From 8cf631a6315b426ebb6622fefe7367bdc6172398 Mon Sep 17 00:00:00 2001 From: robiscool Date: Mon, 8 Jun 2009 17:29:01 -0700 Subject: upadted and refined snort.conf, snort.xml upadte pkg version, snort_download_rules.php tmp remove md5 checksum, pkg_config7.xml updated snort pkg version --- config/snort/snort.inc | 21 ++++++++++++--- config/snort/snort.xml | 2 +- config/snort/snort_download_rules.php | 50 +++++++++++++++++------------------ 3 files changed, 43 insertions(+), 30 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7789d863..a6cbc605 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -418,13 +418,22 @@ portvar TELNET_PORTS 23 portvar MAIL_PORTS [25,143,465,691] portvar SSL_PORTS [25,443,465,636,993,995] +# DCERPC NCACN-IP-TCP +portvar DCERPC_NCACN_IP_TCP [139,445] +portvar DCERPC_NCADG_IP_UDP [138,1024:] +portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:] +portvar DCERPC_NCACN_UDP_LONG [135,1024:] +portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:] +portvar DCERPC_NCACN_TCP [2103,2105,2107] +portvar DCERPC_BRIGHTSTORE [6503,6504] + ##################### # # Define Rule Paths # # ##################### -var RULE_PATH ./rules +var RULE_PATH /usr/local/etc/snort/rules # var PREPROC_RULE_PATH ./preproc_rules ################################ @@ -456,6 +465,7 @@ config event_queue: max_queue 8 log 3 order_events content_length #Configure dynamic loaded libraries dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so +dynamicdetection directory /usr/local/lib/snort/dynamicrules/ ################### # @@ -626,8 +636,11 @@ preprocessor sfportscan: scan_type { all } \ # ############### -preprocessor dcerpc2 -preprocessor dcerpc2_server: default +preprocessor dcerpc2: memcap 102400, events [smb, co, cl] +preprocessor dcerpc2_server: default, policy WinXP, \ + detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ + autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ + smb_max_chain 3 #################### # @@ -646,7 +659,7 @@ preprocessor dns: \ # ############################## -preprocessor ssl: noinspect_encrypted, trustservers +preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted ##################### # diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 14165e62..9bccf830 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.8.4.1 - Services: Snort 2.8.4.1 pkg v. 1.0 + Services: Snort 2.8.4.1 pkg v. 1.1 /usr/local/pkg/snort.inc Snort diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index 4bfaa87d..dbbc727e 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -244,31 +244,31 @@ if (file_exists("{$tmpfname}/{$snort_filename}")) { /* Compair md5 sig to file sig */ -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk == on) { -$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); -$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if ($md5 == $file_md5_ondisk) { - update_status(gettext("Valid md5 checksum pass...")); -} else { - update_status(gettext("The downloaded file does not match the md5 file...P is ON")); - update_output_window(gettext("Error md5 Mismatch...")); - exit(0); - } -} - -$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; -if ($premium_url_chk != on) { -$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; -$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; - if ($md55 == $file_md5_ondisk2) { - update_status(gettext("Valid md5 checksum pass...")); -} else { - update_status(gettext("The downloaded file does not match the md5 file...Not P")); - update_output_window(gettext("Error md5 Mismatch...")); - exit(0); - } -} +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk == on) { +//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}"); +//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md5 == $file_md5_ondisk) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...P is ON")); +// update_output_window(gettext("Error md5 Mismatch...")); +// exit(0); +// } +//} + +//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber']; +//if ($premium_url_chk != on) { +//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`; +//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`; +// if ($md55 == $file_md5_ondisk2) { +// update_status(gettext("Valid md5 checksum pass...")); +//} else { +// update_status(gettext("The downloaded file does not match the md5 file...Not P")); +// update_output_window(gettext("Error md5 Mismatch...")); +// exit(0); +// } +//} /* Untar snort rules file individually to help people with low system specs */ if (file_exists("{$tmpfname}/$snort_filename")) { -- cgit v1.2.3