aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/snort/snort.inc21
-rw-r--r--config/snort/snort.xml2
-rw-r--r--config/snort/snort_download_rules.php50
-rwxr-xr-xpkg_config.7.xml2
4 files changed, 44 insertions, 31 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 7789d863..a6cbc605 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -418,13 +418,22 @@ portvar TELNET_PORTS 23
portvar MAIL_PORTS [25,143,465,691]
portvar SSL_PORTS [25,443,465,636,993,995]
+# DCERPC NCACN-IP-TCP
+portvar DCERPC_NCACN_IP_TCP [139,445]
+portvar DCERPC_NCADG_IP_UDP [138,1024:]
+portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
+portvar DCERPC_NCACN_UDP_LONG [135,1024:]
+portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
+portvar DCERPC_NCACN_TCP [2103,2105,2107]
+portvar DCERPC_BRIGHTSTORE [6503,6504]
+
#####################
#
# Define Rule Paths #
#
#####################
-var RULE_PATH ./rules
+var RULE_PATH /usr/local/etc/snort/rules
# var PREPROC_RULE_PATH ./preproc_rules
################################
@@ -456,6 +465,7 @@ config event_queue: max_queue 8 log 3 order_events content_length
#Configure dynamic loaded libraries
dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
+dynamicdetection directory /usr/local/lib/snort/dynamicrules/
###################
#
@@ -626,8 +636,11 @@ preprocessor sfportscan: scan_type { all } \
#
###############
-preprocessor dcerpc2
-preprocessor dcerpc2_server: default
+preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
+preprocessor dcerpc2_server: default, policy WinXP, \
+ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
+ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
+ smb_max_chain 3
####################
#
@@ -646,7 +659,7 @@ preprocessor dns: \
#
##############################
-preprocessor ssl: noinspect_encrypted, trustservers
+preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted
#####################
#
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 14165e62..9bccf830 100644
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.8.4.1</version>
- <title>Services: Snort 2.8.4.1 pkg v. 1.0</title>
+ <title>Services: Snort 2.8.4.1 pkg v. 1.1</title>
<include_file>/usr/local/pkg/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 4bfaa87d..dbbc727e 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -244,31 +244,31 @@ if (file_exists("{$tmpfname}/{$snort_filename}")) {
/* Compair md5 sig to file sig */
-$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_url_chk == on) {
-$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
- if ($md5 == $file_md5_ondisk) {
- update_status(gettext("Valid md5 checksum pass..."));
-} else {
- update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
- update_output_window(gettext("Error md5 Mismatch..."));
- exit(0);
- }
-}
-
-$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_url_chk != on) {
-$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
- if ($md55 == $file_md5_ondisk2) {
- update_status(gettext("Valid md5 checksum pass..."));
-} else {
- update_status(gettext("The downloaded file does not match the md5 file...Not P"));
- update_output_window(gettext("Error md5 Mismatch..."));
- exit(0);
- }
-}
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// exit(0);
+// }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+// update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+// update_output_window(gettext("Error md5 Mismatch..."));
+// exit(0);
+// }
+//}
/* Untar snort rules file individually to help people with low system specs */
if (file_exists("{$tmpfname}/$snort_filename")) {
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 2440a7da..ff4f4846 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -192,7 +192,7 @@
<depends_on_package>mysql-client-5.1.34.tbz</depends_on_package>
<depends_on_package>snort-2.8.4.1.tbz</depends_on_package>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.8.4</version>
+ <version>2.8.4.1</version>
<required_version>1.2.2</required_version>
<status>Stable</status>
<configurationfile>snort.xml</configurationfile>