mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
Snort Fixes.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@524 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
@@ -1,17 +1,17 @@
|
||||
###################################################
|
||||
#
|
||||
# This file contains the default snort configuration.
|
||||
# for all IPCop Versions
|
||||
# Unless you are totally happy with this file,please
|
||||
# for all IPFire Versions
|
||||
# Unless you are totally happy with this file, please
|
||||
# only change whats needed
|
||||
# This file is automatically changed by
|
||||
# the webinterface, too.
|
||||
#
|
||||
# 1) Set the network variables for your network
|
||||
# 2) Configure preprocessors
|
||||
# 3) Configure output plugins
|
||||
# 4) Customize your rule set
|
||||
#
|
||||
# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $
|
||||
#
|
||||
###################################################
|
||||
# Only area a user needs to edit
|
||||
include /etc/snort/vars
|
||||
@@ -24,7 +24,7 @@ var HTTP_PORTS 80
|
||||
var SHELLCODE_PORTS !80
|
||||
var ORACLE_PORTS 1521
|
||||
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
|
||||
var RULE_PATH /etc/snort
|
||||
var RULE_PATH /etc/snort/rules
|
||||
|
||||
###################################################
|
||||
# Do NOT Edit past this line
|
||||
@@ -70,54 +70,52 @@ preprocessor xlink2state: ports { 25 691 }
|
||||
include $RULE_PATH/classification.config
|
||||
include $RULE_PATH/reference.config
|
||||
#=========================================
|
||||
include $RULE_PATH/bad-traffic.rules
|
||||
include $RULE_PATH/exploit.rules
|
||||
include $RULE_PATH/scan.rules
|
||||
include $RULE_PATH/finger.rules
|
||||
include $RULE_PATH/ftp.rules
|
||||
include $RULE_PATH/telnet.rules
|
||||
include $RULE_PATH/rpc.rules
|
||||
include $RULE_PATH/rservices.rules
|
||||
include $RULE_PATH/dos.rules
|
||||
include $RULE_PATH/ddos.rules
|
||||
include $RULE_PATH/dns.rules
|
||||
include $RULE_PATH/tftp.rules
|
||||
|
||||
include $RULE_PATH/web-cgi.rules
|
||||
include $RULE_PATH/web-coldfusion.rules
|
||||
include $RULE_PATH/web-iis.rules
|
||||
include $RULE_PATH/web-frontpage.rules
|
||||
include $RULE_PATH/web-misc.rules
|
||||
include $RULE_PATH/web-client.rules
|
||||
include $RULE_PATH/web-php.rules
|
||||
|
||||
include $RULE_PATH/sql.rules
|
||||
include $RULE_PATH/x11.rules
|
||||
include $RULE_PATH/icmp.rules
|
||||
include $RULE_PATH/netbios.rules
|
||||
include $RULE_PATH/misc.rules
|
||||
include $RULE_PATH/attack-responses.rules
|
||||
include $RULE_PATH/oracle.rules
|
||||
include $RULE_PATH/mysql.rules
|
||||
include $RULE_PATH/snmp.rules
|
||||
|
||||
include $RULE_PATH/smtp.rules
|
||||
include $RULE_PATH/imap.rules
|
||||
include $RULE_PATH/pop2.rules
|
||||
include $RULE_PATH/pop3.rules
|
||||
|
||||
include $RULE_PATH/nntp.rules
|
||||
include $RULE_PATH/other-ids.rules
|
||||
# include $RULE_PATH/web-attacks.rules
|
||||
# include $RULE_PATH/backdoor.rules
|
||||
# include $RULE_PATH/shellcode.rules
|
||||
# include $RULE_PATH/policy.rules
|
||||
# include $RULE_PATH/porn.rules
|
||||
# include $RULE_PATH/info.rules
|
||||
# include $RULE_PATH/icmp-info.rules
|
||||
# include $RULE_PATH/virus.rules
|
||||
# include $RULE_PATH/chat.rules
|
||||
# include $RULE_PATH/multimedia.rules
|
||||
# include $RULE_PATH/p2p.rules
|
||||
# include $RULE_PATH/experimental.rules
|
||||
include $RULE_PATH/local.rules
|
||||
include $RULE_PATH/bleeding-attack_response.rules
|
||||
include $RULE_PATH/bleeding-botcc-BLOCK.rules
|
||||
include $RULE_PATH/bleeding-botcc.excluded
|
||||
include $RULE_PATH/bleeding-botcc.rules
|
||||
include $RULE_PATH/bleeding-botcc.rules.dragon.xml
|
||||
include $RULE_PATH/bleeding-dos.rules
|
||||
include $RULE_PATH/bleeding-drop-BLOCK.rules
|
||||
include $RULE_PATH/bleeding-drop.rules
|
||||
include $RULE_PATH/bleeding-drop.rules.dragon.xml
|
||||
include $RULE_PATH/bleeding-dshield-BLOCK.rules
|
||||
include $RULE_PATH/bleeding-dshield.rules
|
||||
include $RULE_PATH/bleeding-exploit.rules
|
||||
include $RULE_PATH/bleeding-game.rules
|
||||
include $RULE_PATH/bleeding-inappropriate.rules
|
||||
include $RULE_PATH/bleeding-malware.rules
|
||||
include $RULE_PATH/bleeding-p2p.rules
|
||||
include $RULE_PATH/bleeding-policy.rules
|
||||
include $RULE_PATH/bleeding-scan.rules
|
||||
include $RULE_PATH/bleeding-sid-msg.map
|
||||
include $RULE_PATH/bleeding-virus.rules
|
||||
include $RULE_PATH/bleeding-voip.rules
|
||||
include $RULE_PATH/bleeding-web.rules
|
||||
include $RULE_PATH/bleeding.rules
|
||||
include $RULE_PATH/community-bot.rules
|
||||
include $RULE_PATH/community-deleted.rules
|
||||
include $RULE_PATH/community-dos.rules
|
||||
include $RULE_PATH/community-exploit.rules
|
||||
include $RULE_PATH/community-ftp.rules
|
||||
include $RULE_PATH/community-game.rules
|
||||
include $RULE_PATH/community-icmp.rules
|
||||
include $RULE_PATH/community-imap.rules
|
||||
include $RULE_PATH/community-inappropriate.rules
|
||||
include $RULE_PATH/community-mail-client.rules
|
||||
include $RULE_PATH/community-misc.rules
|
||||
include $RULE_PATH/community-nntp.rules
|
||||
include $RULE_PATH/community-oracle.rules
|
||||
include $RULE_PATH/community-policy.rules
|
||||
include $RULE_PATH/community-sid-msg.map
|
||||
include $RULE_PATH/community-sip.rules
|
||||
include $RULE_PATH/community-smtp.rules
|
||||
include $RULE_PATH/community-sql-injection.rules
|
||||
include $RULE_PATH/community-virus.rules
|
||||
include $RULE_PATH/community-web-attacks.rules
|
||||
include $RULE_PATH/community-web-cgi.rules
|
||||
include $RULE_PATH/community-web-client.rules
|
||||
include $RULE_PATH/community-web-dos.rules
|
||||
include $RULE_PATH/community-web-iis.rules
|
||||
include $RULE_PATH/community-web-misc.rules
|
||||
include $RULE_PATH/community-web-php.rules
|
||||
|
||||
@@ -450,7 +450,7 @@ if ($results ne '') {
|
||||
if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
|
||||
&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
|
||||
# Output display table for rule files
|
||||
print "<TABLE BORDER='$border'><TR><TD VALIGN='TOP'><TABLE BORDER='$border'>";
|
||||
print "<TABLE width='100%'><TR><TD VALIGN='TOP'><TABLE>";
|
||||
|
||||
print "<form method='post'>";
|
||||
|
||||
@@ -466,7 +466,7 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
|
||||
|
||||
# Check if reached half-way through rule file rules to start new column
|
||||
if ($ruledisplaycnt > $rulecnt) {
|
||||
print "</TABLE></TD><TD VALIGN='TOP'><TABLE BORDER='$border'>";
|
||||
print "</TABLE></TD><TD VALIGN='TOP'><TABLE>";
|
||||
$ruledisplaycnt = 0;
|
||||
}
|
||||
|
||||
@@ -522,16 +522,16 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
|
||||
|
||||
# Check for empty 'Description'
|
||||
if ($snortrules{$rulefile}{'Description'} eq '') {
|
||||
print "<TABLE BORDER='$border' CLASS='section' WIDTH='100%'><TR><TD CLASS='base'>No description available</TD></TR>";
|
||||
print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>No description available</TD></TR>";
|
||||
} else {
|
||||
# Output rule file 'Description'
|
||||
print "<TABLE BORDER='$border' CLASS='section' WIDTH='100%'><TR><TD CLASS='base'>$snortrules{$rulefile}{'Description'}</TD></TR>";
|
||||
print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>$snortrules{$rulefile}{'Description'}</TD></TR>";
|
||||
}
|
||||
|
||||
# Check for display flag
|
||||
if ($displayrulefilerules) {
|
||||
# Rule file definition rule display
|
||||
print "<TR><TD CLASS='base' VALIGN='TOP'><TABLE BORDER='$border'><TR>";
|
||||
print "<TR><TD CLASS='base' VALIGN='TOP'><TABLE border=1><TR>";
|
||||
|
||||
# Local vars
|
||||
my $ruledefdisplaycnt = 0;
|
||||
|
||||
@@ -88,8 +88,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
||||
|
||||
tar xvfz $(DIR_DL)/Community-Rules-20070503.tar.gz -C /etc/snort/
|
||||
tar xvfz $(DIR_DL)/bleeding.rules-20070503.tar.gz -C /etc/snort/
|
||||
cd $(DIR_APP) && install -m 0644 etc/unicode.map \
|
||||
etc/reference.config etc/classification.config /etc/snort
|
||||
cd $(DIR_APP) && install -m 0644 \
|
||||
etc/reference.config etc/classification.config /etc/snort/rules
|
||||
cd $(DIR_APP) && install -m 0644 etc/unicode.map /etc/snort
|
||||
install -m 0644 $(DIR_SRC)/config/snort/snort.conf /etc/snort
|
||||
chown -R nobody:nobody /etc/snort
|
||||
-mkdir -p /var/log/snort
|
||||
|
||||
@@ -30,9 +30,9 @@ int main(int argc, char *argv[]) {
|
||||
} else if (strcmp(argv[1], "restart") == 0) {
|
||||
safe_system("/etc/rc.d/init.d/clamav restart");
|
||||
} else if (strcmp(argv[1], "enable") == 0) {
|
||||
safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc3.d/S20clamav >/dev/null 2>&1");
|
||||
safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc0.d/K80clamav >/dev/null 2>&1");
|
||||
safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc6.d/K80clamav >/dev/null 2>&1");
|
||||
safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc3.d/S33clamav >/dev/null 2>&1");
|
||||
safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc0.d/K67clamav >/dev/null 2>&1");
|
||||
safe_system("ln -fs ../init.d/clamav /etc/rc.d/rc6.d/K67clamav >/dev/null 2>&1");
|
||||
} else if (strcmp(argv[1], "disable") == 0) {
|
||||
safe_system("rm -f /etc/rc.d/rc*.d/*clamav >/dev/null 2>&1");
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user