mirror of
https://github.com/Ponce/slackbuilds
synced 2024-09-29 17:37:55 +02:00
network/snort: Updated for version 2.9.7.0.
Signed-off-by: David Spencer <baildon.research@googlemail.com>
This commit is contained in:
parent
f8fcf19788
commit
1343d1b305
5 changed files with 73 additions and 107 deletions
|
@ -3,6 +3,7 @@ It is capable of performing real-time traffic analysis, alerting, blocking
|
||||||
and packet logging on IP networks. It utilizes a combination of protocol
|
and packet logging on IP networks. It utilizes a combination of protocol
|
||||||
analysis and pattern matching in order to detect a anomalies, misuse and
|
analysis and pattern matching in order to detect a anomalies, misuse and
|
||||||
attacks.
|
attacks.
|
||||||
|
|
||||||
Snort uses a flexible rules language to describe activity that can be
|
Snort uses a flexible rules language to describe activity that can be
|
||||||
considered malicious or anomalous as well as an analysis engine that
|
considered malicious or anomalous as well as an analysis engine that
|
||||||
incorporates a modular plugin architecture. Snort is capable of detecting
|
incorporates a modular plugin architecture. Snort is capable of detecting
|
||||||
|
|
|
@ -4,28 +4,12 @@ README.SLACKWARE
|
||||||
Documentation
|
Documentation
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Please read the snort_manual.pdf file that should be included with this
|
|
||||||
distribution for full documentation on the program as well as a guide to
|
|
||||||
getting started.
|
|
||||||
|
|
||||||
This package builds a very basic snort implementation useful for monitoring
|
This package builds a very basic snort implementation useful for monitoring
|
||||||
traffic as an IDS or packet logger and as a sort of improved tcpdump.
|
traffic as an IDS or packet logger and as a sort of improved tcpdump. More
|
||||||
For more information, check out snort's homepage at:
|
information can be found at the following URLs:
|
||||||
|
https://www.snort.org/ (homepage)
|
||||||
http://www.snort.org/
|
https://www.snort.org/#documents (documentation links)
|
||||||
http://www.snort.org/docs/
|
http://manual.snort.org/ (user manual)
|
||||||
|
|
||||||
|
|
||||||
Source tarball and newer releases
|
|
||||||
---------------------------------
|
|
||||||
|
|
||||||
snort.org has no direct links to the source tarball, that's why it is also
|
|
||||||
hosted on http://www.nielshorn.net/
|
|
||||||
This is needed for sbopkg to work.
|
|
||||||
|
|
||||||
If you want a newer version than the one available there, check:
|
|
||||||
|
|
||||||
https://www.snort.org/snort-downloads
|
|
||||||
|
|
||||||
|
|
||||||
Starting snort
|
Starting snort
|
||||||
|
@ -47,116 +31,94 @@ As an example, you can put this in your /etc/rc.d/rc.local script:
|
||||||
And this in your /etc/rc.d/rc.local_shutdown:
|
And this in your /etc/rc.d/rc.local_shutdown:
|
||||||
|
|
||||||
if [ -x /etc/rc.d/rc.snort ]; then
|
if [ -x /etc/rc.d/rc.snort ]; then
|
||||||
/etc/rc.d/rc.snort stop
|
IFACE=xxxx /etc/rc.d/rc.snort stop
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
Installing / Updating Rules etc.
|
Installing and Updating Rules
|
||||||
--------------------------------
|
-----------------------------
|
||||||
|
|
||||||
In order for Snort to function properly, you need to provide rule files.
|
In order for Snort to function properly, you need to download rules, and
|
||||||
You can either get a paid subscription (newest rules) at:
|
you need to update the rules regularly.
|
||||||
|
|
||||||
https://www.snort.org/vrt/buy-a-subscription
|
You can get a paid subscription for the latest rules at
|
||||||
|
https://www.snort.org/products
|
||||||
or register for free (only rules >30 days old) at:
|
|
||||||
|
|
||||||
https://www.snort.org/signup
|
|
||||||
|
|
||||||
Then download your rules from:
|
|
||||||
|
|
||||||
|
or you can register for free to download rules >30 days old at
|
||||||
|
https://www.snort.org/users/sign_up
|
||||||
|
then download your rules from
|
||||||
https://www.snort.org/snort-rules
|
https://www.snort.org/snort-rules
|
||||||
|
|
||||||
The downloaded file contains the rules, signatures and updated configuration
|
The downloaded .tar.gz file contains rules and updated configuration files.
|
||||||
files. Be careful when updating these, as you will probably have customized
|
Be careful merging them, as you will probably have customized a few settings
|
||||||
a few settings in your snort.conf
|
in your snort.conf. You need to
|
||||||
At the end of this file is a sample script that you can use as a base to
|
|
||||||
automate unpacking of the tarball. It updates the rules, signatures and some
|
|
||||||
configurations, but copies the new snort.conf as snort.conf.new, so that you
|
|
||||||
can examine it later.
|
|
||||||
This script is included only as an example and without any guarantee.
|
|
||||||
** Use at your own risk! **
|
|
||||||
|
|
||||||
Basically, you need to
|
|
||||||
1) put the new rules/* into /etc/snort/rules/
|
1) put the new rules/* into /etc/snort/rules/
|
||||||
2) put the new preproc_rules/* into /etc/snort/preproc_rules/
|
2) put the new preproc_rules/* into /etc/snort/preproc_rules/
|
||||||
3) put the new doc/signatures/* into /usr/doc/snort-*/signatures/
|
3) put the new etc/* into /etc/snort/ (except for snort.conf)
|
||||||
4) put the new etc/* into /etc/snort/ (except for snort.conf)
|
4) review any changes to snort.conf and merge them into /etc/snort.conf
|
||||||
|
5) restart snort:
|
||||||
|
# IFACE=xxxx /etc/rc.d/rc.snort restart
|
||||||
|
|
||||||
After updating your files, restart snort with:
|
Below is a sample script that you can use to do steps 1-3 automatically.
|
||||||
|
The script installs the new configuration as snort.conf.new, so that you can
|
||||||
|
review it.
|
||||||
|
|
||||||
# /etc/rc.d/rc.snort restart
|
|
||||||
|
|
||||||
=============================================================================
|
|
||||||
Sample script to update rules, signatures and configurations
|
|
||||||
*** USE AT YOUR OWN RISK *** NO GUARANTEES ***
|
|
||||||
=============================================================================
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#=============================================================================
|
||||||
|
# Sample script to update snort rules, signatures and configurations
|
||||||
|
# *** USE AT YOUR OWN RISK *** NO GUARANTEES ***
|
||||||
|
#=============================================================================
|
||||||
|
# Written by Niels Horn
|
||||||
|
# Maintained by David Spencer <baildon.research@googlemail.com>
|
||||||
|
# v2 2015-02-22 dbs
|
||||||
|
|
||||||
# snortrules_update
|
|
||||||
#
|
|
||||||
# Written by Niels Horn <niels.horn@gmail.com>
|
|
||||||
# Nothing guaranteed, use at your own risk!
|
|
||||||
#
|
|
||||||
# v1.00-2010/09/18 - first attempt
|
|
||||||
#
|
|
||||||
|
|
||||||
CWD=$(pwd)
|
|
||||||
CONFDIR=/etc/snort
|
CONFDIR=/etc/snort
|
||||||
|
|
||||||
# Exit on most errors
|
# Exit on most errors
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ "x$1" = "x" ]; then
|
if [ -z "$1" ]; then
|
||||||
echo "Specify snortrules-snapshot file:"
|
echo "Please specify snortrules-snapshot file:"
|
||||||
echo
|
echo " $0 snortrules-snapshot-nnnn.tar.gz"
|
||||||
echo " $0 <snortrules-snapshot>"
|
|
||||||
echo
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Configuration files
|
# Configuration files
|
||||||
echo "*** Updating configuration files..."
|
echo "*** Updating configuration files..."
|
||||||
for cf in $( tar tf $1 | grep "etc/" ); do
|
for cf in $( tar tf "$1" | grep "etc/" ); do
|
||||||
if [ ! "$cf" = "etc/" ]; then
|
if [ ! "$cf" = "etc/" ]; then
|
||||||
file=$(basename $cf)
|
file=$(basename "$cf")
|
||||||
tar -xf $1 $cf -O > $CONFDIR/$file.new
|
tar -o -xf "$1" "$cf" -O > "$CONFDIR/$file.new"
|
||||||
# check if it is "snort.conf"
|
# check if it is "snort.conf"
|
||||||
if [ ! "$file" = "snort.conf" ]; then
|
if [ "$file" = "snort.conf" ]; then
|
||||||
|
LIBDIRSUFFIX=""
|
||||||
|
[ "$(uname -m)" = 'x86_64' ] && LIBDIRSUFFIX="64"
|
||||||
|
sed -i -e "s#/usr/local/lib/#/usr/lib$LIBDIRSUFFIX/#g" "$CONFDIR/snort.conf.new"
|
||||||
|
else
|
||||||
# OK, it is something else, we can handle this
|
# OK, it is something else, we can handle this
|
||||||
if [ -r $CONFDIR/$file ]; then
|
if [ -r "$CONFDIR/$file" ]; then
|
||||||
# we have a previous version
|
# we have a previous version
|
||||||
if [ "$(cat $CONFDIR/$file | md5sum)" = "$(cat $CONFDIR/$file.new | md5sum)" ]; then
|
if [ "$(md5sum <"$CONFDIR/$file")" = "$(md5sum <"$CONFDIR/$file.new")" ]; then
|
||||||
# nothing new, dump previous version
|
# nothing new, dump previous version
|
||||||
rm $CONFDIR/$file
|
rm "$CONFDIR/$file"
|
||||||
else
|
else
|
||||||
# keep previous version
|
# keep previous version
|
||||||
mv -f $CONFDIR/$file $CONFDIR/$file.old
|
mv -f "$CONFDIR/$file" "$CONFDIR/$file.old"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# move new file over
|
# move new file over
|
||||||
mv -f $CONFDIR/$file.new $CONFDIR/$file
|
mv -f "$CONFDIR/$file.new" "$CONFDIR/$file"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# rules
|
# rules
|
||||||
echo "*** Updating rules..."
|
echo "*** Updating rules..."
|
||||||
cd /etc/snort/rules
|
tar -o --strip-components=1 --directory=/etc/snort/rules --wildcards -xf "$1" 'rules/*'
|
||||||
tar --strip-components=1 --wildcards -xf $CWD/$1 rules/*
|
|
||||||
cd - > /dev/null
|
|
||||||
|
|
||||||
# preproc-rules
|
# preproc-rules
|
||||||
echo "*** Updating preproc_rules..."
|
echo "*** Updating preproc_rules..."
|
||||||
cd /etc/snort/preproc_rules
|
tar -o --strip-components=1 --directory=/etc/snort/preproc_rules --wildcards -xf "$1" 'preproc_rules/*'
|
||||||
tar --strip-components=1 --wildcards -xf $CWD/$1 preproc_rules/*
|
|
||||||
cd - > /dev/null
|
|
||||||
|
|
||||||
# signatures
|
|
||||||
echo "*** Updating signatures..."
|
|
||||||
cd /usr/doc/snort-*/signatures
|
|
||||||
tar --strip-components=2 --wildcards -xf $CWD/$1 doc/signatures/*
|
|
||||||
cd - > /dev/null
|
|
||||||
|
|
||||||
echo "All done."
|
echo "All done."
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Start/stop/restart snort
|
# Start/stop/restart snort
|
||||||
|
|
||||||
# This tell snort which interface to listen on (any for every interface)
|
# This tell snort which interface to listen on ("any" == every interface)
|
||||||
IFACE=${IFACE:-any}
|
IFACE=${IFACE:-any}
|
||||||
|
|
||||||
# Make sure this matches your IFACE
|
# Make sure this matches your IFACE
|
||||||
|
@ -23,18 +23,22 @@ snort_start() {
|
||||||
|
|
||||||
# Stop snort:
|
# Stop snort:
|
||||||
snort_stop() {
|
snort_stop() {
|
||||||
echo -n "Stopping Snort daemon ($IFACE)..."
|
if [ -f "$PIDFILE" ]; then
|
||||||
kill $(cat $PIDFILE)
|
echo -n "Stopping Snort daemon (interface $IFACE)..."
|
||||||
echo
|
kill $(cat $PIDFILE)
|
||||||
sleep 1
|
echo
|
||||||
rm -f $PIDFILE
|
sleep 1
|
||||||
|
rm -f $PIDFILE
|
||||||
|
else
|
||||||
|
echo "Pidfile $PIDFILE not found!"
|
||||||
|
echo "Either Snort is not running or you should specify IFACE=xxxx"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Restart snort:
|
# Restart snort:
|
||||||
snort_restart() {
|
snort_restart() {
|
||||||
snort_stop
|
snort_stop && sleep 1 && snort_start
|
||||||
sleep 1
|
|
||||||
snort_start
|
|
||||||
}
|
}
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
|
|
@ -21,13 +21,12 @@
|
||||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||||
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||||
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
#
|
||||||
# Modified by the SlackBuilds.org project
|
# Modified by the SlackBuilds.org project
|
||||||
|
# Maintained by David Spencer <baildon.research@googlemail.com>
|
||||||
# revision date: 2012/09/15
|
|
||||||
|
|
||||||
PRGNAM=snort
|
PRGNAM=snort
|
||||||
VERSION=${VERSION:-2.9.5.6}
|
VERSION=${VERSION:-2.9.7.0}
|
||||||
BUILD=${BUILD:-1}
|
BUILD=${BUILD:-1}
|
||||||
TAG=${TAG:-_SBo}
|
TAG=${TAG:-_SBo}
|
||||||
|
|
||||||
|
@ -81,7 +80,7 @@ find -L . \
|
||||||
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
||||||
-o -perm 511 \) -exec chmod 755 {} \; -o \
|
-o -perm 511 \) -exec chmod 755 {} \; -o \
|
||||||
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
||||||
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
|
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
|
||||||
|
|
||||||
CFLAGS="$SLKCFLAGS" \
|
CFLAGS="$SLKCFLAGS" \
|
||||||
CXXFLAGS="$SLKCFLAGS" \
|
CXXFLAGS="$SLKCFLAGS" \
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
PRGNAM="snort"
|
PRGNAM="snort"
|
||||||
VERSION="2.9.5.6"
|
VERSION="2.9.7.0"
|
||||||
HOMEPAGE="http://www.snort.org/"
|
HOMEPAGE="http://www.snort.org/"
|
||||||
DOWNLOAD="http://sourceforge.net/projects/slackbuildsdirectlinks/files/snort/snort-2.9.5.6.tar.gz"
|
DOWNLOAD="https://www.snort.org/downloads/snort/snort-2.9.7.0.tar.gz"
|
||||||
MD5SUM="e993c97c1710d68a7b67813fe98c09a4"
|
MD5SUM="c2a45bc56441ee9456478f219dd8d1e2"
|
||||||
DOWNLOAD_x86_64=""
|
DOWNLOAD_x86_64=""
|
||||||
MD5SUM_x86_64=""
|
MD5SUM_x86_64=""
|
||||||
REQUIRES="daq"
|
REQUIRES="daq"
|
||||||
MAINTAINER="Niels Horn"
|
MAINTAINER="David Spencer"
|
||||||
EMAIL="niels.horn@gmail.com"
|
EMAIL="baildon.research@googlemail.com"
|
||||||
|
|
Loading…
Reference in a new issue