diff options
-rwxr-xr-x | config/snort/snort.inc | 21 | ||||
-rw-r--r-- | config/snort/snort.xml | 2 | ||||
-rw-r--r-- | config/snort/snort_download_rules.php | 50 | ||||
-rwxr-xr-x | pkg_config.7.xml | 2 |
4 files changed, 44 insertions, 31 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7789d863..a6cbc605 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -418,13 +418,22 @@ portvar TELNET_PORTS 23 portvar MAIL_PORTS [25,143,465,691] portvar SSL_PORTS [25,443,465,636,993,995] +# DCERPC NCACN-IP-TCP +portvar DCERPC_NCACN_IP_TCP [139,445] +portvar DCERPC_NCADG_IP_UDP [138,1024:] +portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] +portvar DCERPC_NCACN_UDP_LONG [135,1024:] +portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] +portvar DCERPC_NCACN_TCP [2103,2105,2107] +portvar DCERPC_BRIGHTSTORE [6503,6504] + ##################### # # Define Rule Paths # # ##################### -var RULE_PATH ./rules +var RULE_PATH /usr/local/etc/snort/rules # var PREPROC_RULE_PATH ./preproc_rules ################################ @@ -456,6 +465,7 @@ config event_queue: max_queue 8 log 3 order_events content_length #Configure dynamic loaded libraries dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so +dynamicdetection directory /usr/local/lib/snort/dynamicrules/ ################### # @@ -626,8 +636,11 @@ preprocessor sfportscan: scan_type { all } \ # ############### -preprocessor dcerpc2 -preprocessor dcerpc2_server: default +preprocessor dcerpc2: memcap 102400, events [smb, co, cl] +preprocessor dcerpc2_server: default, policy WinXP, \ + detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ + autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ + smb_max_chain 3 #################### # @@ -646,7 +659,7 @@ preprocessor dns: \ # ############################## -preprocessor ssl: noinspect_encrypted, trustservers +preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted ##################### # diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 14165e62..9bccf830 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.8.4.1</version> - <title>Services: Snort 2.8.4.1 pkg v. 1.0</title> + <title>Services: Snort 2.8.4.1 pkg v. 1.1</title> <include_file>/usr/local/pkg/snort.inc</include_file> <menu> <name>Snort</name> diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 4bfaa87d..dbbc727e 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -244,31 +244,31 @@ if (file_exists("{$tmpfname}/{$snort_filename}")) { /* Compair md5 sig to file sig */ -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk == on) { -$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if ($md5 == $file_md5_ondisk) { - update_status(gettext("Valid md5 checksum pass...")); -} else { - update_status(gettext("The downloaded file does not match the md5 file...P is ON")); - update_output_window(gettext("Error md5 Mismatch...")); - exit(0); - } -} - -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk != on) { -$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if ($md55 == $file_md5_ondisk2) { - update_status(gettext("Valid md5 checksum pass...")); -} else { - update_status(gettext("The downloaded file does not match the md5 file...Not P")); - update_output_window(gettext("Error md5 Mismatch...")); - exit(0); - } -} +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk == on) { +//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md5 == $file_md5_ondisk) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); +// update_output_window(gettext("Error md5 Mismatch...")); +// exit(0); +// } +//} + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk != on) { +//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; +//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md55 == $file_md5_ondisk2) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...Not P")); +// update_output_window(gettext("Error md5 Mismatch...")); +// exit(0); +// } +//} /* Untar snort rules file individually to help people with low system specs */ if (file_exists("{$tmpfname}/$snort_filename")) { diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 2440a7da..ff4f4846 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -192,7 +192,7 @@ <depends_on_package>mysql-client-5.1.34.tbz</depends_on_package> <depends_on_package>snort-2.8.4.1.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file> - <version>2.8.4</version> + <version>2.8.4.1</version> <required_version>1.2.2</required_version> <status>Stable</status> <configurationfile>snort.xml</configurationfile> |