From f5e3369fea74c031349921eb1ff5e25366724244 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Jun 2015 17:46:09 -0400 Subject: Fix corrupt snort.conf created when IP REP is enabled with no IP lists. --- config/snort/snort_generate_conf.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index 297e833b..646697bf 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -876,9 +876,9 @@ if (is_array($snortcfg['wlist_files']['item'])) { } } if (!empty($blist_files)) - $ip_lists = $blist_files; + $ip_lists = ", \\ \n\t" . $blist_files; if (!empty($wlist_files)) - $ip_lists .= ", \\ \n" . $wlist_files; + $ip_lists .= ", \\ \n\t" . $wlist_files; if ($snortcfg['iprep_scan_local'] == 'on') $ip_lists .= ", \\ \n\tscan_local"; @@ -888,8 +888,7 @@ preprocessor reputation: \ memcap {$snortcfg['iprep_memcap']}, \ priority {$snortcfg['iprep_priority']}, \ nested_ip {$snortcfg['iprep_nested_ip']}, \ - white {$snortcfg['iprep_white']}, \ - {$ip_lists} + white {$snortcfg['iprep_white']}{$ip_lists} EOD; -- cgit v1.2.3 From c0d4d133895ce0d25d9b8ea0bbdbbd63b284ab18 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Jun 2015 18:08:25 -0400 Subject: Increase PHP memory to 384MB to handle large rules arrays. --- config/snort/snort.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 64ab6ea5..bb5ff792 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -40,7 +40,7 @@ require_once("filter.inc"); require("/usr/local/pkg/snort/snort_defs.inc"); // Snort GUI needs some extra PHP memory space to manipulate large rules arrays -ini_set("memory_limit", "256M"); +ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes global $g, $config, $rebuild_rules, $pfSense_snort_version; -- cgit v1.2.3 From 85c3766ea245828b175e68cd2c037e43406221ce Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Jun 2015 18:12:35 -0400 Subject: Bump Snort package version to 3.2.5 --- config/snort/snort.xml | 4 ++-- config/snort/snort_defs.inc | 4 ++-- config/snort/snort_migrate_config.php | 2 +- config/snort/snort_post_install.php | 4 ++-- pkg_config.10.xml | 4 ++-- pkg_config.8.xml | 4 ++-- pkg_config.8.xml.amd64 | 4 ++-- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 1f1a7d24..c9401f05 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,8 +46,8 @@ None Currently there are no FAQ items provided. Snort - 2.9.7.2 - Services:2.9.7.2 pkg v3.2.4 + 2.9.7.3 + Services:2.9.7.3 pkg v3.2.5 /usr/local/pkg/snort/snort.inc Snort diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index 912fa3d3..3f5c82e5 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013,2014 Bill Meeks + * Copyright (C) 2013-2015 Bill Meeks * part of pfSense * All rights reserved. * @@ -55,7 +55,7 @@ if (!defined("SNORT_BIN_VERSION")) { if (!empty($snortver[0])) define("SNORT_BIN_VERSION", $snortver[0]); else - define("SNORT_BIN_VERSION", "2.9.7.2"); + define("SNORT_BIN_VERSION", "2.9.7.3"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 941a8151..dcc5aa76 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -533,7 +533,7 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index f93f1c87..7b931246 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -263,8 +263,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4"; -write_config("Snort pkg v3.2.4: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; +write_config("Snort pkg v3.2.5: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 560c8426..3e4a8549 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -392,14 +392,14 @@ Security bin/snort:security/snort security - snort-2.9.7.2-##ARCH##.pbi + snort-2.9.7.3-##ARCH##.pbi security/snort security/barnyard2 barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA https://packages.pfsense.org/packages/config/snort/snort.xml - 3.2.4 + 3.2.5 2.2 Stable /snort.xml diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 9e59b3ac..d8a08253 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -486,14 +486,14 @@ Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection. Security https://files.pfsense.org/packages/8/All/ - snort-2.9.7.2-i386.pbi + snort-2.9.7.3-i386.pbi security/snort security/barnyard2 barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET=PULLEDPORK FILEINSPECT HA;perl_SET=THREADS https://packages.pfsense.org/packages/config/snort/snort.xml - 2.9.7.2 pkg v3.2.4 + 2.9.7.3 pkg v3.2.5 2.1 Stable /snort.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index a572b727..280a8bcc 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -473,14 +473,14 @@ Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection. Security https://files.pfsense.org/packages/amd64/8/All/ - snort-2.9.7.2-amd64.pbi + snort-2.9.7.3-amd64.pbi security/snort security/barnyard2 barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET=PULLEDPORK FILEINSPECT HA;perl_SET=THREADS https://packages.pfsense.org/packages/config/snort/snort.xml - 2.9.7.2 pkg v3.2.4 + 2.9.7.3 pkg v3.2.5 2.1 Stable /snort.xml -- cgit v1.2.3 From 778bc69fb73af841bce35652ea67b18d0d6d7bf4 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 4 Jun 2015 13:58:53 -0400 Subject: Backout Snort updates for pfSense 2.1.x -- they are no longer supported. --- pkg_config.8.xml | 4 ++-- pkg_config.8.xml.amd64 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index d8a08253..9e59b3ac 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -486,14 +486,14 @@ Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection. Security https://files.pfsense.org/packages/8/All/ - snort-2.9.7.3-i386.pbi + snort-2.9.7.2-i386.pbi security/snort security/barnyard2 barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET=PULLEDPORK FILEINSPECT HA;perl_SET=THREADS https://packages.pfsense.org/packages/config/snort/snort.xml - 2.9.7.3 pkg v3.2.5 + 2.9.7.2 pkg v3.2.4 2.1 Stable /snort.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 280a8bcc..a572b727 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -473,14 +473,14 @@ Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection. Security https://files.pfsense.org/packages/amd64/8/All/ - snort-2.9.7.3-amd64.pbi + snort-2.9.7.2-amd64.pbi security/snort security/barnyard2 barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET=PULLEDPORK FILEINSPECT HA;perl_SET=THREADS https://packages.pfsense.org/packages/config/snort/snort.xml - 2.9.7.3 pkg v3.2.5 + 2.9.7.2 pkg v3.2.4 2.1 Stable /snort.xml -- cgit v1.2.3