diff options
-rw-r--r-- | network/snort/README | 1 | ||||
-rw-r--r-- | network/snort/README.SLACKWARE | 140 | ||||
-rw-r--r-- | network/snort/rc.snort | 22 | ||||
-rw-r--r-- | network/snort/snort.SlackBuild | 9 | ||||
-rw-r--r-- | network/snort/snort.info | 10 |
5 files changed, 74 insertions, 108 deletions
diff --git a/network/snort/README b/network/snort/README index 2ca505fec0..2b30f035ae 100644 --- a/network/snort/README +++ b/network/snort/README @@ -3,6 +3,7 @@ It is capable of performing real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks. + Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting diff --git a/network/snort/README.SLACKWARE b/network/snort/README.SLACKWARE index 88ac0595ce..4190e5c614 100644 --- a/network/snort/README.SLACKWARE +++ b/network/snort/README.SLACKWARE @@ -4,28 +4,12 @@ README.SLACKWARE Documentation ------------- -Please read the snort_manual.pdf file that should be included with this -distribution for full documentation on the program as well as a guide to -getting started. - This package builds a very basic snort implementation useful for monitoring -traffic as an IDS or packet logger and as a sort of improved tcpdump. -For more information, check out snort's homepage at: - - http://www.snort.org/ - http://www.snort.org/docs/ - - -Source tarball and newer releases ---------------------------------- - -snort.org has no direct links to the source tarball, that's why it is also -hosted on http://www.nielshorn.net/ -This is needed for sbopkg to work. - -If you want a newer version than the one available there, check: - - https://www.snort.org/snort-downloads +traffic as an IDS or packet logger and as a sort of improved tcpdump. More +information can be found at the following URLs: + https://www.snort.org/ (homepage) + https://www.snort.org/#documents (documentation links) + http://manual.snort.org/ (user manual) Starting snort @@ -47,116 +31,94 @@ As an example, you can put this in your /etc/rc.d/rc.local script: And this in your /etc/rc.d/rc.local_shutdown: if [ -x /etc/rc.d/rc.snort ]; then - /etc/rc.d/rc.snort stop + IFACE=xxxx /etc/rc.d/rc.snort stop fi -Installing / Updating Rules etc. --------------------------------- - -In order for Snort to function properly, you need to provide rule files. -You can either get a paid subscription (newest rules) at: +Installing and Updating Rules +----------------------------- - https://www.snort.org/vrt/buy-a-subscription +In order for Snort to function properly, you need to download rules, and +you need to update the rules regularly. -or register for free (only rules >30 days old) at: - - https://www.snort.org/signup - -Then download your rules from: +You can get a paid subscription for the latest rules at + https://www.snort.org/products +or you can register for free to download rules >30 days old at + https://www.snort.org/users/sign_up +then download your rules from https://www.snort.org/snort-rules -The downloaded file contains the rules, signatures and updated configuration -files. Be careful when updating these, as you will probably have customized -a few settings in your snort.conf -At the end of this file is a sample script that you can use as a base to -automate unpacking of the tarball. It updates the rules, signatures and some -configurations, but copies the new snort.conf as snort.conf.new, so that you -can examine it later. -This script is included only as an example and without any guarantee. -** Use at your own risk! ** - -Basically, you need to +The downloaded .tar.gz file contains rules and updated configuration files. +Be careful merging them, as you will probably have customized a few settings +in your snort.conf. You need to + 1) put the new rules/* into /etc/snort/rules/ 2) put the new preproc_rules/* into /etc/snort/preproc_rules/ -3) put the new doc/signatures/* into /usr/doc/snort-*/signatures/ -4) put the new etc/* into /etc/snort/ (except for snort.conf) - -After updating your files, restart snort with: +3) put the new etc/* into /etc/snort/ (except for snort.conf) +4) review any changes to snort.conf and merge them into /etc/snort.conf +5) restart snort: + # IFACE=xxxx /etc/rc.d/rc.snort restart - # /etc/rc.d/rc.snort restart +Below is a sample script that you can use to do steps 1-3 automatically. +The script installs the new configuration as snort.conf.new, so that you can +review it. -============================================================================= -Sample script to update rules, signatures and configurations -*** USE AT YOUR OWN RISK *** NO GUARANTEES *** -============================================================================= #!/bin/bash +#============================================================================= +# Sample script to update snort rules, signatures and configurations +# *** USE AT YOUR OWN RISK *** NO GUARANTEES *** +#============================================================================= +# Written by Niels Horn +# Maintained by David Spencer <baildon.research@googlemail.com> +# v2 2015-02-22 dbs -# snortrules_update -# -# Written by Niels Horn <niels.horn@gmail.com> -# Nothing guaranteed, use at your own risk! -# -# v1.00-2010/09/18 - first attempt -# - -CWD=$(pwd) CONFDIR=/etc/snort # Exit on most errors set -e -if [ "x$1" = "x" ]; then - echo "Specify snortrules-snapshot file:" - echo - echo " $0 <snortrules-snapshot>" - echo +if [ -z "$1" ]; then + echo "Please specify snortrules-snapshot file:" + echo " $0 snortrules-snapshot-nnnn.tar.gz" exit 1 fi # Configuration files echo "*** Updating configuration files..." -for cf in $( tar tf $1 | grep "etc/" ); do +for cf in $( tar tf "$1" | grep "etc/" ); do if [ ! "$cf" = "etc/" ]; then - file=$(basename $cf) - tar -xf $1 $cf -O > $CONFDIR/$file.new + file=$(basename "$cf") + tar -o -xf "$1" "$cf" -O > "$CONFDIR/$file.new" # check if it is "snort.conf" - if [ ! "$file" = "snort.conf" ]; then + if [ "$file" = "snort.conf" ]; then + LIBDIRSUFFIX="" + [ "$(uname -m)" = 'x86_64' ] && LIBDIRSUFFIX="64" + sed -i -e "s#/usr/local/lib/#/usr/lib$LIBDIRSUFFIX/#g" "$CONFDIR/snort.conf.new" + else # OK, it is something else, we can handle this - if [ -r $CONFDIR/$file ]; then + if [ -r "$CONFDIR/$file" ]; then # we have a previous version - if [ "$(cat $CONFDIR/$file | md5sum)" = "$(cat $CONFDIR/$file.new | md5sum)" ]; then + if [ "$(md5sum <"$CONFDIR/$file")" = "$(md5sum <"$CONFDIR/$file.new")" ]; then # nothing new, dump previous version - rm $CONFDIR/$file + rm "$CONFDIR/$file" else # keep previous version - mv -f $CONFDIR/$file $CONFDIR/$file.old + mv -f "$CONFDIR/$file" "$CONFDIR/$file.old" fi fi # move new file over - mv -f $CONFDIR/$file.new $CONFDIR/$file + mv -f "$CONFDIR/$file.new" "$CONFDIR/$file" fi fi done # rules echo "*** Updating rules..." -cd /etc/snort/rules - tar --strip-components=1 --wildcards -xf $CWD/$1 rules/* -cd - > /dev/null +tar -o --strip-components=1 --directory=/etc/snort/rules --wildcards -xf "$1" 'rules/*' # preproc-rules echo "*** Updating preproc_rules..." -cd /etc/snort/preproc_rules - tar --strip-components=1 --wildcards -xf $CWD/$1 preproc_rules/* -cd - > /dev/null - -# signatures -echo "*** Updating signatures..." -cd /usr/doc/snort-*/signatures - tar --strip-components=2 --wildcards -xf $CWD/$1 doc/signatures/* -cd - > /dev/null +tar -o --strip-components=1 --directory=/etc/snort/preproc_rules --wildcards -xf "$1" 'preproc_rules/*' echo "All done." - diff --git a/network/snort/rc.snort b/network/snort/rc.snort index 9aaf410fcf..228e8da4e3 100644 --- a/network/snort/rc.snort +++ b/network/snort/rc.snort @@ -1,7 +1,7 @@ #!/bin/sh # Start/stop/restart snort -# This tell snort which interface to listen on (any for every interface) +# This tell snort which interface to listen on ("any" == every interface) IFACE=${IFACE:-any} # Make sure this matches your IFACE @@ -23,18 +23,22 @@ snort_start() { # Stop snort: snort_stop() { - echo -n "Stopping Snort daemon ($IFACE)..." - kill $(cat $PIDFILE) - echo - sleep 1 - rm -f $PIDFILE + if [ -f "$PIDFILE" ]; then + echo -n "Stopping Snort daemon (interface $IFACE)..." + kill $(cat $PIDFILE) + echo + sleep 1 + rm -f $PIDFILE + else + echo "Pidfile $PIDFILE not found!" + echo "Either Snort is not running or you should specify IFACE=xxxx" + exit 1 + fi } # Restart snort: snort_restart() { - snort_stop - sleep 1 - snort_start + snort_stop && sleep 1 && snort_start } case "$1" in diff --git a/network/snort/snort.SlackBuild b/network/snort/snort.SlackBuild index 9adda2b010..6194ecb516 100644 --- a/network/snort/snort.SlackBuild +++ b/network/snort/snort.SlackBuild @@ -21,13 +21,12 @@ # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - +# # Modified by the SlackBuilds.org project - -# revision date: 2012/09/15 +# Maintained by David Spencer <baildon.research@googlemail.com> PRGNAM=snort -VERSION=${VERSION:-2.9.5.6} +VERSION=${VERSION:-2.9.7.0} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -81,7 +80,7 @@ find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ -o -perm 511 \) -exec chmod 755 {} \; -o \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ - -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ diff --git a/network/snort/snort.info b/network/snort/snort.info index 6c12f12934..770d11009e 100644 --- a/network/snort/snort.info +++ b/network/snort/snort.info @@ -1,10 +1,10 @@ PRGNAM="snort" -VERSION="2.9.5.6" +VERSION="2.9.7.0" HOMEPAGE="http://www.snort.org/" -DOWNLOAD="http://sourceforge.net/projects/slackbuildsdirectlinks/files/snort/snort-2.9.5.6.tar.gz" -MD5SUM="e993c97c1710d68a7b67813fe98c09a4" +DOWNLOAD="https://www.snort.org/downloads/snort/snort-2.9.7.0.tar.gz" +MD5SUM="c2a45bc56441ee9456478f219dd8d1e2" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="daq" -MAINTAINER="Niels Horn" -EMAIL="niels.horn@gmail.com" +MAINTAINER="David Spencer" +EMAIL="baildon.research@googlemail.com" |