiles/snort b/config/rootfiles/snort new file mode 100644 index 0000000000..173390c290 --- /dev/null +++ b/config/rootfiles/snort @@ -0,0 +1,680 @@ +#etc/snort +#etc/snort/docs +#etc/snort/docs/100000100.txt +#etc/snort/docs/100000101.txt +#etc/snort/docs/100000102.txt +#etc/snort/docs/100000103.txt +#etc/snort/docs/100000104.txt +#etc/snort/docs/100000105.txt +#etc/snort/docs/100000106.txt +#etc/snort/docs/100000107.txt +#etc/snort/docs/100000108.txt +#etc/snort/docs/100000109.txt +#etc/snort/docs/100000110.txt +#etc/snort/docs/100000111.txt +#etc/snort/docs/100000112.txt +#etc/snort/docs/100000113.txt +#etc/snort/docs/100000114.txt +#etc/snort/docs/100000115.txt +#etc/snort/docs/100000116.txt +#etc/snort/docs/100000117.txt +#etc/snort/docs/100000118.txt +#etc/snort/docs/100000119.txt +#etc/snort/docs/100000121.txt +#etc/snort/docs/100000122.txt +#etc/snort/docs/100000123.txt +#etc/snort/docs/100000124.txt +#etc/snort/docs/100000125.txt +#etc/snort/docs/100000126.txt +#etc/snort/docs/100000127.txt +#etc/snort/docs/100000128.txt +#etc/snort/docs/100000129.txt +#etc/snort/docs/100000130.txt +#etc/snort/docs/100000131.txt +#etc/snort/docs/100000132.txt +#etc/snort/docs/100000133.txt +#etc/snort/docs/100000134.txt +#etc/snort/docs/100000135.txt +#etc/snort/docs/100000136.txt +#etc/snort/docs/100000138.txt +#etc/snort/docs/100000139.txt +#etc/snort/docs/100000140.txt +#etc/snort/docs/100000141.txt +#etc/snort/docs/100000142.txt +#etc/snort/docs/100000143.txt +#etc/snort/docs/100000144.txt +#etc/snort/docs/100000145.txt +#etc/snort/docs/100000146.txt +#etc/snort/docs/100000148.txt +#etc/snort/docs/100000152.txt +#etc/snort/docs/100000153.txt +#etc/snort/docs/100000154.txt +#etc/snort/docs/100000155.txt +#etc/snort/docs/100000158.txt +#etc/snort/docs/100000159.txt +#etc/snort/docs/100000160.txt +#etc/snort/docs/100000161.txt +#etc/snort/docs/100000162.txt +#etc/snort/docs/100000163.txt +#etc/snort/docs/100000164.txt +#etc/snort/docs/100000165.txt +#etc/snort/docs/100000166.txt +#etc/snort/docs/100000167.txt +#etc/snort/docs/100000168.txt +#etc/snort/docs/100000169.txt +#etc/snort/docs/100000170.txt +#etc/snort/docs/100000171.txt +#etc/snort/docs/100000172.txt +#etc/snort/docs/100000173.txt +#etc/snort/docs/100000174.txt +#etc/snort/docs/100000175.txt +#etc/snort/docs/100000176.txt +#etc/snort/docs/100000177.txt +#etc/snort/docs/100000178.txt +#etc/snort/docs/100000179.txt +#etc/snort/docs/100000226.txt +#etc/snort/docs/100000315.txt +#etc/snort/docs/100000316.txt +#etc/snort/docs/100000317.txt +#etc/snort/docs/100000318.txt +#etc/snort/docs/100000319.txt +#etc/snort/docs/100000320.txt +#etc/snort/docs/100000321.txt +#etc/snort/docs/100000322.txt +#etc/snort/docs/100000323.txt +#etc/snort/docs/100000324.txt +#etc/snort/docs/100000325.txt +#etc/snort/docs/100000326.txt +#etc/snort/docs/100000327.txt +#etc/snort/docs/100000328.txt +#etc/snort/docs/100000329.txt +#etc/snort/docs/100000330.txt +#etc/snort/docs/100000331.txt +#etc/snort/docs/100000332.txt +#etc/snort/docs/100000333.txt +#etc/snort/docs/100000334.txt +#etc/snort/docs/100000335.txt +#etc/snort/docs/100000336.txt +#etc/snort/docs/100000337.txt +#etc/snort/docs/100000338.txt +#etc/snort/docs/100000339.txt +#etc/snort/docs/100000340.txt +#etc/snort/docs/100000341.txt +#etc/snort/docs/100000342.txt +#etc/snort/docs/100000343.txt +#etc/snort/docs/100000344.txt +#etc/snort/docs/100000345.txt +#etc/snort/docs/100000346.txt +#etc/snort/docs/100000347.txt +#etc/snort/docs/100000348.txt +#etc/snort/docs/100000349.txt +#etc/snort/docs/100000350.txt +#etc/snort/docs/100000351.txt +#etc/snort/docs/100000352.txt +#etc/snort/docs/100000353.txt +#etc/snort/docs/100000354.txt +#etc/snort/docs/100000355.txt +#etc/snort/docs/100000356.txt +#etc/snort/docs/100000357.txt +#etc/snort/docs/100000358.txt +#etc/snort/docs/100000359.txt +#etc/snort/docs/100000360.txt +#etc/snort/docs/100000361.txt +#etc/snort/docs/100000362.txt +#etc/snort/docs/100000363.txt +#etc/snort/docs/100000364.txt +#etc/snort/docs/100000365.txt +#etc/snort/docs/100000366.txt +#etc/snort/docs/100000367.txt +#etc/snort/docs/100000368.txt +#etc/snort/docs/100000369.txt +#etc/snort/docs/100000370.txt +#etc/snort/docs/100000371.txt +#etc/snort/docs/100000372.txt +#etc/snort/docs/100000373.txt +#etc/snort/docs/100000374.txt +#etc/snort/docs/100000375.txt +#etc/snort/docs/100000376.txt +#etc/snort/docs/100000377.txt +#etc/snort/docs/100000378.txt +#etc/snort/docs/100000379.txt +#etc/snort/docs/100000380.txt +#etc/snort/docs/100000381.txt +#etc/snort/docs/100000382.txt +#etc/snort/docs/100000383.txt +#etc/snort/docs/100000384.txt +#etc/snort/docs/100000385.txt +#etc/snort/docs/100000386.txt +#etc/snort/docs/100000387.txt +#etc/snort/docs/100000388.txt +#etc/snort/docs/100000389.txt +#etc/snort/docs/100000390.txt +#etc/snort/docs/100000391.txt +#etc/snort/docs/100000392.txt +#etc/snort/docs/100000393.txt +#etc/snort/docs/100000394.txt +#etc/snort/docs/100000395.txt +#etc/snort/docs/100000396.txt +#etc/snort/docs/100000397.txt +#etc/snort/docs/100000398.txt +#etc/snort/docs/100000399.txt +#etc/snort/docs/100000400.txt +#etc/snort/docs/100000401.txt +#etc/snort/docs/100000402.txt +#etc/snort/docs/100000403.txt +#etc/snort/docs/100000404.txt +#etc/snort/docs/100000405.txt +#etc/snort/docs/100000406.txt +#etc/snort/docs/100000407.txt +#etc/snort/docs/100000408.txt +#etc/snort/docs/100000409.txt +#etc/snort/docs/100000410.txt +#etc/snort/docs/100000411.txt +#etc/snort/docs/100000412.txt +#etc/snort/docs/100000413.txt +#etc/snort/docs/100000414.txt +#etc/snort/docs/100000415.txt +#etc/snort/docs/100000416.txt +#etc/snort/docs/100000417.txt +#etc/snort/docs/100000418.txt +#etc/snort/docs/100000419.txt +#etc/snort/docs/100000420.txt +#etc/snort/docs/100000421.txt +#etc/snort/docs/100000422.txt +#etc/snort/docs/100000423.txt +#etc/snort/docs/100000424.txt +#etc/snort/docs/100000425.txt +#etc/snort/docs/100000426.txt +#etc/snort/docs/100000430.txt +#etc/snort/docs/100000431.txt +#etc/snort/docs/100000432.txt +#etc/snort/docs/100000433.txt +#etc/snort/docs/100000434.txt +#etc/snort/docs/100000435.txt +#etc/snort/docs/100000436.txt +#etc/snort/docs/100000437.txt +#etc/snort/docs/100000438.txt +#etc/snort/docs/100000439.txt +#etc/snort/docs/100000440.txt +#etc/snort/docs/100000441.txt +#etc/snort/docs/100000442.txt +#etc/snort/docs/100000443.txt +#etc/snort/docs/100000444.txt +#etc/snort/docs/100000445.txt +#etc/snort/docs/100000446.txt +#etc/snort/docs/100000448.txt +#etc/snort/docs/100000449.txt +#etc/snort/docs/100000450.txt +#etc/snort/docs/100000451.txt +#etc/snort/docs/100000452.txt +#etc/snort/docs/100000453.txt +#etc/snort/docs/100000454.txt +#etc/snort/docs/100000455.txt +#etc/snort/docs/100000456.txt +#etc/snort/docs/100000457.txt +#etc/snort/docs/100000458.txt +#etc/snort/docs/100000459.txt +#etc/snort/docs/100000461.txt +#etc/snort/docs/100000462.txt +#etc/snort/docs/100000463.txt +#etc/snort/docs/100000464.txt +#etc/snort/docs/100000465.txt +#etc/snort/docs/100000466.txt +#etc/snort/docs/100000467.txt +#etc/snort/docs/100000468.txt +#etc/snort/docs/100000469.txt +#etc/snort/docs/100000470.txt +#etc/snort/docs/100000471.txt +#etc/snort/docs/100000472.txt +#etc/snort/docs/100000473.txt +#etc/snort/docs/100000474.txt +#etc/snort/docs/100000475.txt +#etc/snort/docs/100000476.txt +#etc/snort/docs/100000477.txt +#etc/snort/docs/100000478.txt +#etc/snort/docs/100000479.txt +#etc/snort/docs/100000480.txt +#etc/snort/docs/100000481.txt +#etc/snort/docs/100000482.txt +#etc/snort/docs/100000483.txt +#etc/snort/docs/100000484.txt +#etc/snort/docs/100000485.txt +#etc/snort/docs/100000486.txt +#etc/snort/docs/100000487.txt +#etc/snort/docs/100000488.txt +#etc/snort/docs/100000489.txt +#etc/snort/docs/100000490.txt +#etc/snort/docs/100000491.txt +#etc/snort/docs/100000492.txt +#etc/snort/docs/100000493.txt +#etc/snort/docs/100000494.txt +#etc/snort/docs/100000495.txt +#etc/snort/docs/100000496.txt +#etc/snort/docs/100000497.txt +#etc/snort/docs/100000498.txt +#etc/snort/docs/100000499.txt +#etc/snort/docs/100000500.txt +#etc/snort/docs/100000501.txt +#etc/snort/docs/100000502.txt +#etc/snort/docs/100000503.txt +#etc/snort/docs/100000504.txt +#etc/snort/docs/100000505.txt +#etc/snort/docs/100000506.txt +#etc/snort/docs/100000507.txt +#etc/snort/docs/100000508.txt +#etc/snort/docs/100000509.txt +#etc/snort/docs/100000510.txt +#etc/snort/docs/100000511.txt +#etc/snort/docs/100000512.txt +#etc/snort/docs/100000513.txt +#etc/snort/docs/100000514.txt +#etc/snort/docs/100000515.txt +#etc/snort/docs/100000516.txt +#etc/snort/docs/100000517.txt +#etc/snort/docs/100000518.txt +#etc/snort/docs/100000519.txt +#etc/snort/docs/100000520.txt +#etc/snort/docs/100000521.txt +#etc/snort/docs/100000522.txt +#etc/snort/docs/100000523.txt +#etc/snort/docs/100000524.txt +#etc/snort/docs/100000525.txt +#etc/snort/docs/100000526.txt +#etc/snort/docs/100000527.txt +#etc/snort/docs/100000528.txt +#etc/snort/docs/100000529.txt +#etc/snort/docs/100000530.txt +#etc/snort/docs/100000531.txt +#etc/snort/docs/100000532.txt +#etc/snort/docs/100000533.txt +#etc/snort/docs/100000534.txt +#etc/snort/docs/100000535.txt +#etc/snort/docs/100000536.txt +#etc/snort/docs/100000537.txt +#etc/snort/docs/100000538.txt +#etc/snort/docs/100000539.txt +#etc/snort/docs/100000540.txt +#etc/snort/docs/100000541.txt +#etc/snort/docs/100000542.txt +#etc/snort/docs/100000543.txt +#etc/snort/docs/100000544.txt +#etc/snort/docs/100000545.txt +#etc/snort/docs/100000546.txt +#etc/snort/docs/100000547.txt +#etc/snort/docs/100000548.txt +#etc/snort/docs/100000549.txt +#etc/snort/docs/100000550.txt +#etc/snort/docs/100000551.txt +#etc/snort/docs/100000552.txt +#etc/snort/docs/100000553.txt +#etc/snort/docs/100000554.txt +#etc/snort/docs/100000555.txt +#etc/snort/docs/100000556.txt +#etc/snort/docs/100000557.txt +#etc/snort/docs/100000558.txt +#etc/snort/docs/100000559.txt +#etc/snort/docs/100000560.txt +#etc/snort/docs/100000561.txt +#etc/snort/docs/100000562.txt +#etc/snort/docs/100000563.txt +#etc/snort/docs/100000564.txt +#etc/snort/docs/100000565.txt +#etc/snort/docs/100000566.txt +#etc/snort/docs/100000567.txt +#etc/snort/docs/100000568.txt +#etc/snort/docs/100000569.txt +#etc/snort/docs/100000570.txt +#etc/snort/docs/100000571.txt +#etc/snort/docs/100000572.txt +#etc/snort/docs/100000573.txt +#etc/snort/docs/100000574.txt +#etc/snort/docs/100000575.txt +#etc/snort/docs/100000576.txt +#etc/snort/docs/100000577.txt +#etc/snort/docs/100000578.txt +#etc/snort/docs/100000579.txt +#etc/snort/docs/100000580.txt +#etc/snort/docs/100000581.txt +#etc/snort/docs/100000582.txt +#etc/snort/docs/100000583.txt +#etc/snort/docs/100000584.txt +#etc/snort/docs/100000585.txt +#etc/snort/docs/100000586.txt +#etc/snort/docs/100000587.txt +#etc/snort/docs/100000588.txt +#etc/snort/docs/100000589.txt +#etc/snort/docs/100000590.txt +#etc/snort/docs/100000591.txt +#etc/snort/docs/100000592.txt +#etc/snort/docs/100000593.txt +#etc/snort/docs/100000594.txt +#etc/snort/docs/100000595.txt +#etc/snort/docs/100000596.txt +#etc/snort/docs/100000597.txt +#etc/snort/docs/100000598.txt +#etc/snort/docs/100000599.txt +#etc/snort/docs/100000600.txt +#etc/snort/docs/100000601.txt +#etc/snort/docs/100000602.txt +#etc/snort/docs/100000603.txt +#etc/snort/docs/100000604.txt +#etc/snort/docs/100000605.txt +#etc/snort/docs/100000606.txt +#etc/snort/docs/100000607.txt +#etc/snort/docs/100000608.txt +#etc/snort/docs/100000609.txt +#etc/snort/docs/100000610.txt +#etc/snort/docs/100000611.txt +#etc/snort/docs/100000612.txt +#etc/snort/docs/100000613.txt +#etc/snort/docs/100000614.txt +#etc/snort/docs/100000615.txt +#etc/snort/docs/100000616.txt +#etc/snort/docs/100000617.txt +#etc/snort/docs/100000618.txt +#etc/snort/docs/100000619.txt +#etc/snort/docs/100000620.txt +#etc/snort/docs/100000621.txt +#etc/snort/docs/100000622.txt +#etc/snort/docs/100000623.txt +#etc/snort/docs/100000624.txt +#etc/snort/docs/100000625.txt +#etc/snort/docs/100000626.txt +#etc/snort/docs/100000627.txt +#etc/snort/docs/100000628.txt +#etc/snort/docs/100000629.txt +#etc/snort/docs/100000630.txt +#etc/snort/docs/100000631.txt +#etc/snort/docs/100000632.txt +#etc/snort/docs/100000633.txt +#etc/snort/docs/100000634.txt +#etc/snort/docs/100000635.txt +#etc/snort/docs/100000636.txt +#etc/snort/docs/100000637.txt +#etc/snort/docs/100000638.txt +#etc/snort/docs/100000639.txt +#etc/snort/docs/100000640.txt +#etc/snort/docs/100000641.txt +#etc/snort/docs/100000642.txt +#etc/snort/docs/100000643.txt +#etc/snort/docs/100000644.txt +#etc/snort/docs/100000645.txt +#etc/snort/docs/100000646.txt +#etc/snort/docs/100000647.txt +#etc/snort/docs/100000648.txt +#etc/snort/docs/100000649.txt +#etc/snort/docs/100000650.txt +#etc/snort/docs/100000651.txt +#etc/snort/docs/100000652.txt +#etc/snort/docs/100000653.txt +#etc/snort/docs/100000654.txt +#etc/snort/docs/100000655.txt +#etc/snort/docs/100000656.txt +#etc/snort/docs/100000657.txt +#etc/snort/docs/100000658.txt +#etc/snort/docs/100000659.txt +#etc/snort/docs/100000660.txt +#etc/snort/docs/100000661.txt +#etc/snort/docs/100000662.txt +#etc/snort/docs/100000663.txt +#etc/snort/docs/100000664.txt +#etc/snort/docs/100000665.txt +#etc/snort/docs/100000666.txt +#etc/snort/docs/100000667.txt +#etc/snort/docs/100000668.txt +#etc/snort/docs/100000669.txt +#etc/snort/docs/100000670.txt +#etc/snort/docs/100000671.txt +#etc/snort/docs/100000672.txt +#etc/snort/docs/100000673.txt +#etc/snort/docs/100000674.txt +#etc/snort/docs/100000675.txt +#etc/snort/docs/100000676.txt +#etc/snort/docs/100000677.txt +#etc/snort/docs/100000678.txt +#etc/snort/docs/100000679.txt +#etc/snort/docs/100000680.txt +#etc/snort/docs/100000681.txt +#etc/snort/docs/100000682.txt +#etc/snort/docs/100000683.txt +#etc/snort/docs/100000686.txt +#etc/snort/docs/100000687.txt +#etc/snort/docs/100000690.txt +#etc/snort/docs/100000691.txt +#etc/snort/docs/100000694.txt +#etc/snort/docs/100000695.txt +#etc/snort/docs/100000696.txt +#etc/snort/docs/100000697.txt +#etc/snort/docs/100000698.txt +#etc/snort/docs/100000699.txt +#etc/snort/docs/100000700.txt +#etc/snort/docs/100000701.txt +#etc/snort/docs/100000702.txt +#etc/snort/docs/100000704.txt +#etc/snort/docs/100000705.txt +#etc/snort/docs/100000706.txt +#etc/snort/docs/100000707.txt +#etc/snort/docs/100000708.txt +#etc/snort/docs/100000709.txt +#etc/snort/docs/100000710.txt +#etc/snort/docs/100000711.txt +#etc/snort/docs/100000712.txt +#etc/snort/docs/100000713.txt +#etc/snort/docs/100000714.txt +#etc/snort/docs/100000715.txt +#etc/snort/docs/100000716.txt +#etc/snort/docs/100000717.txt +#etc/snort/docs/100000718.txt +#etc/snort/docs/100000719.txt +#etc/snort/docs/100000720.txt +#etc/snort/docs/100000721.txt +#etc/snort/docs/100000722.txt +#etc/snort/docs/100000723.txt +#etc/snort/docs/100000724.txt +#etc/snort/docs/100000725.txt +#etc/snort/docs/100000726.txt +#etc/snort/docs/100000727.txt +#etc/snort/docs/100000728.txt +#etc/snort/docs/100000729.txt +#etc/snort/docs/100000730.txt +#etc/snort/docs/100000731.txt +#etc/snort/docs/100000732.txt +#etc/snort/docs/100000733.txt +#etc/snort/docs/100000734.txt +#etc/snort/docs/100000735.txt +#etc/snort/docs/100000736.txt +#etc/snort/docs/100000737.txt +#etc/snort/docs/100000738.txt +#etc/snort/docs/100000739.txt +#etc/snort/docs/100000740.txt +#etc/snort/docs/100000741.txt +#etc/snort/docs/100000742.txt +#etc/snort/docs/100000743.txt +#etc/snort/docs/100000744.txt +#etc/snort/docs/100000745.txt +#etc/snort/docs/100000746.txt +#etc/snort/docs/100000747.txt +#etc/snort/docs/100000748.txt +#etc/snort/docs/100000749.txt +#etc/snort/docs/100000750.txt +#etc/snort/docs/100000751.txt +#etc/snort/docs/100000752.txt +#etc/snort/docs/100000753.txt +#etc/snort/docs/100000754.txt +#etc/snort/docs/100000755.txt +#etc/snort/docs/100000756.txt +#etc/snort/docs/100000757.txt +#etc/snort/docs/100000758.txt +#etc/snort/docs/100000759.txt +#etc/snort/docs/100000760.txt +#etc/snort/docs/100000761.txt +#etc/snort/docs/100000762.txt +#etc/snort/docs/100000763.txt +#etc/snort/docs/100000764.txt +#etc/snort/docs/100000765.txt +#etc/snort/docs/100000766.txt +#etc/snort/docs/100000767.txt +#etc/snort/docs/100000768.txt +#etc/snort/docs/100000769.txt +#etc/snort/docs/100000770.txt +#etc/snort/docs/100000771.txt +#etc/snort/docs/100000772.txt +#etc/snort/docs/100000773.txt +#etc/snort/docs/100000774.txt +#etc/snort/docs/100000775.txt +#etc/snort/docs/100000776.txt +#etc/snort/docs/100000777.txt +#etc/snort/docs/100000778.txt +#etc/snort/docs/100000779.txt +#etc/snort/docs/100000780.txt +#etc/snort/docs/100000781.txt +#etc/snort/docs/100000782.txt +#etc/snort/docs/100000783.txt +#etc/snort/docs/100000784.txt +#etc/snort/docs/100000785.txt +#etc/snort/docs/100000786.txt +#etc/snort/docs/100000787.txt +#etc/snort/docs/100000788.txt +#etc/snort/docs/100000789.txt +#etc/snort/docs/100000790.txt +#etc/snort/docs/100000791.txt +#etc/snort/docs/100000792.txt +#etc/snort/docs/100000793.txt +#etc/snort/docs/100000794.txt +#etc/snort/docs/100000795.txt +#etc/snort/docs/100000796.txt +#etc/snort/docs/100000797.txt +#etc/snort/docs/100000798.txt +#etc/snort/docs/100000799.txt +#etc/snort/docs/100000800.txt +#etc/snort/docs/100000801.txt +#etc/snort/docs/100000802.txt +#etc/snort/docs/100000803.txt +#etc/snort/docs/100000804.txt +#etc/snort/docs/100000805.txt +#etc/snort/docs/100000806.txt +#etc/snort/docs/100000807.txt +#etc/snort/docs/100000808.txt +#etc/snort/docs/100000809.txt +#etc/snort/docs/100000810.txt +#etc/snort/docs/100000811.txt +#etc/snort/docs/100000812.txt +#etc/snort/docs/100000813.txt +#etc/snort/docs/100000814.txt +#etc/snort/docs/100000815.txt +#etc/snort/docs/100000816.txt +#etc/snort/docs/100000817.txt +#etc/snort/docs/100000818.txt +#etc/snort/docs/100000820.txt +#etc/snort/docs/100000821.txt +#etc/snort/docs/100000822.txt +#etc/snort/docs/100000823.txt +#etc/snort/docs/100000824.txt +#etc/snort/docs/100000825.txt +#etc/snort/docs/100000826.txt +#etc/snort/docs/100000827.txt +#etc/snort/docs/100000828.txt +#etc/snort/docs/100000829.txt +#etc/snort/docs/100000830.txt +#etc/snort/docs/100000831.txt +#etc/snort/docs/100000832.txt +#etc/snort/docs/100000833.txt +#etc/snort/docs/100000834.txt +#etc/snort/docs/100000835.txt +#etc/snort/docs/100000836.txt +#etc/snort/docs/100000837.txt +#etc/snort/docs/100000838.txt +#etc/snort/docs/100000839.txt +#etc/snort/docs/100000840.txt +#etc/snort/docs/100000841.txt +#etc/snort/docs/100000842.txt +#etc/snort/docs/100000843.txt +#etc/snort/docs/100000844.txt +#etc/snort/docs/100000845.txt +#etc/snort/docs/100000846.txt +#etc/snort/docs/100000847.txt +#etc/snort/docs/100000848.txt +#etc/snort/docs/100000849.txt +#etc/snort/docs/100000850.txt +#etc/snort/docs/100000851.txt +#etc/snort/docs/100000852.txt +#etc/snort/docs/100000853.txt +#etc/snort/docs/100000854.txt +#etc/snort/docs/100000855.txt +#etc/snort/docs/100000856.txt +#etc/snort/docs/100000857.txt +#etc/snort/docs/100000858.txt +#etc/snort/docs/100000859.txt +#etc/snort/docs/100000860.txt +#etc/snort/docs/100000861.txt +#etc/snort/docs/100000862.txt +#etc/snort/docs/100000863.txt +#etc/snort/docs/100000923.txt +#etc/snort/docs/100000927.txt +etc/snort/rules +#etc/snort/rules/LICENSE +#etc/snort/rules/classification.config +#etc/snort/rules/community-bot.rules +#etc/snort/rules/community-deleted.rules +#etc/snort/rules/community-dos.rules +#etc/snort/rules/community-exploit.rules +#etc/snort/rules/community-ftp.rules +#etc/snort/rules/community-game.rules +#etc/snort/rules/community-icmp.rules +#etc/snort/rules/community-imap.rules +#etc/snort/rules/community-inappropriate.rules +#etc/snort/rules/community-mail-client.rules +#etc/snort/rules/community-misc.rules +#etc/snort/rules/community-nntp.rules +#etc/snort/rules/community-oracle.rules +#etc/snort/rules/community-policy.rules +#etc/snort/rules/community-sid-msg.map +#etc/snort/rules/community-sip.rules +#etc/snort/rules/community-smtp.rules +#etc/snort/rules/community-sql-injection.rules +#etc/snort/rules/community-virus.rules +#etc/snort/rules/community-web-attacks.rules +#etc/snort/rules/community-web-cgi.rules +#etc/snort/rules/community-web-client.rules +#etc/snort/rules/community-web-dos.rules +#etc/snort/rules/community-web-iis.rules +#etc/snort/rules/community-web-misc.rules +#etc/snort/rules/community-web-php.rules +#etc/snort/rules/reference.config +etc/snort/snort.conf +etc/snort/unicode.map +usr/lib/snort_dynamicengine +#usr/lib/snort_dynamicengine/libsf_engine.a +#usr/lib/snort_dynamicengine/libsf_engine.la +#usr/lib/snort_dynamicengine/libsf_engine.so +#usr/lib/snort_dynamicengine/libsf_engine.so.0 +#usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0 +usr/lib/snort_dynamicpreprocessor +#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a +usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la +#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so +#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0 +#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0 +#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.a +#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.la +#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so +#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0 +#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0 +#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a +#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la +#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so +#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 +#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0 +#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a +#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la +#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so +#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 +#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0 +#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a +#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la +#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so +#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0 +#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0 +#usr/man/man8/snort.8 +usr/sbin/snort +var/log/snort diff --git a/config/snort/snort.conf b/config/snort/snort.conf index 55678e833a..2008a5904b 100644 --- a/config/snort/snort.conf +++ b/config/snort/snort.conf @@ -1,5 +1,5 @@ #-------------------------------------------------- -# http://www.snort.org Snort 2.8.3.2 Ruleset +# http://www.snort.org Snort 2.8.4 Ruleset # Contact: snort-sigs@lists.sourceforge.net #-------------------------------------------------- # $Id$ @@ -221,19 +221,6 @@ dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so # the form # preprocessor : -# Configure Flow tracking module -# ------------------------------- -# -# The Flow tracking module is meant to start unifying the state keeping -# mechanisms of snort into a single place. Right now, only a portscan detector -# is implemented but in the long term, many of the stateful subsystems of -# snort will be migrated over to becoming flow plugins. This must be enabled -# for flow-portscan to work correctly. -# -# See README.flow for additional information -# -#preprocessor flow: stats_interval 0 hash 2 - # frag3: Target-based IP defragmentation # -------------------------------------- # @@ -294,131 +281,14 @@ dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so preprocessor frag3_global: max_frags 65536 preprocessor frag3_engine: policy first detect_anomalies - -# stream4: stateful inspection/stream reassembly for Snort -#---------------------------------------------------------------------- -# Use in concert with the -z [all|est] command line switch to defeat stick/snot -# against TCP rules. Also performs full TCP stream reassembly, stateful -# inspection of TCP streams, etc. Can statefully detect various portscan -# types, fingerprinting, ECN, etc. - -# stateful inspection directive -# no arguments loads the defaults (timeout 30, memcap 8388608) -# options (options are comma delimited): -# detect_scans - stream4 will detect stealth portscans and generate alerts -# when it sees them when this option is set -# detect_state_problems - detect TCP state problems, this tends to be very -# noisy because there are a lot of crappy ip stack -# implementations out there -# -# disable_evasion_alerts - turn off the possibly noisy mitigation of -# overlapping sequences. -# -# ttl_limit [number] - differential of the initial ttl on a session versus -# the normal that someone may be playing games. -# Routing flap may cause lots of false positives. -# -# keepstats [machine|binary] - keep session statistics, add "machine" to -# get them in a flat format for machine reading, add -# "binary" to get them in a unified binary output -# format -# noinspect - turn off stateful inspection only -# timeout [number] - set the session timeout counter to [number] seconds, -# default is 30 seconds -# max_sessions [number] - limit the number of sessions stream4 keeps -# track of -# memcap [number] - limit stream4 memory usage to [number] bytes (does -# not include session tracking, which is set by the -# max_sessions option) -# log_flushed_streams - if an event is detected on a stream this option will -# cause all packets that are stored in the stream4 -# packet buffers to be flushed to disk. This only -# works when logging in pcap mode! -# server_inspect_limit [bytes] - Byte limit on server side inspection. -# enable_udp_sessions - turn on tracking of "sessions" over UDP. Requires -# configure --enable-stream4udp. UDP sessions are -# only created when there is a rule for the sender or -# responder that has a flow or flowbits keyword. -# max_udp_sessions [number] - limit the number of simultaneous UDP sessions -# to track -# udp_ignore_any - Do not inspect UDP packets unless there is a port specific -# rule for a given port. This is a performance improvement -# and turns off inspection for udp xxx any -> xxx any rules -# cache_clean_sessions [number] - Cleanup the session cache by number sessions -# at a time. The larger the value, the -# more sessions are purged from the cache when -# the session limit or memcap is reached. -# Defaults to 5. -# -# -# -# Stream4 uses Generator ID 111 and uses the following SIDS -# for that GID: -# SID Event description -# ----- ------------------- -# 1 Stealth activity -# 2 Evasive RST packet -# 3 Evasive TCP packet retransmission -# 4 TCP Window violation -# 5 Data on SYN packet -# 6 Stealth scan: full XMAS -# 7 Stealth scan: SYN-ACK-PSH-URG -# 8 Stealth scan: FIN scan -# 9 Stealth scan: NULL scan -# 10 Stealth scan: NMAP XMAS scan -# 11 Stealth scan: Vecna scan -# 12 Stealth scan: NMAP fingerprint scan stateful detect -# 13 Stealth scan: SYN-FIN scan -# 14 TCP forward overlap - -#preprocessor stream4: disable_evasion_alerts - -# tcp stream reassembly directive -# no arguments loads the default configuration -# Only reassemble the client, -# Only reassemble the default list of ports (See below), -# Give alerts for "bad" streams -# -# Available options (comma delimited): -# clientonly - reassemble traffic for the client side of a connection only -# serveronly - reassemble traffic for the server side of a connection only -# both - reassemble both sides of a session -# noalerts - turn off alerts from the stream reassembly stage of stream4 -# ports [list] - use the space separated list of ports in [list], "all" -# will turn on reassembly for all ports, "default" will turn -# on reassembly for ports 21, 23, 25, 42, 53, 80, 110, -# 111, 135, 136, 137, 139, 143, 445, 513, 514, 1433, 1521, -# 2401, and 3306 -# favor_old - favor an old segment (based on sequence number) over a new one. -# This is the default. -# favor_new - favor an new segment (based on sequence number) over an old one. -# overlap_limit [number] - limit on overlaping segments for a session. -# flush_on_alert - flushes stream when an alert is generated for a session. -# flush_behavior [mode] - -# default - use old static flushpoints (default) -# large_window - use new larger static flushpoints -# random - use random flushpoints defined by flush_base, -# flush_seed and flush_range -# flush_base [number] - lowest allowed random flushpoint (512 by default) -# flush_range [number] - number is the space within which random flushpoints -# are generated (default 1213) -# flush_seed [number] - seed for the random number generator, defaults to -# Snort PID + time -# -# Using the default random flushpoints, the smallest flushpoint is 512, -# and the largest is 1725 bytes. -#preprocessor stream4_reassemble - # stream5: Target Based stateful inspection/stream reassembly for Snort # --------------------------------------------------------------------- -# Stream5 is a target-based stream engine for Snort. Its functionality -# replaces that of Stream4. Consequently, BOTH Stream4 and Stream5 -# cannot be used simultaneously. Comment out the stream4 configurations -# above to use Stream5. +# Stream5 is a target-based stream engine for Snort. It handles both +# TCP and UDP connection tracking as well as TCP reassembly. # # See README.stream5 for details on the configuration options. # -# Example config (that emulates Stream4 with UDP support compiled in) +# Example config preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ track_udp no preprocessor stream5_tcp: policy first, use_static_footprint_sizes @@ -723,11 +593,21 @@ preprocessor sfportscan: proto { all } \ # dynamicpreprocessor file # or use commandline option # --dynamic-preprocessor-lib +# +#preprocessor dcerpc: \ +# autodetect \ +# max_frag_size 3000 \ +# memcap 100000 + + +# DCE/RPC 2 +#---------------------------------------- +# See doc/README.dcerpc2 for explanations of what the +# preprocessor does and how to configure it. +# +preprocessor dcerpc2 +preprocessor dcerpc2_server: default -preprocessor dcerpc: \ - autodetect \ - max_frag_size 3000 \ - memcap 100000 # DNS #---------------------------------------- @@ -759,14 +639,17 @@ preprocessor dns: \ # inspected. Once the traffic is determined to be encrypted, no further # inspection of the data on the connection is made. # -# Important note: Stream4 or Stream5 should be explicitly told to reassemble +# If you don't necessarily trust all of the SSL capable servers on your +# network, you should remove the "trustservers" option from the configuration. +# +# Important note: Stream5 should be explicitly told to reassemble # traffic on the ports that you intend to inspect SSL # encrypted traffic on. # # To add reassembly on port 443 to Stream5, use 'port both 443' in the # Stream5 configuration. -preprocessor ssl: noinspect_encrypted +preprocessor ssl: noinspect_encrypted, trustservers #################################################################### @@ -937,7 +820,6 @@ include /etc/snort/rules/reference.config #include $RULE_PATH/ddos.rules #include $RULE_PATH/dns.rules #include $RULE_PATH/tftp.rules - #include $RULE_PATH/web-cgi.rules #include $RULE_PATH/web-coldfusion.rules #include $RULE_PATH/web-iis.rules @@ -945,7 +827,6 @@ include /etc/snort/rules/reference.config #include $RULE_PATH/web-misc.rules #include $RULE_PATH/web-client.rules #include $RULE_PATH/web-php.rules - #include $RULE_PATH/sql.rules #include $RULE_PATH/x11.rules #include $RULE_PATH/icmp.rules @@ -955,12 +836,10 @@ include /etc/snort/rules/reference.config #include $RULE_PATH/oracle.rules #include $RULE_PATH/mysql.rules #include $RULE_PATH/snmp.rules - #include $RULE_PATH/smtp.rules #include $RULE_PATH/imap.rules #include $RULE_PATH/pop2.rules #include $RULE_PATH/pop3.rules - #include $RULE_PATH/nntp.rules #include $RULE_PATH/other-ids.rules # include $RULE_PATH/web-attacks.rules @@ -977,7 +856,6 @@ include /etc/snort/rules/reference.config # include $RULE_PATH/spyware-put.rules # include $RULE_PATH/specific-threats.rules #include $RULE_PATH/experimental.rules - # include $PREPROC_RULE_PATH/preprocessor.rules # include $PREPROC_RULE_PATH/decoder.rules diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 569db0fb9d..037de57da5 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -270,7 +270,7 @@ * shadow-4.0.15 * slang-1.4.9 * smartmontools-5.36 -* snort-2.8.3.2 +* snort-2.8.4 * sox-12.18.1 * spandsp-0.0.4pre15 * splix-2.0.0-rc2 diff --git a/lfs/snort b/lfs/snort index cfe1f73bc6..62f9981633 100644 --- a/lfs/snort +++ b/lfs/snort @@ -24,7 +24,7 @@ include Config -VER = 2.8.3.2 +VER = 2.8.4 THISAPP = snort-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) Community-Rules-20070503.tar.gz = $(DL_FROM)/Community-Rules-20070503.tar.gz -$(DL_FILE)_MD5 = f75547da33446ddb4ca07eefd9ce31dc +$(DL_FILE)_MD5 = 193179da8db8aac5ee6b0a751ce7b76d Community-Rules-20070503.tar.gz_MD5 = f236b8a4ac12e99d3e7bd81bf3b5a482 install : $(TARGET) -- 2.39.2