Snort scripts and config update.

2026-04-28 03:33:25 +02:00 · 2010-06-17 23:23:02 +02:00
parent 6886b70cfc
commit 8dc25f04ba
6 changed files with 68 additions and 54 deletions
--- a/config/rootfiles/common/initscripts
+++ b/config/rootfiles/common/initscripts
@@ -118,6 +118,7 @@ etc/rc.d/rc0.d/K08fcron
 etc/rc.d/rc0.d/K28apache
 etc/rc.d/rc0.d/K30sshd
 etc/rc.d/rc0.d/K45random
+etc/rc.d/rc0.d/K78snort
 etc/rc.d/rc0.d/K79leds
 etc/rc.d/rc0.d/K80network
 #etc/rc.d/rc0.d/K84bluetooth
@@ -152,6 +153,7 @@ etc/rc.d/rc6.d/K08fcron
 etc/rc.d/rc6.d/K28apache
 etc/rc.d/rc6.d/K30sshd
 etc/rc.d/rc6.d/K45random
+etc/rc.d/rc6.d/K78snort
 etc/rc.d/rc6.d/K79leds
 etc/rc.d/rc6.d/K80network
 #etc/rc.d/rc6.d/K84bluetooth
--- a/config/rootfiles/core/38/filelists/files
+++ b/config/rootfiles/core/38/filelists/files
@@ -6,8 +6,10 @@ etc/rc.d/init.d/leds
 etc/rc.d/init.d/rc
 etc/rc.d/init.d/snort
 etc/rc.d/init.d/networking/red.up/50-ovpn
+etc/rc.d/rc0.d/K78snort
 etc/rc.d/rc0.d/K79leds
 etc/rc.d/rc3.d/S21leds
+etc/rc.d/rc6.d/K78snort
 etc/rc.d/rc6.d/K79leds
 etc/udev/rules.d/52-nut-usbups.rules
 etc/udev/rules.d/xpp.rules
--- a/config/rootfiles/core/38/update.sh
+++ b/config/rootfiles/core/38/update.sh
@@ -70,6 +70,7 @@ tar cjvf /var/ipfire/backup/core-upgrade_$KVER.tar.bz2 \
 /etc/init.d/collectd stop
 /etc/init.d/squid stop
 /etc/init.d/ipsec stop
+/etc/init.d/snort stop

 echo
 echo Update Kernel to $KVER ...
@@ -90,9 +91,10 @@ rm -rf /lib/modules/2.6.27.31-ipfire-xen
 rm -rf /usr/lib/ipsec
 rm -rf /usr/libexec/ipsec
 #
-# old snort libs ...
+# old snort libs and rules ...
 #
 rm -rf /usr/lib/snort_*
+rm -rf /etc/snort

 #
 # Backup grub.conf
--- a/config/snort/snort.conf
+++ b/config/snort/snort.conf
@@ -21,14 +21,18 @@
 # Step #1: Set the network variables.  For more information, see README.variables
 ###################################################

+include /etc/snort/vars
+
 # Setup the network addresses you are protecting
-var HOME_NET any
+# taken from /etc/snort vars
+#var HOME_NET any

 # Set up the external network addresses.  A good start may be "any"
 var EXTERNAL_NET any

 # List of DNS servers on your network 
-var DNS_SERVERS $HOME_NET
+# taken from /etc/snort vars
+#var DNS_SERVERS $HOME_NET

 # List of SMTP servers on your network
 var SMTP_SERVERS $HOME_NET
@@ -45,6 +49,9 @@ var TELNET_SERVERS $HOME_NET
 # List of ports you run web servers on
 portvar HTTP_PORTS  [80,2301,3128,7777,7779,8000,8008,8028,8080,8180,8888,9999]

+# List of ssh ports
+portvar SSH_PORTS  [22,222]
+
 # List of ports you want to look for SHELLCODE on.
 portvar SHELLCODE_PORTS !80

@@ -61,6 +68,7 @@ var RULE_PATH /etc/snort/rules
 var SO_RULE_PATH /etc/snort/so_rules
 var PREPROC_RULE_PATH /etc/snort/preproc_rules

+
 ###################################################
 # Step #2: Configure the decoder.  For more information, see README.decode
 ###################################################
@@ -299,5 +307,3 @@ include /etc/snort/rules/reference.config

 # site specific rules

-# Event thresholding or suppression commands. See threshold.conf 
-# include threshold.conf