1 diff -ruN snortsam-orig/contrib/snortsam-state.c snortsam/contrib/snortsam-state.c
2 --- snortsam-orig/contrib/snortsam-state.c 2012-10-10 10:05:33.037907601 +0200
3 +++ snortsam/contrib/snortsam-state.c 2012-10-10 10:07:19.677910382 +0200
6 addr.s_addr = bi->blockip;
8 - sprintf(buffer, "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
9 + sprintf(buffer, "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP",
10 iface, inet_ntoa(addr));
12 if(!(h = popen(buffer, "r")) || pclose(h) != 0)
13 fprintf(stderr, "%s: failed: %s\n", name, buffer);
15 - sprintf(buffer, "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
16 + sprintf(buffer, "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
17 iface, inet_ntoa(addr));
19 if(!(h = popen(buffer, "r")) || pclose(h) != 0)
20 diff -ruN snortsam-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
21 --- snortsam-orig/src/ssp_iptables.c 2012-10-10 10:05:33.037907601 +0200
22 +++ snortsam/src/ssp_iptables.c 2012-10-10 10:07:09.333910113 +0200
25 char iptcmd1[255],iptcmd4[255];
27 - const char savecmd[]="/sbin/iptables-save -c > /etc/sysconfig/iptables";
28 + const char savecmd[]="/usr/sbin/iptables-save -c > /etc/sysconfig/iptables";
33 { case FWSAM_HOW_IN:
\r
34 /* Assemble command */
\r
35 if (snprintf(iptcmd,sizeof(iptcmd)-1,
\r
36 - "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
\r
37 + "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
\r
38 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
\r
39 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
40 logmessage(1,msg,"iptables",0);
\r
43 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
44 - "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
\r
45 + "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP",
\r
46 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
\r
47 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
48 logmessage(1,msg,"iptables",0);
\r
50 case FWSAM_HOW_OUT:
\r
51 /* Assemble command */
\r
52 if (snprintf(iptcmd,sizeof(iptcmd)-1,
\r
53 - "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
\r
54 + "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
\r
55 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
\r
56 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
57 logmessage(1,msg,"iptables",0);
\r
60 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
61 - "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
\r
62 + "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP",
\r
63 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
\r
64 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
65 logmessage(1,msg,"iptables",0);
\r
67 case FWSAM_HOW_INOUT:
\r
68 /* Assemble command - block src*/
\r
69 if ((snprintf(iptcmd,sizeof(iptcmd)-1,
\r
70 - "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
\r
71 + "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
\r
72 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
\r
73 - "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
\r
74 + "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
\r
75 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
\r
76 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
77 logmessage(1,msg,"iptables",0);
\r
80 if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
81 - "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
\r
82 + "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP",
\r
83 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
\r
84 - "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
\r
85 + "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP",
\r
86 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
\r
87 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
88 logmessage(1,msg,"iptables",0);
\r
90 case FWSAM_HOW_THIS:
\r
91 /* Assemble command */
\r
92 if (snprintf(iptcmd,sizeof(iptcmd)-1,
\r
93 - "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
94 + "/usr/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
95 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
\r
96 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
97 logmessage(1,msg,"iptables",0);
\r
100 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
101 - "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
102 + "/usr/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
103 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) {
\r
104 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
105 logmessage(1,msg,"iptables",0);
\r
106 @@ -210,14 +210,14 @@
107 { case FWSAM_HOW_IN:
\r
108 /* Assemble command */
\r
109 if (snprintf(iptcmd,sizeof(iptcmd)-1,
\r
110 - "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
\r
111 + "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
\r
112 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
\r
113 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
114 logmessage(1,msg,"iptables",0);
\r
117 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
118 - "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
\r
119 + "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP",
\r
120 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
\r
121 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
122 logmessage(1,msg,"iptables",0);
\r
123 @@ -227,14 +227,14 @@
124 case FWSAM_HOW_OUT:
\r
125 /* Assemble command */
\r
126 if (snprintf(iptcmd,sizeof(iptcmd)-1,
\r
127 - "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
\r
128 + "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
\r
129 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
\r
130 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
131 logmessage(1,msg,"iptables",0);
\r
134 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
135 - "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
\r
136 + "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP",
\r
137 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
\r
138 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
139 logmessage(1,msg,"iptables",0);
\r
140 @@ -244,18 +244,18 @@
141 case FWSAM_HOW_INOUT:
\r
142 /* Assemble command - block src*/
\r
143 if ((snprintf(iptcmd,sizeof(iptcmd)-1,
\r
144 - "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
\r
145 + "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
\r
146 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
\r
147 - "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
\r
148 + "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
\r
149 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
\r
150 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
151 logmessage(1,msg,"iptables",0);
\r
154 if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
155 - "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
\r
156 + "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP",
\r
157 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
\r
158 - "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
\r
159 + "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP",
\r
160 iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
\r
161 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
162 logmessage(1,msg,"iptables",0);
\r
163 @@ -265,14 +265,14 @@
164 case FWSAM_HOW_THIS:
\r
165 /* Assemble command */
\r
166 if (snprintf(iptcmd,sizeof(iptcmd)-1,
\r
167 - "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
168 + "/usr/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
169 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
\r
170 snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
\r
171 logmessage(1,msg,"iptables",0);
\r
174 if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
\r
175 - "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
176 + "/usr/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
\r
177 iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
\r
178 snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
\r
179 logmessage(1,msg,"iptables",0);
\r