From 82a6ed491cb67a2bb96397ebedf164b9b4ddac70 Mon Sep 17 00:00:00 2001 From: florian Date: Sun, 12 Jul 2009 19:17:38 +0000 Subject: [PATCH] [package] update snort to 2.8.4.1 (#3653) git-svn-id: svn://svn.openwrt.org/openwrt/packages@16820 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/snort/Makefile | 29 ++++- net/snort/patches/100-cross-compile.patch | 77 ++++++++++++ net/snort/patches/500-no-config-search.patch | 25 ++-- net/snort/patches/750-lightweight-config.patch | 158 +++++++++++++++++++------ 4 files changed, 242 insertions(+), 47 deletions(-) create mode 100644 net/snort/patches/100-cross-compile.patch diff --git a/net/snort/Makefile b/net/snort/Makefile index 65497070a..988f9231a 100644 --- a/net/snort/Makefile +++ b/net/snort/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2006-2009 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort -PKG_VERSION:=2.4.4 +PKG_VERSION:=2.8.4.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.snort.org/dl/current/ -PKG_MD5SUM:=9dc9060d1f2e248663eceffadfc45e7e +PKG_SOURCE_URL:=http://dl.snort.org/snort-current/ +PKG_MD5SUM:=63f4e76ae96a2d133f4c7b741bad5458 include $(INCLUDE_DIR)/package.mk @@ -26,22 +26,43 @@ define Package/snort/Default URL:=http://www.snort.org/ endef +define Package/snort/Default/description + Snort is an open source network intrusion detection and prevention system. + It is capable of performing real-time traffic analysis, alerting, blocking + and packet logging on IP networks. It utilizes a combination of protocol + analysis and pattern matching in order to detect anomalies, misuse and + attacks. +endef + define Package/snort $(call Package/snort/Default) endef +define Package/snort/description + $(call Package/snort/Default/description) +endef + define Package/snort-mysql $(call Package/snort/Default) DEPENDS+= +libmysqlclient TITLE+= (MySQL) endef +define Package/snort-mysql/description + $(call Package/snort/Default/description) + This package contains snort with support for logging to a MySQL database. +endef + define Package/snort-pgsql $(call Package/snort/Default) DEPENDS+= +libpq TITLE+= (PostgreSQL) endef +define Package/snort-pgsql/description + $(call Package/snort/Default/description) + This package contains snort with support for logging to a PostgreSQL database. +endef define Compile/Template diff --git a/net/snort/patches/100-cross-compile.patch b/net/snort/patches/100-cross-compile.patch new file mode 100644 index 000000000..285a422ed --- /dev/null +++ b/net/snort/patches/100-cross-compile.patch @@ -0,0 +1,77 @@ +--- a/configure ++++ b/configure +@@ -20770,8 +20770,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +@@ -22981,8 +22980,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +@@ -23766,8 +23764,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +@@ -23854,8 +23851,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +diff -urN snort-2.8.4.1/configure snort-2.8.4.1.new/configure +--- snort-2.8.4.1/configure 2009-04-21 21:39:16.000000000 +0200 ++++ snort-2.8.4.1.new/configure 2009-07-12 19:59:26.000000000 +0200 +@@ -23766,8 +23766,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +--- snort-2.8.4.1/configure 2009-07-12 20:33:36.000000000 +0200 ++++ snort-2.8.4.1.new/configure 2009-07-12 20:34:10.000000000 +0200 +@@ -24651,8 +24651,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +@@ -24719,8 +24718,7 @@ + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling + See \`config.log' for more details." >&5 + echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } ++See \`config.log' for more details." >&2;} } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ diff --git a/net/snort/patches/500-no-config-search.patch b/net/snort/patches/500-no-config-search.patch index d674ba66a..f00ae2653 100644 --- a/net/snort/patches/500-no-config-search.patch +++ b/net/snort/patches/500-no-config-search.patch @@ -1,27 +1,34 @@ ---- snort-2.3.2-orig/src/snort.c 2005-01-13 21:36:20.000000000 +0100 -+++ snort-2.3.2-1/src/snort.c 2005-04-04 20:03:34.000000000 +0200 -@@ -1949,7 +1949,7 @@ +--- a/src/snort.c ++++ b/src/snort.c +@@ -4140,7 +4140,7 @@ { struct stat st; int i; - char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL}; + char *conf_files[]={"/etc/snort/snort.conf", NULL}; char *fname = NULL; - char *home_dir = NULL; char *rval = NULL; -@@ -1970,23 +1970,6 @@ + +@@ -4159,30 +4159,6 @@ i++; } - /* search for .snortrc in the HOMEDIR */ - if(!rval) - { -- if((home_dir = getenv("HOME"))) +- char *home_dir = NULL; +- +- if((home_dir = getenv("HOME")) != NULL) - { +- char *snortrc = "/.snortrc"; +- int path_len; +- +- path_len = strlen(home_dir) + strlen(snortrc) + 1; +- - /* create the full path */ -- fname = (char *)malloc(strlen(home_dir) + strlen("/.snortrc") + 1); -- if(!fname) -- FatalError("Out of memory searching for config file\n"); +- fname = (char *)SnortAlloc(path_len); +- +- SnortSnprintf(fname, path_len, "%s%s", home_dir, snortrc); - - if(stat(fname, &st) != -1) - rval = fname; diff --git a/net/snort/patches/750-lightweight-config.patch b/net/snort/patches/750-lightweight-config.patch index c8bde27f5..440f43624 100644 --- a/net/snort/patches/750-lightweight-config.patch +++ b/net/snort/patches/750-lightweight-config.patch @@ -1,5 +1,7 @@ ---- snort-2.3.2-orig/etc/snort.conf 2005-03-10 23:04:38.000000000 +0100 -+++ snort-2.3.2-1/etc/snort.conf 2005-04-04 20:01:41.000000000 +0200 +Index: snort-2.8.4.1/etc/snort.conf +=================================================================== +--- snort-2.8.4.1.orig/etc/snort.conf 2009-04-21 21:39:51.000000000 +0200 ++++ snort-2.8.4.1/etc/snort.conf 2009-07-12 19:54:47.000000000 +0200 @@ -6,6 +6,7 @@ # ################################################### @@ -7,8 +9,8 @@ +# Most preprocessors and rules were disabled to save memory. # You can take the following steps to create your own custom configuration: # - # 1) Set the network variables for your network -@@ -41,10 +42,10 @@ + # 1) Set the variables for your network +@@ -43,10 +44,10 @@ # or you can specify the variable to be any IP address # like this: @@ -21,23 +23,25 @@ # Configure your server lists. This allows snort to only look for attacks to # systems that have a service up. Why look for HTTP attacks if you are not -@@ -106,7 +107,7 @@ +@@ -107,8 +108,8 @@ # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules -var RULE_PATH ../rules +-var PREPROC_RULE_PATH ../preproc_rules +var RULE_PATH /etc/snort/rules ++var PREPROC_RULE_PATH /etc/snort/preproc_rules # Configure the snort decoder # ============================ -@@ -297,11 +298,11 @@ +@@ -307,11 +308,11 @@ # lots of options available here. See doc/README.http_inspect. # unicode.map should be wherever your snort.conf lives, or given # a full path to where snort can find it. -preprocessor http_inspect: global \ - iis_unicode_map unicode.map 1252 +#preprocessor http_inspect: global \ -+# iis_unicode_map unicode.map 1252 ++# iis_unicode_map unicode.map 1252 -preprocessor http_inspect_server: server default \ - profile all ports { 80 8080 8180 } oversize_dir_length 500 @@ -46,7 +50,7 @@ # # Example unique server configuration -@@ -335,7 +336,7 @@ +@@ -345,7 +346,7 @@ # no_alert_incomplete - don't alert when a single segment # exceeds the current packet size @@ -55,27 +59,96 @@ # bo: Back Orifice detector # ------------------------- -@@ -347,7 +348,7 @@ - # ----- ------------------- - # 1 Back Orifice traffic detected +@@ -368,7 +369,7 @@ + # 3 Back Orifice Server Traffic Detected + # 4 Back Orifice Snort Buffer Attack -preprocessor bo +#preprocessor bo - # telnet_decode: Telnet negotiation string normalizer - # --------------------------------------------------- -@@ -359,7 +360,7 @@ - # This preprocessor requires no arguments. - # Portscan uses Generator ID 109 and does not generate any SID currently. + # ftp_telnet: FTP & Telnet normalizer, protocol enforcement and buff overflow + # --------------------------------------------------------------------------- +@@ -391,32 +392,32 @@ + # or use commandline option + # --dynamic-preprocessor-lib --preprocessor telnet_decode -+#preprocessor telnet_decode +-preprocessor ftp_telnet: global \ +- encrypted_traffic yes \ +- inspection_type stateful +- +-preprocessor ftp_telnet_protocol: telnet \ +- normalize \ +- ayt_attack_thresh 200 ++#preprocessor ftp_telnet: global \ ++# encrypted_traffic yes \ ++# inspection_type stateful ++ ++#preprocessor ftp_telnet_protocol: telnet \ ++# normalize \ ++# ayt_attack_thresh 200 + + # This is consistent with the FTP rules as of 18 Sept 2004. + # CWD can have param length of 200 + # MODE has an additional mode of Z (compressed) + # Check for string formats in USER & PASS commands + # Check nDTM commands that set modification time on the file. +-preprocessor ftp_telnet_protocol: ftp server default \ +- def_max_param_len 100 \ +- alt_max_param_len 200 { CWD } \ +- cmd_validity MODE < char ASBCZ > \ +- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ +- chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ +- telnet_cmds yes \ +- data_chan +- +-preprocessor ftp_telnet_protocol: ftp client default \ +- max_resp_len 256 \ +- bounce yes \ +- telnet_cmds yes ++#preprocessor ftp_telnet_protocol: ftp server default \ ++# def_max_param_len 100 \ ++# alt_max_param_len 200 { CWD } \ ++# cmd_validity MODE < char ASBCZ > \ ++# cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ ++# chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ ++# telnet_cmds yes \ ++# data_chan ++ ++#preprocessor ftp_telnet_protocol: ftp client default \ ++# max_resp_len 256 \ ++# bounce yes \ ++# telnet_cmds yes + + # smtp: SMTP normalizer, protocol enforcement and buffer overflow + # --------------------------------------------------------------------------- +@@ -434,15 +435,15 @@ + # or use commandline option + # --dynamic-preprocessor-lib + +-preprocessor smtp: \ +- ports { 25 587 691 } \ +- inspection_type stateful \ +- normalize cmds \ +- normalize_cmds { EXPN VRFY RCPT } \ +- alt_max_command_line_len 260 { MAIL } \ +- alt_max_command_line_len 300 { RCPT } \ +- alt_max_command_line_len 500 { HELP HELO ETRN } \ +- alt_max_command_line_len 255 { EXPN VRFY } ++#preprocessor smtp: \ ++# ports { 25 587 691 } \ ++# inspection_type stateful \ ++# normalize cmds \ ++# normalize_cmds { EXPN VRFY RCPT } \ ++# alt_max_command_line_len 260 { MAIL } \ ++# alt_max_command_line_len 300 { RCPT } \ ++# alt_max_command_line_len 500 { HELP HELO ETRN } \ ++# alt_max_command_line_len 255 { EXPN VRFY } - # Flow-Portscan: detect a variety of portscans - # --------------------------------------- -@@ -455,9 +456,9 @@ - # are still watched as scanner hosts. The 'ignore_scanned' option is - # used to tune alerts from very active hosts such as syslog servers, etc. + # sfPortscan + # ---------- +@@ -498,9 +499,9 @@ + # false alerts, especially under heavy load with dropped packets; which is why + # the option is off by default. # -preprocessor sfportscan: proto { all } \ - memcap { 10000000 } \ @@ -86,7 +159,29 @@ # arpspoof #---------------------------------------- -@@ -642,41 +643,41 @@ +@@ -623,9 +624,9 @@ + # or use commandline option + # --dynamic-preprocessor-lib + +-preprocessor dns: \ +- ports { 53 } \ +- enable_rdata_overflow ++#preprocessor dns: \ ++# ports { 53 } \ ++# enable_rdata_overflow + + # SSL + #---------------------------------------- +@@ -649,7 +650,7 @@ + # To add reassembly on port 443 to Stream5, use 'port both 443' in the + # Stream5 configuration. + +-preprocessor ssl: noinspect_encrypted, trustservers ++#preprocessor ssl: noinspect_encrypted, trustservers + + + #################################################################### +@@ -811,41 +812,41 @@ include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules @@ -162,17 +257,12 @@ # include $RULE_PATH/web-attacks.rules # include $RULE_PATH/backdoor.rules # include $RULE_PATH/shellcode.rules -@@ -684,11 +685,11 @@ - # include $RULE_PATH/porn.rules - # include $RULE_PATH/info.rules - # include $RULE_PATH/icmp-info.rules -- include $RULE_PATH/virus.rules -+# include $RULE_PATH/virus.rules - # include $RULE_PATH/chat.rules - # include $RULE_PATH/multimedia.rules +@@ -859,7 +860,7 @@ # include $RULE_PATH/p2p.rules + # include $RULE_PATH/spyware-put.rules + # include $RULE_PATH/specific-threats.rules -include $RULE_PATH/experimental.rules +#include $RULE_PATH/experimental.rules - # Include any thresholding or suppression commands. See threshold.conf in the - # /etc directory for details. Commands don't necessarily need to be + # include $PREPROC_RULE_PATH/preprocessor.rules + # include $PREPROC_RULE_PATH/decoder.rules -- 2.11.0