From 83d4c55637161dc97fd611fa4faf3f1872dcc8da Mon Sep 17 00:00:00 2001 From: rob iscool Date: Sun, 1 Mar 2009 04:02:38 -0800 Subject: Updates to Snort.inc and Snort.xml 03-01-09 --- .../client-export/template/config-import | 6 +- .../client-export/template/config-standard | 6 +- .../client-export/template/procchain-import | 4 +- .../client-export/template/procchain-standard | 4 +- config/openvpn-client-export/readme.txt | 88 ++++---- .../source/openvpn-postinstall.nsi | 224 ++++++++++----------- config/openvpn-client-export/source/procchain.cpp | 160 +++++++-------- config/snort/snort.inc | 4 +- config/snort/snort.xml | 2 +- 9 files changed, 249 insertions(+), 249 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/client-export/template/config-import b/config/openvpn-client-export/client-export/template/config-import index 6b4465c2..74f273bd 100755 --- a/config/openvpn-client-export/client-export/template/config-import +++ b/config/openvpn-client-export/client-export/template/config-import @@ -1,3 +1,3 @@ -;!@Install@!UTF-8! -RunProgram="procchain.exe procchain-import" -;!@InstallEnd@! +;!@Install@!UTF-8! +RunProgram="procchain.exe procchain-import" +;!@InstallEnd@! diff --git a/config/openvpn-client-export/client-export/template/config-standard b/config/openvpn-client-export/client-export/template/config-standard index 19e410e9..2dfce2dc 100755 --- a/config/openvpn-client-export/client-export/template/config-standard +++ b/config/openvpn-client-export/client-export/template/config-standard @@ -1,3 +1,3 @@ -;!@Install@!UTF-8! -RunProgram="procchain.exe procchain-standard" -;!@InstallEnd@! +;!@Install@!UTF-8! +RunProgram="procchain.exe procchain-standard" +;!@InstallEnd@! diff --git a/config/openvpn-client-export/client-export/template/procchain-import b/config/openvpn-client-export/client-export/template/procchain-import index 3b7c74fb..c70ad842 100755 --- a/config/openvpn-client-export/client-export/template/procchain-import +++ b/config/openvpn-client-export/client-export/template/procchain-import @@ -1,2 +1,2 @@ -"openvpn-install.exe" -"openvpn-postinstall.exe" /Import +"openvpn-install.exe" +"openvpn-postinstall.exe" /Import diff --git a/config/openvpn-client-export/client-export/template/procchain-standard b/config/openvpn-client-export/client-export/template/procchain-standard index b9d1a1e5..670aadea 100755 --- a/config/openvpn-client-export/client-export/template/procchain-standard +++ b/config/openvpn-client-export/client-export/template/procchain-standard @@ -1,2 +1,2 @@ -"openvpn-install.exe" -"openvpn-postinstall.exe" +"openvpn-install.exe" +"openvpn-postinstall.exe" diff --git a/config/openvpn-client-export/readme.txt b/config/openvpn-client-export/readme.txt index c1c0e3b7..071b6d59 100755 --- a/config/openvpn-client-export/readme.txt +++ b/config/openvpn-client-export/readme.txt @@ -1,44 +1,44 @@ -pfSense OpenVPN Client Export Package -------------------------------------- - -This package includes a webConfigurator interface that allows for easy -expory of user based OpenVPN configurations and pre-configured windows -installer packages. - -Contents --------- -client-export - tgz archive root path -client-export/vpn_openvpn_export.php - pfSense php interface code -client-export/template - installer template path -client-export/template/7zS.sfx - 7zip windows self extractor -client-export/template/config-import - 7zip sfx configuration -client-export/template/config-standard - 7zip sfx configuration -client-export/template/procchain.exe - process chain utility -client-export/template/openvpn-install.exe - openvpn installer -client-export/template/openvpn-postinstall.exe - post installer -client-export/template/procchain-import - procchain configuration -client-export/template/procchain-standard - procchain configuration -client-export/template/config - OpenVPN configuration import path -source/openvpn-postinstall.nsi - post install NSIS script -source/openvpn-postinstall.ico - post install icon -source/procchain.cpp - C++ source for process chain utility -openvpn-client-export.inc - pfSense php pagkage include file -openvpn-client-export.xml - pfSense xml package description - -Configuration -------------- -Before the package can be used, place the OpenVPN installer of your -choice in the template directory and name it 'openvpn-install.exe'. -Then use tar to archive the entire client-export directory from the -root package directory using the following command ... - -tar zcvf openvpn-client-export.tgz client-export - -With the archive created, you will have three relevent files in the -root package directory ... - -openvpn-client-export.inc -openvpn-client-export.tgz -openvpn-client-export.xml - -These files are the only files required for distribution. +pfSense OpenVPN Client Export Package +------------------------------------- + +This package includes a webConfigurator interface that allows for easy +expory of user based OpenVPN configurations and pre-configured windows +installer packages. + +Contents +-------- +client-export - tgz archive root path +client-export/vpn_openvpn_export.php - pfSense php interface code +client-export/template - installer template path +client-export/template/7zS.sfx - 7zip windows self extractor +client-export/template/config-import - 7zip sfx configuration +client-export/template/config-standard - 7zip sfx configuration +client-export/template/procchain.exe - process chain utility +client-export/template/openvpn-install.exe - openvpn installer +client-export/template/openvpn-postinstall.exe - post installer +client-export/template/procchain-import - procchain configuration +client-export/template/procchain-standard - procchain configuration +client-export/template/config - OpenVPN configuration import path +source/openvpn-postinstall.nsi - post install NSIS script +source/openvpn-postinstall.ico - post install icon +source/procchain.cpp - C++ source for process chain utility +openvpn-client-export.inc - pfSense php pagkage include file +openvpn-client-export.xml - pfSense xml package description + +Configuration +------------- +Before the package can be used, place the OpenVPN installer of your +choice in the template directory and name it 'openvpn-install.exe'. +Then use tar to archive the entire client-export directory from the +root package directory using the following command ... + +tar zcvf openvpn-client-export.tgz client-export + +With the archive created, you will have three relevent files in the +root package directory ... + +openvpn-client-export.inc +openvpn-client-export.tgz +openvpn-client-export.xml + +These files are the only files required for distribution. diff --git a/config/openvpn-client-export/source/openvpn-postinstall.nsi b/config/openvpn-client-export/source/openvpn-postinstall.nsi index d23ecdb4..4f03783d 100755 --- a/config/openvpn-client-export/source/openvpn-postinstall.nsi +++ b/config/openvpn-client-export/source/openvpn-postinstall.nsi @@ -1,112 +1,112 @@ -;-------------------------------- -; OpenVPN NSIS Post-Installer -;-------------------------------- - -;-------------------------------- -;Include Modern UI - - !include "MUI.nsh" - !include "FileFunc.nsh" - !include "LogicLib.nsh" - -;-------------------------------- -; General -;-------------------------------- - - Name "OpenVPN Configuration" - OutFile "openvpn-postinstall.exe" - SetCompressor /SOLID lzma - - ShowInstDetails show - -;-------------------------------- -;Include Settings -;-------------------------------- - - !define MUI_ICON "openvpn-postinstall.ico" - !define MUI_ABORTWARNING - -;-------------------------------- -;Pages -;-------------------------------- - - !insertmacro MUI_PAGE_INSTFILES - !insertmacro Locate - !insertmacro GetParameters - !insertmacro GetOptions - -;-------------------------------- -;Languages -;-------------------------------- - - !insertmacro MUI_LANGUAGE "English" - -;-------------------------------- -;Functions -;-------------------------------- - -Function .onInit - - Var /GLOBAL CONFPATH - ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir" - -FunctionEnd - -Function CopyConfFile - - CopyFiles $R9 $CONFPATH\$R7 - Push $0 - -FunctionEnd - -Function ImportConfFile - - ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9" - Push $0 - -FunctionEnd - -;-------------------------------- -;Installer Sections -;-------------------------------- - -Section "Imort Configuration" SectionImport - - DetailPrint "Installing configuration files ..." - ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile" - - DetailPrint "Installing certificate and key files ..." - ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile" - ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile" - - ${GetParameters} $R0 - ${GetOptions} $R0 "/Import" $R1 - IfErrors p12_copy p12_import - - p12_copy: - ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile" - Goto p12_done - - p12_import: - ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile" - Goto p12_done - - p12_done: - -SectionEnd - -;-------------------------------- -;Descriptions -;-------------------------------- - - ;Language strings - LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files." - - ;Assign language strings to sections - !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN - !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport) - !insertmacro MUI_FUNCTION_DESCRIPTION_END - -;-------------------------------- -; END -;-------------------------------- +;-------------------------------- +; OpenVPN NSIS Post-Installer +;-------------------------------- + +;-------------------------------- +;Include Modern UI + + !include "MUI.nsh" + !include "FileFunc.nsh" + !include "LogicLib.nsh" + +;-------------------------------- +; General +;-------------------------------- + + Name "OpenVPN Configuration" + OutFile "openvpn-postinstall.exe" + SetCompressor /SOLID lzma + + ShowInstDetails show + +;-------------------------------- +;Include Settings +;-------------------------------- + + !define MUI_ICON "openvpn-postinstall.ico" + !define MUI_ABORTWARNING + +;-------------------------------- +;Pages +;-------------------------------- + + !insertmacro MUI_PAGE_INSTFILES + !insertmacro Locate + !insertmacro GetParameters + !insertmacro GetOptions + +;-------------------------------- +;Languages +;-------------------------------- + + !insertmacro MUI_LANGUAGE "English" + +;-------------------------------- +;Functions +;-------------------------------- + +Function .onInit + + Var /GLOBAL CONFPATH + ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir" + +FunctionEnd + +Function CopyConfFile + + CopyFiles $R9 $CONFPATH\$R7 + Push $0 + +FunctionEnd + +Function ImportConfFile + + ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9" + Push $0 + +FunctionEnd + +;-------------------------------- +;Installer Sections +;-------------------------------- + +Section "Imort Configuration" SectionImport + + DetailPrint "Installing configuration files ..." + ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile" + + DetailPrint "Installing certificate and key files ..." + ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile" + ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile" + + ${GetParameters} $R0 + ${GetOptions} $R0 "/Import" $R1 + IfErrors p12_copy p12_import + + p12_copy: + ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile" + Goto p12_done + + p12_import: + ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile" + Goto p12_done + + p12_done: + +SectionEnd + +;-------------------------------- +;Descriptions +;-------------------------------- + + ;Language strings + LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files." + + ;Assign language strings to sections + !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN + !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport) + !insertmacro MUI_FUNCTION_DESCRIPTION_END + +;-------------------------------- +; END +;-------------------------------- diff --git a/config/openvpn-client-export/source/procchain.cpp b/config/openvpn-client-export/source/procchain.cpp index b95536cc..dec1c284 100755 --- a/config/openvpn-client-export/source/procchain.cpp +++ b/config/openvpn-client-export/source/procchain.cpp @@ -1,80 +1,80 @@ - -/* - * Copyright (c) 2008 - * Shrew Soft Inc. All rights reserved. - * - * AUTHOR : Matthew Grooms - * mgrooms@shrew.net - * - */ - -#include -#include - -bool runproc( char * path ) -{ - STARTUPINFO si; - memset( &si, 0, sizeof( si ) ); - si.cb = sizeof( si ); - - PROCESS_INFORMATION pi; - memset( &pi, 0, sizeof( pi ) ); - - // Start the child process. - if( !CreateProcess( - NULL, // No module name (use command line). - path, // Command line. - NULL, // Process handle not inheritable. - NULL, // Thread handle not inheritable. - FALSE, // Set handle inheritance to FALSE. - 0, // No creation flags. - NULL, // Use parent's environment block. - NULL, // Use parent's starting directory. - &si, // Pointer to STARTUPINFO structure. - &pi ) ) // Pointer to PROCESS_INFORMATION structure. - { - return false; - } - - // Wait until child process exits. - WaitForSingleObject( pi.hProcess, INFINITE ); - - // Get the exit code - DWORD ExitCode; - GetExitCodeProcess( pi.hProcess, &ExitCode ); - - // Close process and thread handles. - CloseHandle( pi.hProcess ); - CloseHandle( pi.hThread ); - - return ( ExitCode == 0 ); -} - -int APIENTRY WinMain( - HINSTANCE hinstance, - HINSTANCE hPrevInstance, - LPSTR lpCmdLine, - int nCmdShow ) -{ - FILE * fp; - if( fopen_s( &fp, lpCmdLine, "r" ) ) - return -1; - - while( true ) - { - char cmd[ MAX_PATH ]; - memset( cmd, 0, MAX_PATH ); - if( fgets( cmd, MAX_PATH, fp ) == NULL ) - break; - - char * term = strchr( cmd, '\n' ); - if( term != NULL ) - *term = 0; - - if( !runproc( cmd ) ) - return -2; - } - - return 0; -} - + +/* + * Copyright (c) 2008 + * Shrew Soft Inc. All rights reserved. + * + * AUTHOR : Matthew Grooms + * mgrooms@shrew.net + * + */ + +#include +#include + +bool runproc( char * path ) +{ + STARTUPINFO si; + memset( &si, 0, sizeof( si ) ); + si.cb = sizeof( si ); + + PROCESS_INFORMATION pi; + memset( &pi, 0, sizeof( pi ) ); + + // Start the child process. + if( !CreateProcess( + NULL, // No module name (use command line). + path, // Command line. + NULL, // Process handle not inheritable. + NULL, // Thread handle not inheritable. + FALSE, // Set handle inheritance to FALSE. + 0, // No creation flags. + NULL, // Use parent's environment block. + NULL, // Use parent's starting directory. + &si, // Pointer to STARTUPINFO structure. + &pi ) ) // Pointer to PROCESS_INFORMATION structure. + { + return false; + } + + // Wait until child process exits. + WaitForSingleObject( pi.hProcess, INFINITE ); + + // Get the exit code + DWORD ExitCode; + GetExitCodeProcess( pi.hProcess, &ExitCode ); + + // Close process and thread handles. + CloseHandle( pi.hProcess ); + CloseHandle( pi.hThread ); + + return ( ExitCode == 0 ); +} + +int APIENTRY WinMain( + HINSTANCE hinstance, + HINSTANCE hPrevInstance, + LPSTR lpCmdLine, + int nCmdShow ) +{ + FILE * fp; + if( fopen_s( &fp, lpCmdLine, "r" ) ) + return -1; + + while( true ) + { + char cmd[ MAX_PATH ]; + memset( cmd, 0, MAX_PATH ); + if( fgets( cmd, MAX_PATH, fp ) == NULL ) + break; + + char * term = strchr( cmd, '\n' ); + if( term != NULL ) + *term = 0; + + if( !runproc( cmd ) ) + return -2; + } + + return 0; +} + diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c1c1a400..20a03f93 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -140,12 +140,12 @@ function sync_package_snort() /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */ foreach($snortInterfaces as $snortIf) { - $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -A fast &"; + $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -A fast -q"; } /* if block offenders is checked, start snort2c */ if($_POST['blockoffenders']) - $start .= ";sleep 8;snort2c -w /var/db/whitelist -a /var/log/snort/alert"; + $start .= "\nsleep 8;snort2c -w /var/db/whitelist -a /var/log/snort/alert"; $sample_before = "\nBEFORE_MEM=`top | grep Free | grep Wired | awk '{print \$10}'`\n"; $sample_after = "\nAFTER_MEM=`top | grep Free | grep Wired | awk '{print \$10}'`\n"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 6ba362c0..22b8e874 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,7 +46,7 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.2.2 + 2.8.3.2 Services: Snort /usr/local/pkg/snort.inc -- cgit v1.2.3 From 1c453476d78da6607e1d39c8457ea11e54de23f0 Mon Sep 17 00:00:00 2001 From: rob Date: Sat, 11 Apr 2009 03:54:33 -0700 Subject: modified: config/snort/snort.inc Upadte snort.conf to fit snort 2.8.4, New SSL ignore, Flow Changes, Strartup change, New RPC2 Preproc, New Incudes modified: config/snort/snort.xml Update snort.xml version number to 2.8.4 --- config/snort/snort.inc | 207 +++++++++++++++++++++++++++++++++++++++---------- config/snort/snort.xml | 2 +- 2 files changed, 165 insertions(+), 44 deletions(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 5d6a2942..f681c25f 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -138,9 +138,11 @@ function sync_package_snort() /* start a snort process for each interface -gtm */ /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */ + /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */ + /* TODO; get snort to start under nologin shell */ foreach($snortInterfaces as $snortIf) { - $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -A fast -q"; + $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -o -A fast -q"; } /* if block offenders is checked, start snort2c */ @@ -346,6 +348,7 @@ function generate_snort_conf() { conf_mount_ro(); /* build snort configuration file */ + /* TODO; feed back from pfsense users to reduce false positives */ $snort_conf_text = << \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ cmd_validity PORT < host_port > + preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 100 + max_resp_len 256 \ + bounce yes \ + telnet_cmds yes + +##################### + # +# SMTP preprocessor # + # +##################### preprocessor SMTP: \ ports { 25 465 691 } \ @@ -512,39 +587,85 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ xlink2state { enable } +################ + # +# sf Portscan # + # +################ + +preprocessor sfportscan: scan_type { all } \ + proto { all } \ + memcap { 10000000 } \ + sense_level { medium } \ + ignore_scanners { $HOME_NET } + +############################ + # +# OLD # +# preprocessor dcerpc: \ # +# autodetect \ # +# max_frag_size 3000 \ # +# memcap 100000 # + # +############################ + +############### + # +# NEW # +# DCE/RPC 2 # + # +############### + +preprocessor dcerpc2 +preprocessor dcerpc2_server: default + +#################### + # +# DNS preprocessor # + # +#################### + +preprocessor dns: \ + ports { 53 } \ + enable_rdata_overflow + +############################## + # +# NEW # +# Ignore SSL and Encryption # + # +############################## + +preprocessor ssl: noinspect_encrypted, trustservers + +##################### + # +# Snort Output Logs # + # +##################### - - -#sf Portscan -preprocessor sfportscan: proto { all } \ - scan_type { all } \ - sense_level { low } \ - ignore_scanners { \$HOME_NET } - -preprocessor dcerpc: \ - autodetect \ - max_frag_size 3000 \ - memcap 100000 - -preprocessor dns: ports { 53 } enable_rdata_overflow - -#Output plugins -#output database: alert output alert_syslog: LOG_AUTH LOG_ALERT LOG_CONS LOG_NDELAY LOG_PERROR LOG_PID - -output alert_unified: filename alert +output alert_unified: filename snort.alert, limit 128 -#Required files -include /usr/local/etc/snort/classification.config -include /usr/local/etc/snort/reference.config +################# + # +# Misc Includes # + # +################# -# Include any thresholding or suppression commands. See threshold.conf in the -# include threshold.conf +include /usr/local/etc/snort/reference.config +include /usr/local/etc/snort/classification.config +include /usr/local/etc/snort/threshold.conf # Snort user pass through configuration {$snort_config_pass_thru} -#Rulesets, all optional +################### + # +# Rules Selection # + # +################### + {$selected_rules_sections} EOD; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 22b8e874..a35226fe 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,7 +46,7 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.3.2 + 2.8.4.2 Services: Snort /usr/local/pkg/snort.inc -- cgit v1.2.3 From 62520bf1f47c43ebc09c2e10d7f9eb440c8d9c39 Mon Sep 17 00:00:00 2001 From: robscool Date: Mon, 13 Apr 2009 01:55:09 -0700 Subject: update snort.inc snort.xml April 13 09 modified: config/snort/snort.inc Fixed snort.inc; missing slash, added snort.stats. verified changes with security scanners modified: config/snort/snort.xml Changed snort.xml; version change --- config/snort/snort.inc | 13 +++++++++++-- config/snort/snort.xml | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) mode change 100644 => 100755 config/snort/snort.inc (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc old mode 100644 new mode 100755 index f681c25f..5076037c --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -412,7 +412,7 @@ portvar RSH_PORTS 514 portvar SMB_PORTS [139,445] portvar SMTP_PORTS 25 portvar SNMP_PORTS 161 -portvar SSH_PORTS {$ssh_port} +portvar SSH_PORTS {\$ssh_port} portvar TELNET_PORTS 23 portvar MAIL_PORTS [25,143,465,691] portvar SSL_PORTS [25,443,465,636,993,995] @@ -478,6 +478,15 @@ preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp preprocessor stream5_icmp +########################## + # +# NEW # +# Performance Statistics # + # +########################## + +preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 + ################# # # HTTP Inspect # @@ -597,7 +606,7 @@ preprocessor sfportscan: scan_type { all } \ proto { all } \ memcap { 10000000 } \ sense_level { medium } \ - ignore_scanners { $HOME_NET } + ignore_scanners { \$HOME_NET } ############################ # diff --git a/config/snort/snort.xml b/config/snort/snort.xml index a35226fe..af549a27 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,7 +46,7 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.4.2 + 2.8.4.3 Services: Snort /usr/local/pkg/snort.inc -- cgit v1.2.3 From 80c3b66c9c05630a8c42c12573ed84f50c5f1e07 Mon Sep 17 00:00:00 2001 From: robscool Date: Mon, 13 Apr 2009 02:16:29 -0700 Subject: update snort.inc snort.xml April 13 09, 2ND modified: config/snort/snort.inc Fixed snort.inc; missing slash, added snort.stats. verified changes with security scanners modified: config/snort/snort.xml Changed snort.xml; version change --- config/snort/snort.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 5076037c..15dd1ad6 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -412,7 +412,7 @@ portvar RSH_PORTS 514 portvar SMB_PORTS [139,445] portvar SMTP_PORTS 25 portvar SNMP_PORTS 161 -portvar SSH_PORTS {\$ssh_port} +portvar SSH_PORTS {$ssh_port} portvar TELNET_PORTS 23 portvar MAIL_PORTS [25,143,465,691] portvar SSL_PORTS [25,443,465,636,993,995] -- cgit v1.2.3 From e44e823f4e02415341f7182316107731d11f51b7 Mon Sep 17 00:00:00 2001 From: robscool Date: Wed, 15 Apr 2009 23:33:33 -0700 Subject: modified: snort.inc snort.xml pkg_config.7.xml 04-15-09 modified: config/snort/snort.inc Change of startup commands modified: config/snort/snort.xml Change version number. modified: pkg_config.7.xml Change of version number. --- config/snort/snort.inc | 2 +- config/snort/snort.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 15dd1ad6..6de4c8f3 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -142,7 +142,7 @@ function sync_package_snort() /* TODO; get snort to start under nologin shell */ foreach($snortInterfaces as $snortIf) { - $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -o -A fast -q"; + $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -A fast -q"; } /* if block offenders is checked, start snort2c */ diff --git a/config/snort/snort.xml b/config/snort/snort.xml index af549a27..e9a8c87d 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,7 +46,7 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.4.3 + 2.8.4 Services: Snort /usr/local/pkg/snort.inc -- cgit v1.2.3