From 448a530be437cfde416c62ccf6460395887af384 Mon Sep 17 00:00:00 2001 From: robiscool Date: Sat, 13 Mar 2010 17:53:57 -0800 Subject: snort-dev, major rewites of startup code started, protected bootup code started --- config/snort-dev/images/footer2.jpg | Bin 0 -> 31879 bytes config/snort-dev/snort.inc | 241 +++++++++++++++++++++++- config/snort-dev/snort.xml | 2 +- config/snort-dev/snort_interfaces.php | 284 +++++++++++++++++++++++------ config/snort-dev/snort_interfaces_edit.php | 15 +- pkg_config.7.xml | 2 +- pkg_config.8.xml | 21 +-- 7 files changed, 482 insertions(+), 83 deletions(-) create mode 100644 config/snort-dev/images/footer2.jpg diff --git a/config/snort-dev/images/footer2.jpg b/config/snort-dev/images/footer2.jpg new file mode 100644 index 00000000..37bdb18e Binary files /dev/null and b/config/snort-dev/images/footer2.jpg differ diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 4294966f..513fc626 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -444,13 +444,14 @@ function sync_snort_package() conf_mount_ro(); } - /* make sure this func on writes to files and does not start snort */ function sync_snort_package_all() { global $config, $g, $id, $if_real, $interface_fake; conf_mount_rw(); + + /* RedDevil suggested code */ /* TODO: more testing needs to be done */ exec("/sbin/sysctl net.bpf.bufsize=8388608"); @@ -458,6 +459,9 @@ exec("/sbin/sysctl net.bpf.maxbufsize=4194304"); exec("/sbin/sysctl net.bpf.maxinsns=512"); exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); +if ($id != '' && $if_real != '') +{ + /* do not start config build if rules is empty */ if (!empty($config['installedpackages']['snortglobal']['rule'])) { @@ -477,6 +481,9 @@ exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* create snort configuration file */ create_snort_conf(); + /* create snort bootup file snort.sh */ + create_snort_sh(); + /* if rules exist cp rules to each iface */ create_rules_iface(); @@ -492,6 +499,8 @@ exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); /* create snort configuration file */ create_snort_conf(); + /* create snort bootup file snort.sh */ + create_snort_sh(); /* if rules exist cp rules to each iface */ create_rules_iface(); @@ -554,11 +563,218 @@ exec("/sbin/sysctl net.inet.tcp.rfc1323=1"); conf_mount_ro(); } +} /* Start of main config files */ /* Start of main config files */ +////////////////////////// >>>>>>>>>> + + +/* open snort.sh for writing" */ +function create_snort_sh() +{ + # Don not add $id or this will break + + global $config, $g, $if_real, $if_real_wan; + conf_mount_rw(); + + $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; + + /* define snortbarnyardlog_chk */ + if ($snortbarnyardlog_info_chk == on) { + + $start_barnyard2 = "sleep 4/n/usr/local/bin/barnyard2 -u snort -g snort -c /usr/local/etc/snort/snort_$id$if_real/barnyard2.conf -d /var/log/snort -f snort.u2_$id$if_real -w /usr/local/etc/snort/snort_$id$if_real/barnyard2.waldo -D -q"; + +} + + /* do not start config build if rules is empty */ + if (!empty($config['installedpackages']['snortglobal']['rule'])) + { + if ($id == "") + { + + $rule_array = $config['installedpackages']['snortglobal']['rule']; + $id = -1; + foreach ($rule_array as $value) + { + + $id += 1; + + $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; + $if_real = convert_friendly_interface_to_real_interface_name($result_lan); + + /* Get all interface startup commands ready */ + +$snort_sh_text2[] = << /tmp/snort.sh.pid + + # Start snort and barnyard2 + /bin/rm /var/run/snort_$if_real$id$if_real.pid + /bin/rm /var/run/snort_$if_real$id$if_real.pid.lck + + /usr/local/bin/snort -u snort -g snort -R $id$if_real -D -q -l /var/log/snort -G $id -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -i $if_real + $start_barnyard2 + + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD Reload For $id$if_real..." + + fi +EOD; + +$snort_sh_text3[] = << /tmp/snort.sh.pid + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For $id$if_real..." + + /bin/kill \${pid_s} + sleep 3 + /bin/kill \${pid_b} + + /bin/rm /var/run/snort_$if_real$id$if_real.pid.lck + /bin/rm /var/run/snort_$if_real$id$if_real.pid + + fi +EOF; + + } + } + } + +$start_snort_iface_start = implode("\n\n", $snort_sh_text2); + +$start_snort_iface_restart = implode("\n\n", $snort_sh_text3); + +$start_snort_iface_stop = implode("\n\n", $snort_sh_text4); + +/* open snort.sh for writing" */ +conf_mount_rw(); + +$snort_sh_text = << /dev/null ; then + + /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" + exit 0 + + fi + + /bin/echo "snort.sh run" > /tmp/snort.sh.pid + +$start_snort_iface_restart + + /bin/rm /tmp/snort.sh.pid + + #### If on Fake start snort is NOT running DO a real start. + if [ "`/bin/ps -auwx | grep -v grep | grep "R $id$if_real" | awk '{print $2;}'`" = "" ]; then + + rc_start_real + + fi +} + +rc_start_real() { + + #### Check for double starts, Pfsense has problems with that + if /bin/ls /tmp/snort.sh.pid > /dev/null ; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" + exit 0 + fi + +$start_snort_iface_start + + /bin/rm /tmp/snort.sh.pid + +} + +rc_stop() { + + #### Check for double starts, Pfsense has problems with that + if /bin/ls /tmp/snort.sh.pid > /dev/null ; then + /usr/bin/logger -p daemon.info -i -t SnortStartup "Error: snort.sh IS running" + exit 0 + fi + +$start_snort_iface_stop + + /bin/rm /tmp/snort.sh.pid + /bin/rm /var/run/snort* + +} + +case $1 in + start) + rc_start + ;; + start_real) + rc_start_real + ;; + stop) + rc_stop + ;; + restart) + rc_stop + rc_start_real + ;; +esac + +EOD; + + /* write out snort.sh */ + $bconf = fopen("/usr/local/etc/rc.d/snort.sh", "w"); + if(!$bconf) { + log_error("Could not open /usr/local/etc/rc.d/snort.sh for writing."); + exit; + } + /* write snort.sh */ + fwrite($bconf, $snort_sh_text); + fclose($bconf); + +} + + +///////////////////////// >>>>>>>>>>>> /* if rules exist copy to new interfaces */ function create_rules_iface() @@ -566,16 +782,19 @@ function create_rules_iface() global $config, $g, $id, $if_real; conf_mount_rw(); - - $if_rule_dir = "/usr/local/etc/snort/snort_$id$if_real/rules"; - $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full'; - - if ($folder_chk == "empty") + + if ($id != '' || $if_real != '') { - exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_$id$if_real"); - if (file_exists("/usr/local/etc/snort/custom_rules/local_$id$if_real.rules")) + $if_rule_dir = "/usr/local/etc/snort/snort_$id$if_real/rules"; + $folder_chk = (count(glob("$if_rule_dir/*")) === 0) ? 'empty' : 'full'; + + if ($folder_chk == "empty") { - exec("/bin/cp /usr/local/etc/snort/custom_rules/local_$id$if_real.rules /usr/local/etc/snort/snort_$id$if_real/rules/local_$id$if_real.rules"); + exec("/bin/cp -R /usr/local/etc/snort/rules /usr/local/etc/snort/snort_$id$if_real"); + if (file_exists("/usr/local/etc/snort/custom_rules/local_$id$if_real.rules")) + { + exec("/bin/cp /usr/local/etc/snort/custom_rules/local_$id$if_real.rules /usr/local/etc/snort/snort_$id$if_real/rules/local_$id$if_real.rules"); + } } } } @@ -795,6 +1014,9 @@ function generate_snort_conf() global $config, $g, $if_real, $id; conf_mount_rw(); +if ($id != '' && $if_real != '') +{ + /* obtain external interface */ /* XXX: make multi wan friendly */ $snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; @@ -820,6 +1042,7 @@ function generate_snort_conf() exec("/bin/mkdir -p /usr/local/etc/snort/snort_$id$if_real/rules"); } } +} /* define snortalertlogtype */ $snortalertlogtype = $config['installedpackages']['snortglobal']['snortalertlogtype']; diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 6a46cf7e..6ab6ee7a 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -141,7 +141,7 @@ /usr/local/www/snort/ 077 - http://www.pfsense.com/packages/config/snort-dev/help_and_info.php + http://www.pfsense.com/packages/config/snort-dev/help_and_info.html /usr/local/www/snort/ diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index e5b42e4d..996ff83b 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -31,7 +31,7 @@ require("guiconfig.inc"); require("/usr/local/pkg/snort/snort_gui.inc"); -require("/usr/local/pkg/snort/snort.inc"); +include_once("/usr/local/pkg/snort/snort.inc"); $id = $_GET['id']; if (isset($_POST['id'])) @@ -78,35 +78,84 @@ if (isset($_POST['del_x'])) { /* delete selected rules */ if (is_array($_POST['rule']) && count($_POST['rule'])) { foreach ($_POST['rule'] as $rulei) { - - - /* dont flood the syslog code */ - exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop $rulei"); - - /* stop syslog flood code */ - $if_real_wan_rulei = $a_nat[$rulei]['interface']; - $if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); - exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); - exec("/usr/bin/killall syslogd"); - exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); - sleep(2); - exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); - $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); - - unset($a_nat[$rulei]); - + + /* convert fake interfaces to real */ + $if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']); + + $snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real -c\" | awk '{print $2;}'"); + + if ($snort_pid != "") + { + + $start_up_pre = exec("/bin/cat /var/run/snort_{$if_real}{$rulei}{$if_real}.pid"); + $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + + $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$rulei}{$if_real}.pid"); + $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + + + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + + /* dont flood the syslog code */ + exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); + sleep(3); + + + /* remove only running instances */ + if ($start_up_s != "") + { + exec("/bin/kill {$start_up_s}"); + exec("/bin/rm /var/run/snort_$if_real$rulei$if_real*"); + } + + if ($start2_upb_s != "") + { + exec("/bin/kill {$start2_upb_s}"); + exec("/bin/rm /var/run/barnyard2_$rulei$if_real*"); + } + + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("/bin/rm /var/run/snort_$if_real$rulei$if_real*"); + } + + if ($start2_upb_r != "") + { + exec("/bin/kill {$start2_upb_r}"); + exec("/bin/rm /var/run/barnyard2_$rulei$if_real*"); + } + + /* stop syslog flood code */ + $if_real_wan_rulei = $a_nat[$rulei]['interface']; + $if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); + exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); + exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); + exec("/usr/bin/killall syslogd"); + exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); + sleep(2); + exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); + $after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); + + } + + } + + unset($a_nat[$rulei]); + } - - - - conf_mount_rw(); - exec("/bin/rm -r /usr/local/etc/snort/snort_$rulei$if_real"); - exec("/bin/rm /var/log/snort/snort.u2_$rulei$if_real*"); - conf_mount_ro(); + + conf_mount_rw(); + exec("/bin/rm -r /usr/local/etc/snort/snort_$rulei$if_real"); + exec("/bin/rm /usr/local/etc/rc.d/snort_$rulei$if_real.sh"); + exec("/bin/rm /var/log/snort/snort.u2_$rulei$if_real*"); + conf_mount_ro(); write_config(); // touch($d_natconfdirty_path); @@ -166,19 +215,88 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "") { $if_real2 = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']); - $name = "{$id}{$if_real2}"; - $snort_pid = exec("pgrep -F /var/run/snort_{$if_real2}{$name}.pid snort"); - if ($snort_pid != "") { - exec("/bin/sh /usr/local/etc/rc.d/snort.sh stop $name"); + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$id}{$if_real2}\" | awk '{print \$1;}'"); + $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + + //$start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$id}{$if_real2}.pid"); + //$start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + //$start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + + + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + + /* stop syslog flood code */ + //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); + //sleep(3); + + if ($start_up_s != "") + { + exec("/bin/kill {$start_up_s}"); + exec("/bin/rm /var/run/snort_$if_real2$id$if_real2*"); + } + + //if ($start2_upb_s != "") + //{ + //exec("/bin/kill {$start2_upb_s}"); + //exec("/bin/rm /var/run/barnyard2_$id$if_real2*"); + //} + + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("/bin/rm /var/run/snort_$if_real2$id$if_real2*"); + } + + //if ($start2_upb_r != "") + //{ + //exec("/bin/kill {$start2_upb_r}"); + //exec("/bin/rm /var/run/barnyard2_$id$if_real2*"); + //} + + /* stop syslog flood code */ + $if_real_wan_id = $a_nat[$id]['interface']; + $if_real_wan_id2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_id); + exec("/sbin/ifconfig $if_real_wan_id2 -promisc"); + //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$id$if_real2.log"); + //exec("/usr/bin/killall syslogd"); + //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); + //sleep(2); + //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); + //$after_mem2 = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$id}{$if_real2} STOP {$after_mem2}'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$id}{$if_real2}...'"); + + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + }else{ sync_snort_package_all(); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh start $name"); + + exec("/usr/local/bin/snort -u snort -g snort -R \"$id$if_real2\" -D -q -l /var/log/snort -G $id -c /usr/local/etc/snort/snort_$id$if_real2/snort.conf -i $if_real2"); + //print_r("$id $if_real2"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); } - header("Location: snort_interfaces.php"); + } -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.10 Alpha"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.10 alpha"; include("head.inc"); ?> @@ -186,6 +304,7 @@ include("head.inc");

@@ -237,18 +371,18 @@ padding: 15px 10px 50% 50px; - - + +
@@ -264,30 +398,47 @@ padding: 15px 10px 50% 50px;
- - + +
- - "> - + + Note:
- This is the Snort Menu, displaying an overview of all interface settings. + This is the Snort Menu where you can see an over view of all your interface settings.
- Please edit the Global Settings tab before adding an interface. + Please edit the Global Settings tab befor adding an interface.

- Click on the icon to add an interface.                           Click on the icon to start snort and barnyard. + Click on the icon to add a interface.                           Click on the icon to start snort and barnyard.
- Click on the icon to edit an interface and settings.      Click on the icon to stop snort and barnyard. + Click on the icon to edit a interface and settings.      Click on the icon to stop snort and barnyard.
- Click on the icon to delete an interface and settings. + Click on the icon to delete a interface and settings. @@ -410,6 +564,24 @@ if ($pkg['tabs'] <> "") { ?> - +
+ + +
+ Apps + Snort® is a registered trademark of Sourcefire, Inc., Barnyard2® is a registered trademark of securixlive.com., Orion® copyright Robert Zelaya., + Emergingthreats is a registered trademark of emergingthreats.net., Mysql® is a registered trademark of Mysql.com. +
+ + + + + diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 9d2301f0..6bdb0dc7 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -121,7 +121,7 @@ if (isset($_GET['dup'])) /* convert fake interfaces to real */ $if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); -if ($_POST["Submit"]) { +if ($_POST['Submit']) { /* input validation */ // if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { @@ -277,24 +277,29 @@ if ($_POST["Submit"]) { write_config(); // stop_service("snort"); - if ($pconfig['interface'] != "") { + if ($pconfig['interface'] != '' && $id != '') { sync_snort_package_all(); + } - if ($pconfig['interface'] != "") { + if ($pconfig['interface'] != '' && $id != '') { header("Location: /snort/snort_interfaces_edit.php?id=$id"); }else{ touch($d_natconfdirty_path); header("Location: /snort/snort_interfaces.php"); + } exit; } } if ($_POST["Submit2"]) { - sync_snort_package_all(); + if ($id != '') + { + sync_snort_package_all(); + } sleep(1); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart {$id}{$if_real}"); + exec("/bin/sh /usr/local/etc/rc.d/snort.sh start {$id}{$if_real}"); header("Location: /snort/snort_interfaces_edit.php?id=$id"); exit; } diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 0dd05974..35241bb1 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -347,7 +347,7 @@ mysql-client-5.1.44_1.tbz snort-2.8.5.3.tbz http://www.pfsense.com/packages/config/snort-dev/snort.xml - 2.8.5.3 pkg v. 1.10 + 2.8.5.3 pkg v. 1.11 1.2.3 alpha /snort.xml diff --git a/pkg_config.8.xml b/pkg_config.8.xml index a060586b..886c096d 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -256,20 +256,19 @@ snort-dev http://forum.pfsense.org/index.php/topic,16847.0.html http://www.snort.org - Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. + WARNING: This is the Snort-dev branch and maybe broken while in development. Please post package version and Pfsense Version on the forums when posting bugs. Security - http://www.pfsense.com/packages/config/snort-dev/bin/ - libnet10-1.0.2a_4,1.tbz - pcre-7.9.tbz - mysql-client-5.1.34.tbz - snort-2.8.5.2.tbz - barnyard2-1.7.tbz + http://www.pfsense.com/packages/config/snort-dev/bin/7.2.x86/ + pcre-8.00.tbz + perl-5.10.1.tbz + mysql-client-5.1.44_1.tbz + snort-2.8.5.3.tbz http://www.pfsense.com/packages/config/snort-dev/snort.xml - 2.8.5.2 - 2.0 - Stable + 2.8.5.3 pkg v. 1.11 + 1.2.3 + alpha /snort.xml - Please visit the Snort settings tab and enter your oinkid code. Afterwards visit the update rules tab to download the snort rules. + This is the Snort-dev branch and is stable as of Alpha. siproxd -- cgit v1.2.3