Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-09-29 17:37:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

network/snort: Updated for version 2.9.7.0.

Browse source 
Signed-off-by: David Spencer <baildon.research@googlemail.com>
This commit is contained in:
David Spencer 2015-02-22 16:53:35 +00:00 committed by Willy Sudiarto Raharjo
parent f8fcf19788
commit 1343d1b305
5 changed files with 73 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
network/snort/README
View file

@ -3,6 +3,7 @@ It is capable of performing real-time traffic analysis, alerting, blocking
and packet logging on IP networks. It utilizes a combination of protocol and packet logging on IP networks. It utilizes a combination of protocol
analysis and pattern matching in order to detect a anomalies, misuse and analysis and pattern matching in order to detect a anomalies, misuse and
attacks. attacks.
Snort uses a flexible rules language to describe activity that can be Snort uses a flexible rules language to describe activity that can be
considered malicious or anomalous as well as an analysis engine that considered malicious or anomalous as well as an analysis engine that
incorporates a modular plugin architecture. Snort is capable of detecting incorporates a modular plugin architecture. Snort is capable of detecting

138
network/snort/README.SLACKWARE
View file

@ -4,28 +4,12 @@ README.SLACKWARE
Documentation Documentation
------------- -------------
Please read the snort_manual.pdf file that should be included with this
distribution for full documentation on the program as well as a guide to
getting started.
This package builds a very basic snort implementation useful for monitoring This package builds a very basic snort implementation useful for monitoring
traffic as an IDS or packet logger and as a sort of improved tcpdump. traffic as an IDS or packet logger and as a sort of improved tcpdump. More
For more information, check out snort's homepage at: information can be found at the following URLs:
https://www.snort.org/ (homepage)
http://www.snort.org/ https://www.snort.org/#documents (documentation links)
http://www.snort.org/docs/ http://manual.snort.org/ (user manual)
Source tarball and newer releases
---------------------------------
snort.org has no direct links to the source tarball, that's why it is also
hosted on http://www.nielshorn.net/
This is needed for sbopkg to work.
If you want a newer version than the one available there, check:
https://www.snort.org/snort-downloads
Starting snort Starting snort
@ -47,116 +31,94 @@ As an example, you can put this in your /etc/rc.d/rc.local script:
And this in your /etc/rc.d/rc.local_shutdown: And this in your /etc/rc.d/rc.local_shutdown:
if [ -x /etc/rc.d/rc.snort ]; then if [ -x /etc/rc.d/rc.snort ]; then
/etc/rc.d/rc.snort stop IFACE=xxxx /etc/rc.d/rc.snort stop
fi fi
Installing / Updating Rules etc. Installing and Updating Rules
-------------------------------- -----------------------------
In order for Snort to function properly, you need to provide rule files. In order for Snort to function properly, you need to download rules, and
You can either get a paid subscription (newest rules) at: you need to update the rules regularly.
https://www.snort.org/vrt/buy-a-subscription You can get a paid subscription for the latest rules at
https://www.snort.org/products
or register for free (only rules >30 days old) at:
https://www.snort.org/signup
Then download your rules from:
or you can register for free to download rules >30 days old at
https://www.snort.org/users/sign_up
then download your rules from
https://www.snort.org/snort-rules https://www.snort.org/snort-rules
The downloaded file contains the rules, signatures and updated configuration The downloaded .tar.gz file contains rules and updated configuration files.
files. Be careful when updating these, as you will probably have customized Be careful merging them, as you will probably have customized a few settings
a few settings in your snort.conf in your snort.conf. You need to
At the end of this file is a sample script that you can use as a base to
automate unpacking of the tarball. It updates the rules, signatures and some
configurations, but copies the new snort.conf as snort.conf.new, so that you
can examine it later.
This script is included only as an example and without any guarantee.
** Use at your own risk! **
Basically, you need to
1) put the new rules/* into /etc/snort/rules/ 1) put the new rules/* into /etc/snort/rules/
2) put the new preproc_rules/* into /etc/snort/preproc_rules/ 2) put the new preproc_rules/* into /etc/snort/preproc_rules/
3) put the new doc/signatures/* into /usr/doc/snort-*/signatures/ 3) put the new etc/* into /etc/snort/ (except for snort.conf)
4) put the new etc/* into /etc/snort/ (except for snort.conf) 4) review any changes to snort.conf and merge them into /etc/snort.conf
5) restart snort:
# IFACE=xxxx /etc/rc.d/rc.snort restart
After updating your files, restart snort with: Below is a sample script that you can use to do steps 1-3 automatically.
The script installs the new configuration as snort.conf.new, so that you can
review it.
# /etc/rc.d/rc.snort restart
=============================================================================
Sample script to update rules, signatures and configurations
*** USE AT YOUR OWN RISK *** NO GUARANTEES ***
=============================================================================
#!/bin/bash #!/bin/bash
#=============================================================================
# Sample script to update snort rules, signatures and configurations
# *** USE AT YOUR OWN RISK *** NO GUARANTEES ***
#=============================================================================
# Written by Niels Horn
# Maintained by David Spencer <baildon.research@googlemail.com>
# v2 2015-02-22 dbs
# snortrules_update
#
# Written by Niels Horn <niels.horn@gmail.com>
# Nothing guaranteed, use at your own risk!
#
# v1.00-2010/09/18 - first attempt
#
CWD=$(pwd)
CONFDIR=/etc/snort CONFDIR=/etc/snort
# Exit on most errors # Exit on most errors
set -e set -e
if [ "x$1" = "x" ]; then if [ -z "$1" ]; then
echo "Specify snortrules-snapshot file:" echo "Please specify snortrules-snapshot file:"
echo echo " $0 snortrules-snapshot-nnnn.tar.gz"
echo " $0 <snortrules-snapshot>"
echo
exit 1 exit 1
fi fi
# Configuration files # Configuration files
echo "*** Updating configuration files..." echo "*** Updating configuration files..."
for cf in $( tar tf $1 | grep "etc/" ); do for cf in $( tar tf "$1" | grep "etc/" ); do
if [ ! "$cf" = "etc/" ]; then if [ ! "$cf" = "etc/" ]; then
file=$(basename $cf) file=$(basename "$cf")
tar -xf $1 $cf -O > $CONFDIR/$file.new tar -o -xf "$1" "$cf" -O > "$CONFDIR/$file.new"
# check if it is "snort.conf" # check if it is "snort.conf"
if [ ! "$file" = "snort.conf" ]; then if [ "$file" = "snort.conf" ]; then
LIBDIRSUFFIX=""
[ "$(uname -m)" = 'x86_64' ] && LIBDIRSUFFIX="64"
sed -i -e "s#/usr/local/lib/#/usr/lib$LIBDIRSUFFIX/#g" "$CONFDIR/snort.conf.new"
else
# OK, it is something else, we can handle this # OK, it is something else, we can handle this
if [ -r $CONFDIR/$file ]; then if [ -r "$CONFDIR/$file" ]; then
# we have a previous version # we have a previous version
if [ "$(cat $CONFDIR/$file | md5sum)" = "$(cat $CONFDIR/$file.new | md5sum)" ]; then if [ "$(md5sum <"$CONFDIR/$file")" = "$(md5sum <"$CONFDIR/$file.new")" ]; then
# nothing new, dump previous version # nothing new, dump previous version
rm $CONFDIR/$file rm "$CONFDIR/$file"
else else
# keep previous version # keep previous version
mv -f $CONFDIR/$file $CONFDIR/$file.old mv -f "$CONFDIR/$file" "$CONFDIR/$file.old"
fi fi
fi fi
# move new file over # move new file over
mv -f $CONFDIR/$file.new $CONFDIR/$file mv -f "$CONFDIR/$file.new" "$CONFDIR/$file"
fi fi
fi fi
done done
# rules # rules
echo "*** Updating rules..." echo "*** Updating rules..."
cd /etc/snort/rules tar -o --strip-components=1 --directory=/etc/snort/rules --wildcards -xf "$1" 'rules/*'
tar --strip-components=1 --wildcards -xf $CWD/$1 rules/*
cd - > /dev/null
# preproc-rules # preproc-rules
echo "*** Updating preproc_rules..." echo "*** Updating preproc_rules..."
cd /etc/snort/preproc_rules tar -o --strip-components=1 --directory=/etc/snort/preproc_rules --wildcards -xf "$1" 'preproc_rules/*'
tar --strip-components=1 --wildcards -xf $CWD/$1 preproc_rules/*
cd - > /dev/null
# signatures
echo "*** Updating signatures..."
cd /usr/doc/snort-*/signatures
tar --strip-components=2 --wildcards -xf $CWD/$1 doc/signatures/*
cd - > /dev/null
echo "All done." echo "All done."

22
network/snort/rc.snort
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# Start/stop/restart snort # Start/stop/restart snort
# This tell snort which interface to listen on (any for every interface) # This tell snort which interface to listen on ("any" == every interface)
IFACE=${IFACE:-any} IFACE=${IFACE:-any}
# Make sure this matches your IFACE # Make sure this matches your IFACE
@ -23,18 +23,22 @@ snort_start() {
# Stop snort: # Stop snort:
snort_stop() { snort_stop() {
echo -n "Stopping Snort daemon ($IFACE)..." if [ -f "$PIDFILE" ]; then
kill $(cat $PIDFILE) echo -n "Stopping Snort daemon (interface $IFACE)..."
echo kill $(cat $PIDFILE)
sleep 1 echo
rm -f $PIDFILE sleep 1
rm -f $PIDFILE
else
echo "Pidfile $PIDFILE not found!"
echo "Either Snort is not running or you should specify IFACE=xxxx"
exit 1
fi
} }
# Restart snort: # Restart snort:
snort_restart() { snort_restart() {
snort_stop snort_stop && sleep 1 && snort_start
sleep 1
snort_start
} }
case "$1" in case "$1" in

9
network/snort/snort.SlackBuild
View file

@ -21,13 +21,12 @@
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Modified by the SlackBuilds.org project # Modified by the SlackBuilds.org project
# Maintained by David Spencer <baildon.research@googlemail.com>
# revision date: 2012/09/15
PRGNAM=snort PRGNAM=snort
VERSION=${VERSION:-2.9.5.6} VERSION=${VERSION:-2.9.7.0}
BUILD=${BUILD:-1} BUILD=${BUILD:-1}
TAG=${TAG:-_SBo} TAG=${TAG:-_SBo}
@ -81,7 +80,7 @@ find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
-o -perm 511 \) -exec chmod 755 {} \; -o \ -o -perm 511 \) -exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
CFLAGS="$SLKCFLAGS" \ CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \

10
network/snort/snort.info
View file

@ -1,10 +1,10 @@
PRGNAM="snort" PRGNAM="snort"
VERSION="2.9.5.6" VERSION="2.9.7.0"
HOMEPAGE="http://www.snort.org/" HOMEPAGE="http://www.snort.org/"
DOWNLOAD="http://sourceforge.net/projects/slackbuildsdirectlinks/files/snort/snort-2.9.5.6.tar.gz" DOWNLOAD="https://www.snort.org/downloads/snort/snort-2.9.7.0.tar.gz"
MD5SUM="e993c97c1710d68a7b67813fe98c09a4" MD5SUM="c2a45bc56441ee9456478f219dd8d1e2"
DOWNLOAD_x86_64="" DOWNLOAD_x86_64=""
MD5SUM_x86_64="" MD5SUM_x86_64=""
REQUIRES="daq" REQUIRES="daq"
MAINTAINER="Niels Horn" MAINTAINER="David Spencer"
EMAIL="niels.horn@gmail.com" EMAIL="baildon.research@googlemail.com"