diff options
Diffstat (limited to 'net-analyzer/snort/files')
| -rw-r--r-- | net-analyzer/snort/files/disabledynamic.patch | 110 | ||||
| -rw-r--r-- | net-analyzer/snort/files/snort.confd | 17 | ||||
| -rw-r--r-- | net-analyzer/snort/files/snort.confd.2 | 16 | ||||
| -rw-r--r-- | net-analyzer/snort/files/snort.rc10 | 50 | ||||
| -rw-r--r-- | net-analyzer/snort/files/snort.rc11 | 57 |
5 files changed, 250 insertions, 0 deletions
diff --git a/net-analyzer/snort/files/disabledynamic.patch b/net-analyzer/snort/files/disabledynamic.patch new file mode 100644 index 0000000..d1ace23 --- /dev/null +++ b/net-analyzer/snort/files/disabledynamic.patch @@ -0,0 +1,110 @@ +? cflags.out +? cppflags.out +? cscope.out +? disabledynamic.patch +? http.patch +? log +? make.out +? rules.work +? snort-build.sh +? snort.pc +? ylwrap +? etc/snort.conf.work +? src/dynamic-preprocessors/rzb_saac/Makefile +? tools/u2boat/u2boat +? tools/u2spewfoo/u2spewfoo +Index: src/fpcreate.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v +retrieving revision 1.107.2.2 +diff -u -p -r1.107.2.2 fpcreate.c +--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 ++++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 +@@ -70,6 +70,8 @@ + #include "dynamic-plugins/sp_preprocopt.h" + #endif + ++#include "dynamic-plugins/sf_dynamic_define.h" ++ + + /* + * Content flag values +@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP + fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp); + #endif + ++#ifdef DYNAMIC_PLUGIN + /* No content added */ + if (pmd == preproc_opt_pmds) + FreePmdList(pmd); ++#endif + + if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0) + return -1; +Index: src/dynamic-plugins/sf_dynamic_define.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v +retrieving revision 1.15.4.1 +diff -u -p -r1.15.4.1 sf_dynamic_define.h +--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 ++++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 +@@ -96,5 +96,15 @@ typedef enum { + #endif + #endif + ++/* Parameters are rule info pointer, int to indicate URI or NORM, ++ * and list pointer */ ++#define CONTENT_NORMAL 0x01 ++#define CONTENT_HTTP_URI 0x02 ++#define CONTENT_HTTP_HEADER 0x04 ++#define CONTENT_HTTP_CLIENT_BODY 0x08 ++#define CONTENT_HTTP_METHOD 0x10 ++#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ ++ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) ++ + #endif /* _SF_DYNAMIC_DEFINE_H_ */ + +Index: src/dynamic-plugins/sf_dynamic_engine.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v +retrieving revision 1.54.2.1 +diff -u -p -r1.54.2.1 sf_dynamic_engine.h +--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 ++++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 +@@ -77,15 +77,6 @@ typedef struct _FPContentInfo + + } FPContentInfo; + +-/* Parameters are rule info pointer, int to indicate URI or NORM, +- * and list pointer */ +-#define CONTENT_NORMAL 0x01 +-#define CONTENT_HTTP_URI 0x02 +-#define CONTENT_HTTP_HEADER 0x04 +-#define CONTENT_HTTP_CLIENT_BODY 0x08 +-#define CONTENT_HTTP_METHOD 0x10 +-#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ +- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) + typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **); + typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **); + typedef void (*RuleFreeFunc)(void *); +Index: src/preprocessors/Stream5/snort_stream5_tcp.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v +retrieving revision 1.296.2.5 +diff -u -p -r1.296.2.5 snort_stream5_tcp.c +--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 ++++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 +@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void) + RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit, + &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup, + NULL, NULL, NULL, NULL); +-#endif + + #ifdef PERF_PROFILING + RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats); + RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats); + #endif ++#endif + + } + diff --git a/net-analyzer/snort/files/snort.confd b/net-analyzer/snort/files/snort.confd new file mode 100644 index 0000000..c429ca6 --- /dev/null +++ b/net-analyzer/snort/files/snort.confd @@ -0,0 +1,17 @@ +# Config file for /etc/init.d/snort + +# This tell snort which interface to listen on (any for every interface) +IFACE="eth1" + +# You do NOT want to change this +PIDPATH="/var/run/snort" +PIDFILE="snort_$IFACE.pid" + +# You probably don't want to change this, but in case you do +LOGDIR="/var/log/snort" + +# Probably not this either +CONF="/etc/snort/snort.conf" + +# This pulls in the options above +SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF" diff --git a/net-analyzer/snort/files/snort.confd.2 b/net-analyzer/snort/files/snort.confd.2 new file mode 100644 index 0000000..780c910 --- /dev/null +++ b/net-analyzer/snort/files/snort.confd.2 @@ -0,0 +1,16 @@ +# Config file for /etc/init.d/snort + +# The following options are now set in your snort.conf file: +# config set_gid: +# config set_uid: +# config snaplen: +# config bpf_file: +# config logdir: + +# The only options that should be set here are SNORT_IFACE and SNORT_CONF. + +# This tell snort which interface to listen on (any for every interface) +SNORT_IFACE="eth1" + +# Probably not this either +SNORT_CONF="/etc/snort/snort.conf" diff --git a/net-analyzer/snort/files/snort.rc10 b/net-analyzer/snort/files/snort.rc10 new file mode 100644 index 0000000..fa88cbd --- /dev/null +++ b/net-analyzer/snort/files/snort.rc10 @@ -0,0 +1,50 @@ +#!/sbin/runscript +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc10,v 1.1 2010/11/02 18:22:10 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + if [ ! -f ${PIDPATH}/${PIDFILE} ]; then + eerror "Snort isn't running" + return 1 + fi + + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --stop --oknodo --signal HUP --pidfile ${PIDPATH}/${PIDFILE} + eend $? +} + + diff --git a/net-analyzer/snort/files/snort.rc11 b/net-analyzer/snort/files/snort.rc11 new file mode 100644 index 0000000..8277575 --- /dev/null +++ b/net-analyzer/snort/files/snort.rc11 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc11,v 1.1 2011/09/22 17:39:51 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e ${SNORT_CONF} ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path /var/run/snort -D -i ${SNORT_IFACE} \ + -c ${SNORT_CONF} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + + local SNORT_PID="`cat /var/run/snort/snort_${SNORT_IFACE}.pid`" + local SNORT_USER="`ps -p ${SNORT_PID} --no-headers -o user`" + + if [ ! -f /var/run/snort/snort_${SNORT_IFACE}.pid ]; then + eerror "Snort isn't running" + return 1 + elif [ ${SNORT_USER} != root ]; then + eerror "Snort must be running as root for reload to work!" + return 1 + else + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --signal HUP --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + fi +} + + |