1 diff -ruN snortsam-orig/contrib/snortsam-state.c snortsam/contrib/snortsam-state.c
2 --- snortsam-orig/contrib/snortsam-state.c 2012-10-10 10:05:33.037907601 +0200
3 +++ snortsam/contrib/snortsam-state.c 2012-10-10 10:07:19.677910382 +0200
6 addr.s_addr = bi->blockip;
8 - sprintf(buffer, "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
9 + sprintf(buffer, "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP",
10 iface, inet_ntoa(addr));
12 if(!(h = popen(buffer, "r")) || pclose(h) != 0)
13 fprintf(stderr, "%s: failed: %s\n", name, buffer);
15 - sprintf(buffer, "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
16 + sprintf(buffer, "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
17 iface, inet_ntoa(addr));
19 if(!(h = popen(buffer, "r")) || pclose(h) != 0)
20 diff -ruN snortsam-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
21 --- snortsam-orig/src/ssp_iptables.c 2012-10-10 10:05:33.037907601 +0200
22 +++ snortsam/src/ssp_iptables.c 2012-10-10 10:07:09.333910113 +0200
25 char iptcmd1[255],iptcmd4[255];
27 - const char savecmd[]="/sbin/iptables-save -c > /etc/sysconfig/iptables";
28 + const char savecmd[]="/usr/sbin/iptables-save -c > /etc/sysconfig/iptables";
34 /* Assemble command */
35 if (snprintf(iptcmd,sizeof(iptcmd)-1,
36 - "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
37 + "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
38 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
39 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
40 logmessage(1,msg,"iptables",0);
43 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
44 - "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
45 + "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP",
46 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
47 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
48 logmessage(1,msg,"iptables",0);
51 /* Assemble command */
52 if (snprintf(iptcmd,sizeof(iptcmd)-1,
53 - "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
54 + "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
55 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
56 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
57 logmessage(1,msg,"iptables",0);
60 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
61 - "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
62 + "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP",
63 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
64 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
65 logmessage(1,msg,"iptables",0);
68 /* Assemble command - block src*/
69 if ((snprintf(iptcmd,sizeof(iptcmd)-1,
70 - "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
71 + "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
72 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
73 - "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
74 + "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
75 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
76 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
77 logmessage(1,msg,"iptables",0);
80 if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
81 - "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
82 + "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP",
83 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
84 - "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
85 + "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP",
86 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
87 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
88 logmessage(1,msg,"iptables",0);
91 /* Assemble command */
92 if (snprintf(iptcmd,sizeof(iptcmd)-1,
93 - "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
94 + "/usr/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
95 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
96 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
97 logmessage(1,msg,"iptables",0);
100 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
101 - "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
102 + "/usr/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
103 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) {
104 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
105 logmessage(1,msg,"iptables",0);
106 @@ -210,14 +210,14 @@
108 /* Assemble command */
109 if (snprintf(iptcmd,sizeof(iptcmd)-1,
110 - "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
111 + "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
112 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
113 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
114 logmessage(1,msg,"iptables",0);
117 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
118 - "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
119 + "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP",
120 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
121 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
122 logmessage(1,msg,"iptables",0);
123 @@ -227,14 +227,14 @@
125 /* Assemble command */
126 if (snprintf(iptcmd,sizeof(iptcmd)-1,
127 - "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
128 + "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
129 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
130 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
131 logmessage(1,msg,"iptables",0);
134 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
135 - "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
136 + "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP",
137 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
138 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
139 logmessage(1,msg,"iptables",0);
140 @@ -244,18 +244,18 @@
141 case FWSAM_HOW_INOUT:
142 /* Assemble command - block src*/
143 if ((snprintf(iptcmd,sizeof(iptcmd)-1,
144 - "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
145 + "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
146 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
147 - "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
148 + "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
149 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
150 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
151 logmessage(1,msg,"iptables",0);
154 if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
155 - "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
156 + "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP",
157 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
158 - "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
159 + "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP",
160 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
161 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
162 logmessage(1,msg,"iptables",0);
163 @@ -265,14 +265,14 @@
165 /* Assemble command */
166 if (snprintf(iptcmd,sizeof(iptcmd)-1,
167 - "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
168 + "/usr/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
169 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
170 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
171 logmessage(1,msg,"iptables",0);
174 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
175 - "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
176 + "/usr/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
177 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
178 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
179 logmessage(1,msg,"iptables",0);