From 46dff71309ed3cb2af23aecc06c409eac4608c94 Mon Sep 17 00:00:00 2001 From: ms Date: Fri, 4 May 2007 12:25:11 +0000 Subject: [PATCH] Snort Fixes. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@524 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- config/snort/snort.conf | 110 ++++++++++++++++++------------------ html/cgi-bin/ids.cgi | 10 ++-- lfs/snort | 5 +- src/misc-progs/clamavctrl.c | 6 +- 4 files changed, 65 insertions(+), 66 deletions(-) diff --git a/config/snort/snort.conf b/config/snort/snort.conf index 382ded863..7e2a951e6 100644 --- a/config/snort/snort.conf +++ b/config/snort/snort.conf @@ -1,17 +1,17 @@ ################################################### # # This file contains the default snort configuration. -# for all IPCop Versions -# Unless you are totally happy with this file,please +# for all IPFire Versions +# Unless you are totally happy with this file, please # only change whats needed +# This file is automatically changed by +# the webinterface, too. # # 1) Set the network variables for your network # 2) Configure preprocessors # 3) Configure output plugins # 4) Customize your rule set # -# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $ -# ################################################### # Only area a user needs to edit include /etc/snort/vars @@ -24,7 +24,7 @@ var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521 var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] -var RULE_PATH /etc/snort +var RULE_PATH /etc/snort/rules ################################################### # Do NOT Edit past this line @@ -70,54 +70,52 @@ preprocessor xlink2state: ports { 25 691 } include $RULE_PATH/classification.config include $RULE_PATH/reference.config #========================================= -include $RULE_PATH/bad-traffic.rules -include $RULE_PATH/exploit.rules -include $RULE_PATH/scan.rules -include $RULE_PATH/finger.rules -include $RULE_PATH/ftp.rules -include $RULE_PATH/telnet.rules -include $RULE_PATH/rpc.rules -include $RULE_PATH/rservices.rules -include $RULE_PATH/dos.rules -include $RULE_PATH/ddos.rules -include $RULE_PATH/dns.rules -include $RULE_PATH/tftp.rules - -include $RULE_PATH/web-cgi.rules -include $RULE_PATH/web-coldfusion.rules -include $RULE_PATH/web-iis.rules -include $RULE_PATH/web-frontpage.rules -include $RULE_PATH/web-misc.rules -include $RULE_PATH/web-client.rules -include $RULE_PATH/web-php.rules - -include $RULE_PATH/sql.rules -include $RULE_PATH/x11.rules -include $RULE_PATH/icmp.rules -include $RULE_PATH/netbios.rules -include $RULE_PATH/misc.rules -include $RULE_PATH/attack-responses.rules -include $RULE_PATH/oracle.rules -include $RULE_PATH/mysql.rules -include $RULE_PATH/snmp.rules - -include $RULE_PATH/smtp.rules -include $RULE_PATH/imap.rules -include $RULE_PATH/pop2.rules -include $RULE_PATH/pop3.rules - -include $RULE_PATH/nntp.rules -include $RULE_PATH/other-ids.rules -# include $RULE_PATH/web-attacks.rules -# include $RULE_PATH/backdoor.rules -# include $RULE_PATH/shellcode.rules -# include $RULE_PATH/policy.rules -# include $RULE_PATH/porn.rules -# include $RULE_PATH/info.rules -# include $RULE_PATH/icmp-info.rules -# include $RULE_PATH/virus.rules -# include $RULE_PATH/chat.rules -# include $RULE_PATH/multimedia.rules -# include $RULE_PATH/p2p.rules -# include $RULE_PATH/experimental.rules -include $RULE_PATH/local.rules +include $RULE_PATH/bleeding-attack_response.rules +include $RULE_PATH/bleeding-botcc-BLOCK.rules +include $RULE_PATH/bleeding-botcc.excluded +include $RULE_PATH/bleeding-botcc.rules +include $RULE_PATH/bleeding-botcc.rules.dragon.xml +include $RULE_PATH/bleeding-dos.rules +include $RULE_PATH/bleeding-drop-BLOCK.rules +include $RULE_PATH/bleeding-drop.rules +include $RULE_PATH/bleeding-drop.rules.dragon.xml +include $RULE_PATH/bleeding-dshield-BLOCK.rules +include $RULE_PATH/bleeding-dshield.rules +include $RULE_PATH/bleeding-exploit.rules +include $RULE_PATH/bleeding-game.rules +include $RULE_PATH/bleeding-inappropriate.rules +include $RULE_PATH/bleeding-malware.rules +include $RULE_PATH/bleeding-p2p.rules +include $RULE_PATH/bleeding-policy.rules +include $RULE_PATH/bleeding-scan.rules +include $RULE_PATH/bleeding-sid-msg.map +include $RULE_PATH/bleeding-virus.rules +include $RULE_PATH/bleeding-voip.rules +include $RULE_PATH/bleeding-web.rules +include $RULE_PATH/bleeding.rules +include $RULE_PATH/community-bot.rules +include $RULE_PATH/community-deleted.rules +include $RULE_PATH/community-dos.rules +include $RULE_PATH/community-exploit.rules +include $RULE_PATH/community-ftp.rules +include $RULE_PATH/community-game.rules +include $RULE_PATH/community-icmp.rules +include $RULE_PATH/community-imap.rules +include $RULE_PATH/community-inappropriate.rules +include $RULE_PATH/community-mail-client.rules +include $RULE_PATH/community-misc.rules +include $RULE_PATH/community-nntp.rules +include $RULE_PATH/community-oracle.rules +include $RULE_PATH/community-policy.rules +include $RULE_PATH/community-sid-msg.map +include $RULE_PATH/community-sip.rules +include $RULE_PATH/community-smtp.rules +include $RULE_PATH/community-sql-injection.rules +include $RULE_PATH/community-virus.rules +include $RULE_PATH/community-web-attacks.rules +include $RULE_PATH/community-web-cgi.rules +include $RULE_PATH/community-web-client.rules +include $RULE_PATH/community-web-dos.rules +include $RULE_PATH/community-web-iis.rules +include $RULE_PATH/community-web-misc.rules +include $RULE_PATH/community-web-php.rules diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 362b4b464..6ef9da7d3 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -450,7 +450,7 @@ if ($results ne '') { if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) { &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'}); # Output display table for rule files - print "
"; + print "
"; print ""; @@ -466,7 +466,7 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable # Check if reached half-way through rule file rules to start new column if ($ruledisplaycnt > $rulecnt) { - print "
"; + print "
"; $ruledisplaycnt = 0; } @@ -522,16 +522,16 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable # Check for empty 'Description' if ($snortrules{$rulefile}{'Description'} eq '') { - print "
"; + print "
No description available
"; } else { # Output rule file 'Description' - print "
No description available
"; + print "
$snortrules{$rulefile}{'Description'}
"; } # Check for display flag if ($displayrulefilerules) { # Rule file definition rule display - print "
$snortrules{$rulefile}{'Description'}
"; + print "
"; # Local vars my $ruledefdisplaycnt = 0; diff --git a/lfs/snort b/lfs/snort index 7168c10ec..edd3d15c8 100644 --- a/lfs/snort +++ b/lfs/snort @@ -88,8 +88,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) tar xvfz $(DIR_DL)/Community-Rules-20070503.tar.gz -C /etc/snort/ tar xvfz $(DIR_DL)/bleeding.rules-20070503.tar.gz -C /etc/snort/ - cd $(DIR_APP) && install -m 0644 etc/unicode.map \ - etc/reference.config etc/classification.config /etc/snort + cd $(DIR_APP) && install -m 0644 \ + etc/reference.config etc/classification.config /etc/snort/rules + cd $(DIR_APP) && install -m 0644 etc/unicode.map /etc/snort install -m 0644 $(DIR_SRC)/config/snort/snort.conf /etc/snort chown -R nobody:nobody /etc/snort -mkdir -p /var/log/snort diff --git a/src/misc-progs/clamavctrl.c b/src/misc-progs/clamavctrl.c index 09f539872..f1a65b9f6 100644 --- a/src/misc-progs/clamavctrl.c +++ b/src/misc-progs/clamavctrl.c @@ -30,9 +30,9 @@ int main(int argc, char *argv[]) { } else if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/clamav restart"); } else if (strcmp(argv[1], "enable") == 0) { - safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc3.d/S20clamav >/dev/null 2>&1"); - safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc0.d/K80clamav >/dev/null 2>&1"); - safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc6.d/K80clamav >/dev/null 2>&1"); + safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc3.d/S33clamav >/dev/null 2>&1"); + safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc0.d/K67clamav >/dev/null 2>&1"); + safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc6.d/K67clamav >/dev/null 2>&1"); } else if (strcmp(argv[1], "disable") == 0) { safe_system("rm -f /etc/rc.d/rc*.d/*clamav >/dev/null 2>&1"); } else { -- 2.39.2