This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 8dc25f04ba659b6f88f0eef91258088c4b3fe978 (commit) via 6886b70cfc71c0af11833c0284b42bbb4f7ef648 (commit) from aa1dd87807c51d381351a24d84137f99f5cb0b90 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 8dc25f04ba659b6f88f0eef91258088c4b3fe978 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jun 17 23:23:02 2010 +0200
Snort scripts and config update.
commit 6886b70cfc71c0af11833c0284b42bbb4f7ef648 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jun 17 18:10:38 2010 +0200
Removed .ko from framebuffer blacklist.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/initscripts | 2 + config/rootfiles/core/38/filelists/files | 2 + config/rootfiles/core/38/update.sh | 4 +- config/snort/snort.conf | 14 ++++-- lfs/initscripts | 2 + lfs/linux | 2 +- src/initscripts/init.d/snort | 88 +++++++++++++++--------------- 7 files changed, 64 insertions(+), 50 deletions(-)
Difference in files: diff --git a/config/rootfiles/common/initscripts b/config/rootfiles/common/initscripts index c4747ac..d50af87 100644 --- a/config/rootfiles/common/initscripts +++ b/config/rootfiles/common/initscripts @@ -118,6 +118,7 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K45random +etc/rc.d/rc0.d/K78snort etc/rc.d/rc0.d/K79leds etc/rc.d/rc0.d/K80network #etc/rc.d/rc0.d/K84bluetooth @@ -152,6 +153,7 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K45random +etc/rc.d/rc6.d/K78snort etc/rc.d/rc6.d/K79leds etc/rc.d/rc6.d/K80network #etc/rc.d/rc6.d/K84bluetooth diff --git a/config/rootfiles/core/38/filelists/files b/config/rootfiles/core/38/filelists/files index 3459b83..0110c6b 100644 --- a/config/rootfiles/core/38/filelists/files +++ b/config/rootfiles/core/38/filelists/files @@ -6,8 +6,10 @@ etc/rc.d/init.d/leds etc/rc.d/init.d/rc etc/rc.d/init.d/snort etc/rc.d/init.d/networking/red.up/50-ovpn +etc/rc.d/rc0.d/K78snort etc/rc.d/rc0.d/K79leds etc/rc.d/rc3.d/S21leds +etc/rc.d/rc6.d/K78snort etc/rc.d/rc6.d/K79leds etc/udev/rules.d/52-nut-usbups.rules etc/udev/rules.d/xpp.rules diff --git a/config/rootfiles/core/38/update.sh b/config/rootfiles/core/38/update.sh index 350a372..3cb9654 100644 --- a/config/rootfiles/core/38/update.sh +++ b/config/rootfiles/core/38/update.sh @@ -70,6 +70,7 @@ tar cjvf /var/ipfire/backup/core-upgrade_$KVER.tar.bz2 \ /etc/init.d/collectd stop /etc/init.d/squid stop /etc/init.d/ipsec stop +/etc/init.d/snort stop
echo echo Update Kernel to $KVER ... @@ -90,9 +91,10 @@ rm -rf /lib/modules/2.6.27.31-ipfire-xen rm -rf /usr/lib/ipsec rm -rf /usr/libexec/ipsec # -# old snort libs ... +# old snort libs and rules ... # rm -rf /usr/lib/snort_* +rm -rf /etc/snort
# # Backup grub.conf diff --git a/config/snort/snort.conf b/config/snort/snort.conf index 2b294eb..bf46406 100644 --- a/config/snort/snort.conf +++ b/config/snort/snort.conf @@ -21,14 +21,18 @@ # Step #1: Set the network variables. For more information, see README.variables ###################################################
+include /etc/snort/vars + # Setup the network addresses you are protecting -var HOME_NET any +# taken from /etc/snort vars +#var HOME_NET any
# Set up the external network addresses. A good start may be "any" var EXTERNAL_NET any
# List of DNS servers on your network -var DNS_SERVERS $HOME_NET +# taken from /etc/snort vars +#var DNS_SERVERS $HOME_NET
# List of SMTP servers on your network var SMTP_SERVERS $HOME_NET @@ -45,6 +49,9 @@ var TELNET_SERVERS $HOME_NET # List of ports you run web servers on portvar HTTP_PORTS [80,2301,3128,7777,7779,8000,8008,8028,8080,8180,8888,9999]
+# List of ssh ports +portvar SSH_PORTS [22,222] + # List of ports you want to look for SHELLCODE on. portvar SHELLCODE_PORTS !80
@@ -61,6 +68,7 @@ var RULE_PATH /etc/snort/rules var SO_RULE_PATH /etc/snort/so_rules var PREPROC_RULE_PATH /etc/snort/preproc_rules
+ ################################################### # Step #2: Configure the decoder. For more information, see README.decode ################################################### @@ -299,5 +307,3 @@ include /etc/snort/rules/reference.config
# site specific rules
-# Event thresholding or suppression commands. See threshold.conf -# include threshold.conf \ No newline at end of file diff --git a/lfs/initscripts b/lfs/initscripts index 38870b8..a9fadf4 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -119,6 +119,8 @@ $(TARGET) : ln -sf ../init.d/fcron /etc/rc.d/rc0.d/K08fcron ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron ln -sf ../init.d/fcron /etc/rc.d/rc6.d/K08fcron + ln -sf ../init.d/snort /etc/rc.d/rc0.d/K78snort + ln -sf ../init.d/snort /etc/rc.d/rc6.d/K78snort ln -sf ../init.d/network /etc/rc.d/rc0.d/K80network ln -sf ../init.d/network /etc/rc.d/rc3.d/S20network ln -sf ../init.d/network /etc/rc.d/rc6.d/K80network diff --git a/lfs/linux b/lfs/linux index 34bddd8..68e7df4 100644 --- a/lfs/linux +++ b/lfs/linux @@ -197,7 +197,7 @@ ifneq "$(XEN)" "1" for f in $$(ls -1 /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm/*/*.ko); do \ echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer ; \ done - + sed -i -e "s|.ko||g" /etc/modprobe.d/framebuffer endif
@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* $(DIR_SRC)/squashfs* $(DIR_SRC)/netfilter-layer7-* diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort index 5446094..6323e2b 100644 --- a/src/initscripts/init.d/snort +++ b/src/initscripts/init.d/snort @@ -20,57 +20,57 @@ PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
-if [ "$ENABLE_SNORT_ORANGE" == "on" ]; then - HOME_NET+="$ORANGE_ADDRESS," - DEVICES+="$ORANGE_DEV " -fi +case "$1" in + start) + if [ "$BLUE_NETADDRESS" ]; then + BLUE_NET="$BLUE_NETADDRESS/$BLUE_NETMASK," + BLUE_IP="$BLUE_ADDRESS," + fi
-if [ "$ENABLE_SNORT_GREEN" == "on" ]; then - HOME_NET+="$GREEN_ADDRESS," - DEVICES+="$GREEN_DEV " -fi + if [ "$ORANGE_NETADDRESS" ]; then + ORANGE_NET="$ORANGE_NETADDRESS/$ORANGE_NETMASK," + ORANGE_IP="$ORANGE_ADDRESS," + fi
-if [ "$ENABLE_SNORT_BLUE" == "on" ]; then - HOME_NET+="$BLUE_ADDRESS," - DEVICES+="$BLUE_DEV " -fi + if [ "$ENABLE_SNORT_ORANGE" == "on" ]; then + DEVICES+="$ORANGE_DEV " + HOMENET+="$ORANGE_IP" + else + HOMENET+="$ORANGE_NET" + fi
-if [ "$ENABLE_SNORT" == "on" ]; then - LOCAL_IP=`cat /var/ipfire/red/local-ipaddress` - if [ "$LOCAL_IP" ]; then - HOME_NET+="$LOCAL_IP," - else - exit 1 ## Add error handling here - fi - DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null` -fi + if [ "$ENABLE_SNORT_BLUE" == "on" ]; then + DEVICES+="$BLUE_DEV " + HOMENET+="$BLUE_IP" + else + HOMENET+="$BLUE_NET" + fi
-COUNT=`echo $HOME_NET | wc -m` -HOME_NET=`echo $HOME_NET | cut -c $[$COUNT - 2]` - -echo "var HOME_NET [$HOME_NET]" > /etc/snort/vars -echo "var EXTERNAL_NET ANY" >> /etc/snort/vars + if [ "$ENABLE_SNORT_GREEN" == "on" ]; then + DEVICES+="$GREEN_DEV " + HOMENET+="$GREEN_ADDRESS," + else + HOMENET+="$GREEN_NETADDRESS/$GREEN_NETMASK," + fi
-DNS1=`cat /var/ipfire/red/dns1 2>/dev/null` -DNS2=`cat /var/ipfire/red/dns2 2>/dev/null` + if [ "$ENABLE_SNORT" == "on" ]; then + DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null` + LOCAL_IP=`cat /var/ipfire/red/local-ipaddress 2>/dev/null` + if [ "$LOCAL_IP" ]; then + HOMENET+="$LOCAL_IP," + fi + fi + HOMENET+="127.0.0.1" + echo "var HOME_NET [$HOMENET]" > /etc/snort/vars
-if [ "$DNS2" ]; then - echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars -else - echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars -fi + DNS1=`cat /var/ipfire/red/dns1 2>/dev/null` + DNS2=`cat /var/ipfire/red/dns2 2>/dev/null`
-case "$1" in - start) - # Disable incompatible rules - boot_mesg "Check/Fix Intrusion Detection rules..." - for file in $(ls /etc/snort/rules/*.rules 2>/dev/null); do - sed -i 's|^alert.*![$DNS_SERVERS|#&|g' $file - sed -i 's|^alert.*!$SSH_PORTS|#&|g' $file - sed -i 's|^alert.*!$HOME_NET|#&|g' $file - sed -i 's|^alert.*!$SQL_SERVERS|#&|g' $file - done - echo_ok + if [ "$DNS2" ]; then + echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars + else + echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars + fi
for DEVICE in $DEVICES; do boot_mesg "Starting Intrusion Detection System on $DEVICE..."
hooks/post-receive -- IPFire 2.x development tree