From: Florian Fainelli Date: Mon, 13 Aug 2012 14:08:40 +0000 (+0000) Subject: Snort: update to 2.9.2.2 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=6426fee6ec165d2801f212b4a17a9de9bbbc4ded;p=openwrt%2Fsvn-archive%2Fpackages.git Snort: update to 2.9.2.2 I've managed to update Snort to version 2.9.2.2. I did not want to split this patch even if it has so many deltas - there are many deletions of unused patches. Also there is a configuration file that has almost the same functionality as the 2.8.4.1 one. The reason I've not written a patch for update to 2.9.3 is to preserve compatibility with snortsam which has not patch for 2.9.3 yet. If this patch becomes accepted then patch http://patchwork.openwrt.org/patch/2381/ becomes obsolete, because it depends on 2.8.4.1. Next patch (3/3) introduces support for Snortsam package (Snortsam is snort version independent, just needs snort to be patched with proper patch). Signed-off-by: Jiri Slachta SVN-Revision: 33169 --- diff --git a/net/snort/Makefile b/net/snort/Makefile index f2d7418d1..1014c2677 100644 --- a/net/snort/Makefile +++ b/net/snort/Makefile @@ -1,4 +1,4 @@ -# + # Copyright (C) 2006-2011 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort -PKG_VERSION:=2.8.4.1 -PKG_RELEASE:=3 +PKG_VERSION:=2.9.2.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://dl.snort.org/snort-current/ -PKG_MD5SUM:=63f4e76ae96a2d133f4c7b741bad5458 +PKG_SOURCE_URL:=http://snort.org/dl/snort-current/ +PKG_MD5SUM:=4254389550e3be31afebc70e64e6002f PKG_BUILD_DEPENDS:=librpc PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) @@ -26,7 +26,7 @@ define Package/snort/Default SUBMENU:=Firewall SECTION:=net CATEGORY:=Network - DEPENDS:=+libnet0 +libpcap +libpcre + DEPENDS:=+libpcap +libpcre +libdnet +libdaq +libpthread +zlib TITLE:=Lightweight Network Intrusion Detection System URL:=http://www.snort.org/ endef @@ -74,13 +74,17 @@ endef CONFIGURE_ARGS += \ + --prefix="/usr" \ --enable-flexresp \ - --with-libnet-includes="$(STAGING_DIR)/usr/lib/libnet-1.0.x/include" \ - --with-libnet-libraries="$(STAGING_DIR)/usr/lib/libnet-1.0.x/lib" \ + --with-dnet-includes="$(STAGING_DIR)/usr/include" \ + --with-dnet-libraries="$(STAGING_DIR)/usr/lib" \ --with-libpcap-includes="$(STAGING_DIR)/usr/include" \ --with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \ --with-libpcre-includes="$(STAGING_DIR)/usr/include" \ --with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \ + --with-daq-includes="$(STAGING_DIR)/usr/include" \ + --with-daq-libraries="$(STAGING_DIR)/usr/lib" \ + --disable-static-daq CONFIGURE_VARS += \ CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include/mysql" \ @@ -98,6 +102,8 @@ ifeq ($(BUILD_VARIANT),basic) endif ifeq ($(BUILD_VARIANT),mysql) + CONFIGURE_VARS += \ + mysql_has_reconnect=yes CONFIGURE_ARGS += \ --with-mysql="$(STAGING_DIR)/usr" \ @@ -112,6 +118,24 @@ ifeq ($(BUILD_VARIANT),pgsql) endif +define Build/InstallDev + $(INSTALL_DIR) $(STAGING_DIR)/usr/include/snort/dynamic_preproc + $(CP) \ + $(PKG_INSTALL_DIR)/usr/include/snort/dynamic_preproc/* \ + $(STAGING_DIR)/usr/include/snort/dynamic_preproc/ + $(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort/dynamic_preproc + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/snort/dynamic_preproc/* \ + $(STAGING_DIR)/usr/lib/snort/dynamic_preproc/ + $(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort_dynamicengine + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/* \ + $(STAGING_DIR)/usr/lib/snort_dynamicengine/ + $(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort_dynamicpreprocessor + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/* \ + $(STAGING_DIR)/usr/lib/snort_dynamicpreprocessor/ +endef define Package/snort/conffiles /etc/default/snort @@ -121,17 +145,19 @@ endef define Package/snort/install $(INSTALL_DIR) $(1)/usr/bin - $(CP) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/snort.bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} $(1)/usr/bin + $(INSTALL_BIN) ./files/snort.bin $(1)/usr/bin/snort $(INSTALL_DIR) $(1)/usr/lib/snort_dynamicengine $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/libsf_engine.so* $(1)/usr/lib/snort_dynamicengine/ $(INSTALL_DIR) $(1)/usr/lib/snort_dynamicpreprocessor - $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/libsf_{dce2,dcerpc,dns,ftptelnet,smtp,ssh,ssl}_preproc.so* $(1)/usr/lib/snort_dynamicpreprocessor/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/libsf*.so* $(1)/usr/lib/snort_dynamicpreprocessor/ $(INSTALL_DIR) $(1)/etc/snort $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/snort.conf $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/attribute_table.dtd $(1)/etc/snort/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/classification.config $(1)/etc/snort/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/gen-msg.map $(1)/etc/snort/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/reference.config $(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/sid-msg.map $(1)/etc/snort/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/threshold.conf $(1)/etc/snort/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/unicode.map $(1)/etc/snort/ $(INSTALL_DIR) $(1)/etc/snort/preproc_rules diff --git a/net/snort/files/snort.bin b/net/snort/files/snort.bin new file mode 100644 index 000000000..dd6b22293 --- /dev/null +++ b/net/snort/files/snort.bin @@ -0,0 +1,3 @@ +#!/bin/sh + +exec snort.bin --daq-dir /usr/lib/daq/ $* diff --git a/net/snort/files/snort.init b/net/snort/files/snort.init index 8c019c41d..820ef11c1 100644 --- a/net/snort/files/snort.init +++ b/net/snort/files/snort.init @@ -1,23 +1,20 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common +# Copyright (C) 2012 OpenWrt.org +START=99 +APP=snort +BIN_FILE="/usr/bin/"$APP +PID_FILE="/var/run/"$APP"_"$INTERFACE".pid" +OPTIONS= DEFAULT=/etc/default/snort LOG_D=/var/log/snort -RUN_D=/var/run -[ -f $DEFAULT ] && . $DEFAULT -PID_F=$RUN_D/snort_$INTERFACE.pid -case $1 in - start) - [ -d $LOG_D ] || mkdir -p $LOG_D - [ -d $RUN_D ] || mkdir -p $RUN_D - snort $OPTIONS - ;; - stop) - [ -f $PID_F ] && kill $(cat $PID_F) - ;; - *) - echo "usage: $0 (start|stop)" - exit 1 -esac +start() { + [ -d $LOG_D ] || mkdir -p $LOG_D + start-stop-daemon -S -x $BIN_FILE -p $PID_FILE -b -m -- $OPTIONS +} -exit $? +stop() { + start-stop-daemon -K -x $BIN_FILE -p $PID_FILE -q + rm -rf $PID_FILE +} diff --git a/net/snort/patches/002-automake-cross.patch b/net/snort/patches/002-automake-cross.patch deleted file mode 100644 index 5671c2388..000000000 --- a/net/snort/patches/002-automake-cross.patch +++ /dev/null @@ -1,214 +0,0 @@ ---- a/configure.in -+++ b/configure.in -@@ -163,28 +163,6 @@ else - AC_MSG_RESULT(no) - fi - --# check for sparc %time register --if eval "echo $host_cpu|grep -i sparc >/dev/null"; then -- OLD_CFLAGS="$CFLAGS" -- CFLAGS="$CFLAGS -mcpu=v9 " -- AC_MSG_CHECKING([for sparc %time register]) -- AC_RUN_IFELSE( -- [AC_LANG_PROGRAM( -- [[]], -- [[ -- int val; -- __asm__ __volatile__("rd %%tick, %0" : "=r"(val)); -- ]])], -- [sparcv9="yes"], -- [sparcv9="no"]) -- AC_MSG_RESULT($sparcv9) -- if test "x$sparcv9" = "xyes"; then -- AC_DEFINE([SPARCV9], [], [For sparc v9 with %time register]) -- else -- CFLAGS="$OLD_CFLAGS" -- fi --fi -- - dnl checking headers - AC_CHECK_HEADERS(strings.h) - AC_CHECK_HEADERS(string.h) -@@ -282,22 +260,12 @@ AC_CHECK_FUNCS(vswprintf) - AC_CHECK_FUNCS(wprintf) - - AC_MSG_CHECKING([for sizeof(unsigned long)]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[], --[[ -- if (sizeof(unsigned long) == 8) -- return 0; -- -- return 1; --]])], --[ulong_is_64_bit="yes"], --[ulong_is_64_bit="no"]) --if test "x$ulong_is_64_bit" = "xyes"; then -- AC_MSG_RESULT([64 bits]) -- AC_DEFINE([ULONGIS64BIT], [], [If unsigned long is 64 bits]) -+AC_CHECK_SIZEOF([unsigned long]) -+if test $ac_cv_sizeof_unsigned_long = 8; then -+ AC_MSG_RESULT([64 bits]) -+ AC_DEFINE([ULONGIS64BIT], [], [If unsigned long is 64 bits]) - else -- AC_MSG_RESULT([32 bits]) -+ AC_MSG_RESULT([32 bits]) - fi - - AC_TRY_COMPILE([ -@@ -412,88 +380,7 @@ if test "x$LPCAP" = "xno"; then - fi - - --# This is to determine which pcap library version is being used. The reason being --# that versions < 0.9 do not accumulate packet statistics whereas >= 0.9 do accumulate. --# This is Linux only. The check is done after pcre because the code below uses pcre. --# It seems Phil Wood's pcap does not accumulate - 0.9x --pcap_version_check="yes" --if test "x$linux" = "xyes"; then -- if test "x$pcap_version_check" = "xyes"; then -- AC_MSG_CHECKING([for libpcap version >= 0.9]) -- AC_RUN_IFELSE( -- [AC_LANG_PROGRAM( -- [[ -- #include -- #include -- extern char pcap_version[]; -- ]], -- [[ -- if (strcmp(pcap_version, "0.9x") == 0) -- return 1; -- -- if (strcmp(pcap_version, "0.9.0") < 0) -- return 1; -- ]])], -- [libpcap_version_09="yes"], -- [libpcap_version_09="no"]) -- AC_MSG_RESULT($libpcap_version_09) -- if test "x$libpcap_version_09" = "xyes"; then -- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) -- fi -- else -- libpcap_version_09="no" -- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) -- fi -- -- # there is a bug in the Linux code in 0.9.0 - 0.9.4 where the pcap -- # stats are doubled. -- if test "x$libpcap_version_09" = "xyes"; then -- AC_MSG_CHECKING(for libpcap version 0.9.0 - 0.9.4) -- AC_RUN_IFELSE( -- [AC_LANG_PROGRAM( -- [[ -- #include -- #include -- extern char pcap_version[]; -- ]], -- [[ -- if (strcmp(pcap_version, "0.9.5") < 0) -- return 1; -- ]])], -- [libpcap_version_09_bug="no"], -- [libpcap_version_09_bug="yes"]) -- AC_MSG_RESULT($libpcap_version_09_bug) -- else -- libpcap_version_09_bug="no" -- fi -- -- if test "x$libpcap_version_09_bug" = "xyes"; then -- AC_DEFINE([LINUX_LIBPCAP_DOUBLES_STATS], [], [For Linux libpcap versions 0.9.0 to 0.9.4]) -- fi --else -- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) --fi -- --# In case INADDR_NONE is not defined (like on Solaris) --have_inaddr_none="no" --AC_MSG_CHECKING([for INADDR_NONE]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[[ --#include --#include --]], --[[ -- if (inet_addr("10,5,2") == INADDR_NONE); --]])], --[have_inaddr_none="yes"], --[have_inaddr_none="no"]) --AC_MSG_RESULT($have_inaddr_none) --if test "x$have_inaddr_none" = "xno"; then -- AC_DEFINE([INADDR_NONE], [-1], [For INADDR_NONE definition]) --fi -- --default_directory="/usr /usr/local" -+AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) - - AC_DEFUN([FAIL_MESSAGE],[ - echo -@@ -745,64 +632,6 @@ if test "x$with_mysql" != "xno"; then - LIBS="-lmysqlclient ${LIBS}" - fi - fi -- -- AC_MSG_CHECKING([for mysql default client reconnect]) -- -- AC_RUN_IFELSE( -- [AC_LANG_PROGRAM( -- [[ -- #include -- ]], -- [[ -- if (mysql_get_client_version() < 50003) -- return 1; -- ]])], -- [mysql_default_reconnect="no"], -- [mysql_default_reconnect="yes"]) -- -- AC_MSG_RESULT($mysql_default_reconnect) -- -- if test "x$mysql_default_reconnect" = "xno"; then -- AC_MSG_CHECKING([for mysql reconnect option]) -- -- AC_RUN_IFELSE( -- [AC_LANG_PROGRAM( -- [[ -- #include -- ]], -- [[ -- if (mysql_get_client_version() < 50013) -- return 1; -- ]])], -- [mysql_has_reconnect="yes"], -- [mysql_has_reconnect="no"]) -- -- AC_MSG_RESULT($mysql_has_reconnect) -- -- if test "x$mysql_has_reconnect" = "xyes"; then -- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT], [], [For MySQL versions 5.0.13 and greater]) -- -- AC_MSG_CHECKING([for mysql setting of reconnect option before connect bug]) -- -- AC_RUN_IFELSE( -- [AC_LANG_PROGRAM( -- [[ -- #include -- ]], -- [[ -- if (mysql_get_client_version() < 50019) -- return 1; -- ]])], -- [mysql_has_reconnect_bug="no"], -- [mysql_has_reconnect_bug="yes"]) -- -- AC_MSG_RESULT($mysql_has_reconnect_bug) -- -- if test "x$mysql_has_reconnect_bug" = "xyes"; then -- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT_BUG], [], [For MySQL versions 5.0.13 to 5.0.18]) -- fi -- fi -- fi - fi - - AC_ARG_WITH(odbc, diff --git a/net/snort/patches/003-automake-no-hostpaths.patch b/net/snort/patches/003-automake-no-hostpaths.patch deleted file mode 100644 index b7fc1f616..000000000 --- a/net/snort/patches/003-automake-no-hostpaths.patch +++ /dev/null @@ -1,86 +0,0 @@ ---- a/configure.in -+++ b/configure.in -@@ -115,7 +115,6 @@ case "$host" in - # libpcap doesn't even LOOK at the timeout you give it under Linux - AC_DEFINE(PCAP_TIMEOUT_IGNORED,,[Define if PCAP_TIMEOUT_IGNORED]) - AC_SUBST(extra_incl) -- extra_incl=-I/usr/include/pcap - ;; - *-hpux10*|*-hpux11*) - AC_DEFINE(HPUX,,[Define if HPUX]) -@@ -719,13 +718,13 @@ AC_ARG_WITH(pgsql_includes, - - if test "x$with_postgresql" != "xno"; then - if test "x$with_postgresql" = "xyes"; then -- postgresql_directory="$default_directory /usr/local/pgsql /usr/pgsql /usr/local" -+ postgresql_directory="$default_directory" - postgresql_fail="yes" - elif test -d $withval; then -- postgresql_directory="$withval $default_directory /usr/local/pgsql /usr/pgsql" -+ postgresql_directory="$withval $default_directory" - postgresql_fail="yes" - elif test "$with_postgresql" = ""; then -- postgresql_directory="$default_directory /usr/local/pgsql /usr/pgsql" -+ postgresql_directory="$default_directory" - postgresql_fail="no" - fi - -@@ -1040,8 +1039,6 @@ if test "$enable_inline" != "no"; then - LIBNET_INC_DIR="" - if test -n "$with_libnet_includes" -a "$with_libnet_includes" != "no"; then - libnet_dir="${with_libnet_includes}" -- else -- libnet_dir="/usr/include /usr/local/include /sw/include" - fi - AC_MSG_CHECKING("for libnet.h version 1.0.x") - for i in $libnet_dir; do -@@ -1089,7 +1086,6 @@ if test "x$enable_flexresp" != "xno" -a - fi - - if test `libnet-config --cflags | wc -c` = "1"; then -- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" - LIBNET_CONFIG_BROKEN_CFLAGS="yes" - fi - -@@ -1097,7 +1093,6 @@ if test "x$enable_flexresp" != "xno" -a - AC_MSG_WARN(libnet-config --libs is broken on your system. If you) - AC_MSG_WARN(are using a precompiled package please notify the) - AC_MSG_WARN(maintainer.) -- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" - LIBS="${LIBS} -lnet" - fi - -@@ -1116,8 +1111,6 @@ if test "x$enable_flexresp" != "xno" -a - if test "x${LIBNET_CONFIG_BROKEN_CFLAGS}" = "xyes"; then - if test -n "$with_libnet_includes" -a "x$with_libnet_includes" != "xno"; then - libnet_dir="${with_libnet_includes}" -- else -- libnet_dir="/usr/include /usr/local/include /sw/include" - fi - else - libnet_dir=`libnet-config --cflags | cut -dI -f2` -@@ -1210,7 +1203,6 @@ if test "x$enable_react" != "xno" -a "x$ - fi - - if test `libnet-config --cflags | wc -c` = "1"; then -- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" - LIBNET_CONFIG_BROKEN_CFLAGS="yes" - fi - -@@ -1218,7 +1210,6 @@ if test "x$enable_react" != "xno" -a "x$ - AC_MSG_WARN(libnet-config --libs is broken on your system. If you) - AC_MSG_WARN(are using a precompiled package please notify the) - AC_MSG_WARN(maintainer.) -- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" - LIBS="${LIBS} -lnet" - fi - -@@ -1237,8 +1228,6 @@ if test "x$enable_react" != "xno" -a "x$ - if test "x${LIBNET_CONFIG_BROKEN_CFLAGS}" = "xyes"; then - if test -n "$with_libnet_includes" -a "x$with_libnet_includes" != "xno"; then - libnet_dir="${with_libnet_includes}" -- else -- libnet_dir="/usr/include /usr/local/include /sw/include" - fi - else - libnet_dir=`libnet-config --cflags | cut -dI -f2` diff --git a/net/snort/patches/010-dont-add-host-paths.patch b/net/snort/patches/010-dont-add-host-paths.patch deleted file mode 100644 index 9a899c13e..000000000 --- a/net/snort/patches/010-dont-add-host-paths.patch +++ /dev/null @@ -1,43 +0,0 @@ ---- a/configure -+++ b/configure -@@ -20668,8 +20668,6 @@ cat >>confdefs.h <<\_ACEOF - #define PCAP_TIMEOUT_IGNORED - _ACEOF - -- -- extra_incl=-I/usr/include/pcap - ;; - *-hpux10*|*-hpux11*) - -@@ -26218,7 +26216,6 @@ if test "x$enable_flexresp" != "xno" -a - fi - - if test `libnet-config --cflags | wc -c` = "1"; then -- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" - LIBNET_CONFIG_BROKEN_CFLAGS="yes" - fi - -@@ -26229,7 +26226,6 @@ echo "$as_me: WARNING: libnet-config --l - echo "$as_me: WARNING: are using a precompiled package please notify the" >&2;} - { echo "$as_me:$LINENO: WARNING: maintainer." >&5 - echo "$as_me: WARNING: maintainer." >&2;} -- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" - LIBS="${LIBS} -lnet" - fi - -@@ -26804,7 +26800,6 @@ if test "x$enable_react" != "xno" -a "x$ - fi - - if test `libnet-config --cflags | wc -c` = "1"; then -- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" - LIBNET_CONFIG_BROKEN_CFLAGS="yes" - fi - -@@ -26815,7 +26810,6 @@ echo "$as_me: WARNING: libnet-config --l - echo "$as_me: WARNING: are using a precompiled package please notify the" >&2;} - { echo "$as_me:$LINENO: WARNING: maintainer." >&5 - echo "$as_me: WARNING: maintainer." >&2;} -- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" - LIBS="${LIBS} -lnet" - fi - diff --git a/net/snort/patches/100-INADDR_NONE.patch b/net/snort/patches/100-INADDR_NONE.patch new file mode 100644 index 000000000..cae11fcb3 --- /dev/null +++ b/net/snort/patches/100-INADDR_NONE.patch @@ -0,0 +1,40 @@ +--- a/configure.in ++++ b/configure.in +@@ -283,21 +283,22 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,i + AC_CHECK_TYPES([boolean]) + + # In case INADDR_NONE is not defined (like on Solaris) +-have_inaddr_none="no" +-AC_MSG_CHECKING([for INADDR_NONE]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include +-#include +-#include +-]], +-[[ +- if (inet_addr("10,5,2") == INADDR_NONE); +- return 0; +-]])], +-[have_inaddr_none="yes"], +-[have_inaddr_none="no"]) ++have_inaddr_none="yes" ++#AC_MSG_CHECKING([for INADDR_NONE]) ++#AC_RUN_IFELSE( ++#[AC_LANG_PROGRAM( ++#[[ ++##include ++##include ++##include ++#]], ++#[[ ++# if (inet_addr("10,5,2") == INADDR_NONE); ++# return 0; ++#]])], ++#[have_inaddr_none="yes"], ++#[have_inaddr_none="yes"]) ++ + AC_MSG_RESULT($have_inaddr_none) + if test "x$have_inaddr_none" = "xno"; then + AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) diff --git a/net/snort/patches/100-cross-compile.patch b/net/snort/patches/100-cross-compile.patch deleted file mode 100644 index 57fde4705..000000000 --- a/net/snort/patches/100-cross-compile.patch +++ /dev/null @@ -1,72 +0,0 @@ ---- a/configure -+++ b/configure -@@ -20768,8 +20768,7 @@ echo $ECHO_N "checking for sparc %time r - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ -@@ -22979,8 +22978,7 @@ if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ -@@ -23764,8 +23762,7 @@ echo $ECHO_N "checking for libpcap versi - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ -@@ -23852,8 +23849,7 @@ echo $ECHO_N "checking for libpcap versi - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ -@@ -23939,8 +23935,7 @@ if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ -@@ -24654,8 +24649,7 @@ echo $ECHO_N "checking for mysql default - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ -@@ -24722,8 +24716,7 @@ echo $ECHO_N "checking for mysql reconne - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling - See \`config.log' for more details." >&5 - echo "$as_me: error: cannot run test program while cross compiling --See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -+See \`config.log' for more details." >&2;} } - else - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ diff --git a/net/snort/patches/101-PCAP.patch b/net/snort/patches/101-PCAP.patch new file mode 100644 index 000000000..5ffc1651c --- /dev/null +++ b/net/snort/patches/101-PCAP.patch @@ -0,0 +1,31 @@ +--- a/configure.in ++++ b/configure.in +@@ -401,16 +401,18 @@ if test "x$LPCAP" = "xno"; then + fi + + AC_MSG_CHECKING([for pcap_lex_destroy]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include +-]], +-[[ +- pcap_lex_destroy(); +-]])], +-[have_pcap_lex_destroy="yes"], +-[have_pcap_lex_destroy="no"]) ++have_pcap_lex_destroy="yes" ++#AC_RUN_IFELSE( ++#[AC_LANG_PROGRAM( ++#[[ ++##include ++#]], ++#[[ ++# pcap_lex_destroy(); ++#]])], ++#[have_pcap_lex_destroy="yes"], ++#[have_pcap_lex_destroy="no"]) ++ + AC_MSG_RESULT($have_pcap_lex_destroy) + if test "x$have_pcap_lex_destroy" = "xyes"; then + AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) diff --git a/net/snort/patches/150-config-preprocessors-disable.patch b/net/snort/patches/150-config-preprocessors-disable.patch new file mode 100644 index 000000000..c9d71cbd9 --- /dev/null +++ b/net/snort/patches/150-config-preprocessors-disable.patch @@ -0,0 +1,491 @@ +--- a/etc/snort.conf ++++ b/etc/snort.conf +@@ -20,6 +20,13 @@ + # test mode -T you are required to supply an interface -i + # or test mode will fail to fully validate the configuration and + # exit with a FATAL error ++#! ++#! OpenWrt: ++#! Some options in this config were changed to adapt snort for OpenWrt. Any changes ++#! made to the original default configuration will start with '#! ' so you can track ++#! the changes. ++#! ++#! Most preprocessors and rules were disabled to save memory. + #-------------------------------------------------- + + ################################################### +@@ -42,10 +49,12 @@ + ################################################### + + # Setup the network addresses you are protecting +-ipvar HOME_NET any ++#! ipvar HOME_NET any ++ipvar HOME_NET 192.168.1.0/24 + + # Set up the external network addresses. Leave as "any" in most situations +-ipvar EXTERNAL_NET any ++#! ipvar EXTERNAL_NET any ++ipvar EXTERNAL_NET !$HOME_NET + + # List of DNS servers on your network + ipvar DNS_SERVERS $HOME_NET +@@ -101,17 +110,23 @@ ipvar AIM_SERVERS [64.12.24.0/23,64.12.2 + # Path to your rules files (this can be a relative path) + # Note for Windows users: You are advised to make this an absolute path, + # such as: c:\snort\rules +-var RULE_PATH ../rules +-var SO_RULE_PATH ../so_rules +-var PREPROC_RULE_PATH ../preproc_rules ++#! Those paths are relative to this snort.conf file. ++#! var RULE_PATH ../rules ++#! var SO_RULE_PATH ../so_rules ++#! var PREPROC_RULE_PATH ../preproc_rules ++var RULE_PATH ./rules ++var SO_RULE_PATH ./so_rules ++var PREPROC_RULE_PATH ./preproc_rules + + # If you are using reputation preprocessor set these + # Currently there is a bug with relative paths, they are relative to where snort is + # not relative to snort.conf like the above variables + # This is completely inconsistent with how other vars work, BUG 89986 + # Set the absolute path appropriately +-var WHITE_LIST_PATH ../rules +-var BLACK_LIST_PATH ../rules ++#! var WHITE_LIST_PATH ../rules ++#! var BLACK_LIST_PATH ../rules ++var WHITE_LIST_PATH ./rules ++var BLACK_LIST_PATH ./rules + + ################################################### + # Step #2: Configure the decoder. For more information, see README.decode +@@ -244,13 +259,16 @@ config paf_max: 16000 + ################################################### + + # path to dynamic preprocessor libraries +-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ ++#! dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ ++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ + + # path to base preprocessor engine +-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so ++#! dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so ++#! dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so #! disabled for performance reasons + + # path to dynamic rules libraries +-dynamicdetection directory /usr/local/lib/snort_dynamicrules ++#! dynamicdetection directory /usr/local/lib/snort_dynamicrules ++#! dynamicdetection directory /usr/lib/snort_dynamicrules #! disabled for performance reasons + + ################################################### + # Step #5: Configure preprocessors +@@ -294,124 +312,128 @@ preprocessor stream5_udp: timeout 180 + # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000 + + # HTTP normalization and anomaly detection. For more information, see README.http_inspect +-preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 +-preprocessor http_inspect_server: server default \ +- http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ +- chunk_length 500000 \ +- server_flow_depth 0 \ +- client_flow_depth 0 \ +- post_depth 65495 \ +- oversize_dir_length 500 \ +- max_header_length 750 \ +- max_headers 100 \ +- max_spaces 0 \ +- small_chunk_length { 10 5 } \ +- ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 } \ +- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ +- enable_cookie \ +- extended_response_inspection \ +- inspect_gzip \ +- normalize_utf \ +- unlimited_decompress \ +- normalize_javascript \ +- apache_whitespace no \ +- ascii no \ +- bare_byte no \ +- directory no \ +- double_decode no \ +- iis_backslash no \ +- iis_delimiter no \ +- iis_unicode no \ +- multi_slash no \ +- utf_8 no \ +- u_encode yes \ +- webroot no ++#! disabled for performance reasons: ++#! preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 ++#! preprocessor http_inspect_server: server default \ ++#! http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ ++#! chunk_length 500000 \ ++#! server_flow_depth 0 \ ++#! client_flow_depth 0 \ ++#! post_depth 65495 \ ++#! oversize_dir_length 500 \ ++#! max_header_length 750 \ ++#! max_headers 100 \ ++#! max_spaces 0 \ ++#! small_chunk_length { 10 5 } \ ++#! ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 } \ ++#! non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ ++#! enable_cookie \ ++#! extended_response_inspection \ ++#! inspect_gzip \ ++#! normalize_utf \ ++#! unlimited_decompress \ ++#! normalize_javascript \ ++#! apache_whitespace no \ ++#! ascii no \ ++#! bare_byte no \ ++#! directory no \ ++#! double_decode no \ ++#! iis_backslash no \ ++#! iis_delimiter no \ ++#! iis_unicode no \ ++#! multi_slash no \ ++#! utf_8 no \ ++#! u_encode yes \ ++#! webroot no + + # ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode +-preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete ++#! disabled for performance reasons: ++#! preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete + + # Back Orifice detection. +-preprocessor bo ++#! preprocessor bo #! disabled for performance reasons + + # FTP / Telnet normalization and anomaly detection. For more information, see README.ftptelnet +-preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no +-preprocessor ftp_telnet_protocol: telnet \ +- ayt_attack_thresh 20 \ +- normalize ports { 23 } \ +- detect_anomalies +-preprocessor ftp_telnet_protocol: ftp server default \ +- def_max_param_len 100 \ +- ports { 21 2100 3535 } \ +- telnet_cmds yes \ +- ignore_telnet_erase_cmds yes \ +- ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ +- ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ +- ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ +- ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \ +- ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ +- ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ +- ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ +- ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ +- ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ +- ftp_cmds { XSEN XSHA1 XSHA256 } \ +- alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ +- alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ +- alt_max_param_len 256 { CWD RNTO } \ +- alt_max_param_len 400 { PORT } \ +- alt_max_param_len 512 { SIZE } \ +- chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ +- chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ +- chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ +- chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ +- chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ +- chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ +- chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ +- chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ +- cmd_validity ALLO < int [ char R int ] > \ +- cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ +- cmd_validity MACB < string > \ +- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ +- cmd_validity MODE < char ASBCZ > \ +- cmd_validity PORT < host_port > \ +- cmd_validity PROT < char CSEP > \ +- cmd_validity STRU < char FRPO [ string ] > \ +- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > +-preprocessor ftp_telnet_protocol: ftp client default \ +- max_resp_len 256 \ +- bounce yes \ +- ignore_telnet_erase_cmds yes \ +- telnet_cmds yes ++#! disabled for performance reasons: ++#! preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted ++#! preprocessor ftp_telnet_protocol: telnet \ ++#! ayt_attack_thresh 20 \ ++#! normalize ports { 23 } \ ++#! detect_anomalies ++#! preprocessor ftp_telnet_protocol: ftp server default \ ++#! def_max_param_len 100 \ ++#! ports { 21 2100 3535 } \ ++#! telnet_cmds yes \ ++#! ignore_telnet_erase_cmds yes \ ++#! ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ ++#! ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ ++#! ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ ++#! ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \ ++#! ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ ++#! ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ ++#! ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ ++#! ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ ++#! ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ ++#! ftp_cmds { XSEN XSHA1 XSHA256 } \ ++#! alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ ++#! alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ ++#! alt_max_param_len 256 { CWD RNTO } \ ++#! alt_max_param_len 400 { PORT } \ ++#! alt_max_param_len 512 { SIZE } \ ++#! chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ ++#! chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ ++#! chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ ++#! chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ ++#! chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ ++#! chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ ++#! chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ ++#! chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ ++#! cmd_validity ALLO < int [ char R int ] > \ ++#! cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ ++#! cmd_validity MACB < string > \ ++#! cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ ++#! cmd_validity MODE < char ASBCZ > \ ++#! cmd_validity PORT < host_port > \ ++#! cmd_validity PROT < char CSEP > \ ++#! cmd_validity STRU < char FRPO [ string ] > \ ++#! cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > ++#! preprocessor ftp_telnet_protocol: ftp client default \ ++#! max_resp_len 256 \ ++#! bounce yes \ ++#! ignore_telnet_erase_cmds yes \ ++#! telnet_cmds yes + + + # SMTP normalization and anomaly detection. For more information, see README.SMTP +-preprocessor smtp: ports { 25 465 587 691 } \ +- inspection_type stateful \ +- b64_decode_depth 0 \ +- qp_decode_depth 0 \ +- bitenc_decode_depth 0 \ +- uu_decode_depth 0 \ +- log_mailfrom \ +- log_rcptto \ +- log_filename \ +- log_email_hdrs \ +- normalize cmds \ +- normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ +- normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ +- normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ +- normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ +- max_command_line_len 512 \ +- max_header_line_len 1000 \ +- max_response_line_len 512 \ +- alt_max_command_line_len 260 { MAIL } \ +- alt_max_command_line_len 300 { RCPT } \ +- alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ +- alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ +- alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ +- valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ +- valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ +- valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ +- valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ +- xlink2state { enabled } ++#! disabled for performance reasons: ++#! preprocessor smtp: ports { 25 465 587 691 } \ ++#! inspection_type stateful \ ++#! b64_decode_depth 0 \ ++#! qp_decode_depth 0 \ ++#! bitenc_decode_depth 0 \ ++#! uu_decode_depth 0 \ ++#! log_mailfrom \ ++#! log_rcptto \ ++#! log_filename \ ++#! log_email_hdrs \ ++#! normalize cmds \ ++#! normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ ++#! normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ ++#! normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ ++#! normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ ++#! max_command_line_len 512 \ ++#! max_header_line_len 1000 \ ++#! max_response_line_len 512 \ ++#! alt_max_command_line_len 260 { MAIL } \ ++#! alt_max_command_line_len 300 { RCPT } \ ++#! alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ ++#! alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ ++#! alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ ++#! valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ ++#! valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \ ++#! valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \ ++#! valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \ ++#! xlink2state { enabled } + + # Portscan detection. For more information, see README.sfportscan + # preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } +@@ -430,17 +452,19 @@ preprocessor ssh: server_ports { 22 } \ + enable_srvoverflow enable_protomismatch + + # SMB / DCE-RPC normalization and anomaly detection. For more information, see README.dcerpc2 +-preprocessor dcerpc2: memcap 102400, events [co ] +-preprocessor dcerpc2_server: default, policy WinXP, \ +- detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ +- autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ +- smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] ++#! disabled for performance reasons: ++#! preprocessor dcerpc2: memcap 102400, events [co ] ++#! preprocessor dcerpc2_server: default, policy WinXP, \ ++#! detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ ++#! autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ ++#! smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] + + # DNS anomaly detection. For more information, see README.dns +-preprocessor dns: ports { 53 } enable_rdata_overflow ++#! preprocessor dns: ports { 53 } enable_rdata_overflow #! disabled for performance reasons + + # SSL anomaly detection and traffic bypass. For more information, see README.ssl +-preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted ++#! disabled for performance reasons: ++#! preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted + + # SDF sensitive data preprocessor. For more information see README.sensitive_data + preprocessor sensitive_data: alert_threshold 25 +@@ -503,12 +527,13 @@ preprocessor dnp3: ports { 20000 } \ + check_crc + + # Reputation preprocessor. For more information see README.reputation +-preprocessor reputation: \ +- memcap 500, \ +- priority whitelist, \ +- nested_ip inner, \ +- whitelist $WHITE_LIST_PATH/white_list.rules, \ +- blacklist $BLACK_LIST_PATH/black_list.rules ++#! disabled for performance reasons: ++#! preprocessor reputation: \ ++#! memcap 500, \ ++#! priority whitelist, \ ++#! nested_ip inner, \ ++#! whitelist $WHITE_LIST_PATH/white_list.rules, \ ++#! blacklist $BLACK_LIST_PATH/black_list.rules + + ################################################### + # Step #6: Configure output plugins +@@ -551,60 +576,71 @@ include reference.config + # site specific rules + include $RULE_PATH/local.rules + +-include $RULE_PATH/attack-responses.rules +-include $RULE_PATH/backdoor.rules +-include $RULE_PATH/bad-traffic.rules +-include $RULE_PATH/blacklist.rules +-include $RULE_PATH/botnet-cnc.rules +-include $RULE_PATH/chat.rules +-include $RULE_PATH/content-replace.rules +-include $RULE_PATH/ddos.rules +-include $RULE_PATH/dns.rules +-include $RULE_PATH/dos.rules +-include $RULE_PATH/exploit.rules +-include $RULE_PATH/file-identify.rules +-include $RULE_PATH/finger.rules +-include $RULE_PATH/ftp.rules +-include $RULE_PATH/icmp.rules +-include $RULE_PATH/icmp-info.rules +-include $RULE_PATH/imap.rules +-include $RULE_PATH/info.rules +-include $RULE_PATH/misc.rules +-include $RULE_PATH/multimedia.rules +-include $RULE_PATH/mysql.rules +-include $RULE_PATH/netbios.rules +-include $RULE_PATH/nntp.rules +-include $RULE_PATH/oracle.rules +-include $RULE_PATH/other-ids.rules +-include $RULE_PATH/p2p.rules +-include $RULE_PATH/phishing-spam.rules +-include $RULE_PATH/policy.rules +-include $RULE_PATH/pop2.rules +-include $RULE_PATH/pop3.rules +-include $RULE_PATH/rpc.rules +-include $RULE_PATH/rservices.rules +-include $RULE_PATH/scada.rules +-include $RULE_PATH/scan.rules +-include $RULE_PATH/shellcode.rules +-include $RULE_PATH/smtp.rules +-include $RULE_PATH/snmp.rules +-include $RULE_PATH/specific-threats.rules +-include $RULE_PATH/spyware-put.rules +-include $RULE_PATH/sql.rules +-include $RULE_PATH/telnet.rules +-include $RULE_PATH/tftp.rules +-include $RULE_PATH/virus.rules +-include $RULE_PATH/voip.rules +-include $RULE_PATH/web-activex.rules +-include $RULE_PATH/web-attacks.rules +-include $RULE_PATH/web-cgi.rules +-include $RULE_PATH/web-client.rules +-include $RULE_PATH/web-coldfusion.rules +-include $RULE_PATH/web-frontpage.rules +-include $RULE_PATH/web-iis.rules +-include $RULE_PATH/web-misc.rules +-include $RULE_PATH/web-php.rules +-include $RULE_PATH/x11.rules ++#! include $RULE_PATH/attack-responses.rules ++#! include $RULE_PATH/backdoor.rules ++#! include $RULE_PATH/bad-traffic.rules ++#! include $RULE_PATH/blacklist.rules ++#! include $RULE_PATH/botnet-cnc.rules ++#! include $RULE_PATH/chat.rules ++#! include $RULE_PATH/content-replace.rules ++#! include $RULE_PATH/ddos.rules ++#! include $RULE_PATH/dns.rules ++#! include $RULE_PATH/dos.rules ++#! include $RULE_PATH/exploit.rules ++#! include $RULE_PATH/file-identify.rules ++#! include $RULE_PATH/file-office.rules ++#! include $RULE_PATH/file-other.rules ++#! include $RULE_PATH/file-pdf.rules ++#! include $RULE_PATH/finger.rules ++#! include $RULE_PATH/ftp.rules ++#! include $RULE_PATH/icmp.rules ++#! include $RULE_PATH/icmp-info.rules ++#! include $RULE_PATH/imap.rules ++#! include $RULE_PATH/indicator-compromise.rules ++#! include $RULE_PATH/indicator-obfuscation.rules ++#! include $RULE_PATH/info.rules ++#! include $RULE_PATH/misc.rules ++#! include $RULE_PATH/multimedia.rules ++#! include $RULE_PATH/mysql.rules ++#! include $RULE_PATH/netbios.rules ++#! include $RULE_PATH/nntp.rules ++#! include $RULE_PATH/oracle.rules ++#! include $RULE_PATH/other-ids.rules ++#! include $RULE_PATH/p2p.rules ++#! include $RULE_PATH/phishing-spam.rules ++#! include $RULE_PATH/policy.rules ++#! include $RULE_PATH/policy-multimedia.rules ++#! include $RULE_PATH/policy-other.rules ++#! include $RULE_PATH/policy-social.rules ++#! include $RULE_PATH/pop2.rules ++#! include $RULE_PATH/pop3.rules ++#! include $RULE_PATH/pua-p2p.rules ++#! include $RULE_PATH/pua-toolbars.rules ++#! include $RULE_PATH/rpc.rules ++#! include $RULE_PATH/rservices.rules ++#! include $RULE_PATH/scada.rules ++#! include $RULE_PATH/scan.rules ++#! include $RULE_PATH/server-mail.rules ++#! include $RULE_PATH/shellcode.rules ++#! include $RULE_PATH/smtp.rules ++#! include $RULE_PATH/snmp.rules ++#! include $RULE_PATH/specific-threats.rules ++#! include $RULE_PATH/spyware-put.rules ++#! include $RULE_PATH/sql.rules ++#! include $RULE_PATH/telnet.rules ++#! include $RULE_PATH/tftp.rules ++#! include $RULE_PATH/virus.rules ++#! include $RULE_PATH/voip.rules ++#! include $RULE_PATH/web-activex.rules ++#! include $RULE_PATH/web-attacks.rules ++#! include $RULE_PATH/web-cgi.rules ++#! include $RULE_PATH/web-client.rules ++#! include $RULE_PATH/web-coldfusion.rules ++#! include $RULE_PATH/web-frontpage.rules ++#! include $RULE_PATH/web-iis.rules ++#! include $RULE_PATH/web-misc.rules ++#! include $RULE_PATH/web-php.rules ++#! include $RULE_PATH/x11.rules + + ################################################### + # Step #8: Customize your preprocessor and decoder alerts diff --git a/net/snort/patches/160-mysql_cross_compiling_checks.patch b/net/snort/patches/160-mysql_cross_compiling_checks.patch new file mode 100644 index 000000000..4ad53552b --- /dev/null +++ b/net/snort/patches/160-mysql_cross_compiling_checks.patch @@ -0,0 +1,66 @@ +--- a/configure.in ++++ b/configure.in +@@ -1128,63 +1128,6 @@ if test "x$with_mysql" != "xno"; then + fi + fi + +- AC_MSG_CHECKING([for mysql default client reconnect]) +- +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- ]], +- [[ +- if (mysql_get_client_version() < 50003) +- return 1; +- ]])], +- [mysql_default_reconnect="no"], +- [mysql_default_reconnect="yes"]) +- +- AC_MSG_RESULT($mysql_default_reconnect) +- +- if test "x$mysql_default_reconnect" = "xno"; then +- AC_MSG_CHECKING([for mysql reconnect option]) +- +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- ]], +- [[ +- if (mysql_get_client_version() < 50013) +- return 1; +- ]])], +- [mysql_has_reconnect="yes"], +- [mysql_has_reconnect="no"]) +- +- AC_MSG_RESULT($mysql_has_reconnect) +- +- if test "x$mysql_has_reconnect" = "xyes"; then +- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT],[1],[For MySQL versions 5.0.13 and greater]) +- +- AC_MSG_CHECKING([for mysql setting of reconnect option before connect bug]) +- +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- ]], +- [[ +- if (mysql_get_client_version() < 50019) +- return 1; +- ]])], +- [mysql_has_reconnect_bug="no"], +- [mysql_has_reconnect_bug="yes"]) +- +- AC_MSG_RESULT($mysql_has_reconnect_bug) +- +- if test "x$mysql_has_reconnect_bug" = "xyes"; then +- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT_BUG],[1],[For MySQL versions 5.0.13 to 5.0.18]) +- fi +- fi +- fi + fi + + AC_ARG_WITH(odbc, diff --git a/net/snort/patches/500-no-config-search.patch b/net/snort/patches/500-no-config-search.patch deleted file mode 100644 index bc8dd6074..000000000 --- a/net/snort/patches/500-no-config-search.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- a/src/snort.c -+++ b/src/snort.c -@@ -4198,7 +4198,7 @@ static char *ConfigFileSearch(void) - { - struct stat st; - int i; -- char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL}; -+ char *conf_files[]={"/etc/snort/snort.conf", NULL}; - char *fname = NULL; - char *rval = NULL; - -@@ -4217,30 +4217,6 @@ static char *ConfigFileSearch(void) - i++; - } - -- /* search for .snortrc in the HOMEDIR */ -- if(!rval) -- { -- char *home_dir = NULL; -- -- if((home_dir = getenv("HOME")) != NULL) -- { -- char *snortrc = "/.snortrc"; -- int path_len; -- -- path_len = strlen(home_dir) + strlen(snortrc) + 1; -- -- /* create the full path */ -- fname = (char *)SnortAlloc(path_len); -- -- SnortSnprintf(fname, path_len, "%s%s", home_dir, snortrc); -- -- if(stat(fname, &st) != -1) -- rval = fname; -- else -- free(fname); -- } -- } -- - return rval; - } - diff --git a/net/snort/patches/750-lightweight-config.patch b/net/snort/patches/750-lightweight-config.patch deleted file mode 100644 index 08f410620..000000000 --- a/net/snort/patches/750-lightweight-config.patch +++ /dev/null @@ -1,316 +0,0 @@ ---- a/etc/snort.conf -+++ b/etc/snort.conf -@@ -6,6 +6,7 @@ - # - ################################################### - # This file contains a sample snort configuration. -+# Most preprocessors and rules were disabled to save memory. - # You can take the following steps to create your own custom configuration: - # - # 1) Set the variables for your network -@@ -43,10 +44,10 @@ - # or you can specify the variable to be any IP address - # like this: - --var HOME_NET any -+var HOME_NET 192.168.1.0/24 - - # Set up the external network addresses as well. A good start may be "any" --var EXTERNAL_NET any -+var EXTERNAL_NET !$HOME_NET - - # Configure your server lists. This allows snort to only look for attacks to - # systems that have a service up. Why look for HTTP attacks if you are not -@@ -107,8 +108,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28. - # Path to your rules files (this can be a relative path) - # Note for Windows users: You are advised to make this an absolute path, - # such as: c:\snort\rules --var RULE_PATH ../rules --var PREPROC_RULE_PATH ../preproc_rules -+var RULE_PATH /etc/snort/rules -+var PREPROC_RULE_PATH /etc/snort/preproc_rules - - # Configure the snort decoder - # ============================ -@@ -191,27 +192,27 @@ var PREPROC_RULE_PATH ../preproc_rules - # Load all dynamic preprocessors from the install path - # (same as command line option --dynamic-preprocessor-lib-dir) - # --dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ -+#dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ - # - # Load a specific dynamic preprocessor library from the install path - # (same as command line option --dynamic-preprocessor-lib) - # --# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so -+# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so - # - # Load a dynamic engine from the install path - # (same as command line option --dynamic-engine-lib) - # --dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so -+#dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so - # - # Load all dynamic rules libraries from the install path - # (same as command line option --dynamic-detection-lib-dir) - # --# dynamicdetection directory /usr/local/lib/snort_dynamicrule/ -+# dynamicdetection directory /usr/lib/snort_dynamicrules/ - # - # Load a specific dynamic rule library from the install path - # (same as command line option --dynamic-detection-lib) - # --# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so -+# dynamicdetection file /usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so - # - - ################################################### -@@ -307,11 +308,11 @@ preprocessor stream5_tcp: policy first, - # lots of options available here. See doc/README.http_inspect. - # unicode.map should be wherever your snort.conf lives, or given - # a full path to where snort can find it. --preprocessor http_inspect: global \ -- iis_unicode_map unicode.map 1252 -+#preprocessor http_inspect: global \ -+# iis_unicode_map unicode.map 1252 - --preprocessor http_inspect_server: server default \ -- profile all ports { 80 8080 8180 } oversize_dir_length 500 -+#preprocessor http_inspect_server: server default \ -+# profile all ports { 80 8080 8180 } oversize_dir_length 500 - - # - # Example unique server configuration -@@ -345,7 +346,7 @@ preprocessor http_inspect_server: server - # no_alert_incomplete - don't alert when a single segment - # exceeds the current packet size - --preprocessor rpc_decode: 111 32771 -+#preprocessor rpc_decode: 111 32771 - - # bo: Back Orifice detector - # ------------------------- -@@ -368,7 +369,7 @@ preprocessor rpc_decode: 111 32771 - # 3 Back Orifice Server Traffic Detected - # 4 Back Orifice Snort Buffer Attack - --preprocessor bo -+#preprocessor bo - - # ftp_telnet: FTP & Telnet normalizer, protocol enforcement and buff overflow - # --------------------------------------------------------------------------- -@@ -391,32 +392,32 @@ preprocessor bo - # or use commandline option - # --dynamic-preprocessor-lib - --preprocessor ftp_telnet: global \ -- encrypted_traffic yes \ -- inspection_type stateful -- --preprocessor ftp_telnet_protocol: telnet \ -- normalize \ -- ayt_attack_thresh 200 -+#preprocessor ftp_telnet: global \ -+# encrypted_traffic yes \ -+# inspection_type stateful -+ -+#preprocessor ftp_telnet_protocol: telnet \ -+# normalize \ -+# ayt_attack_thresh 200 - - # This is consistent with the FTP rules as of 18 Sept 2004. - # CWD can have param length of 200 - # MODE has an additional mode of Z (compressed) - # Check for string formats in USER & PASS commands - # Check nDTM commands that set modification time on the file. --preprocessor ftp_telnet_protocol: ftp server default \ -- def_max_param_len 100 \ -- alt_max_param_len 200 { CWD } \ -- cmd_validity MODE < char ASBCZ > \ -- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ -- chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ -- telnet_cmds yes \ -- data_chan -- --preprocessor ftp_telnet_protocol: ftp client default \ -- max_resp_len 256 \ -- bounce yes \ -- telnet_cmds yes -+#preprocessor ftp_telnet_protocol: ftp server default \ -+# def_max_param_len 100 \ -+# alt_max_param_len 200 { CWD } \ -+# cmd_validity MODE < char ASBCZ > \ -+# cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ -+# chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ -+# telnet_cmds yes \ -+# data_chan -+ -+#preprocessor ftp_telnet_protocol: ftp client default \ -+# max_resp_len 256 \ -+# bounce yes \ -+# telnet_cmds yes - - # smtp: SMTP normalizer, protocol enforcement and buffer overflow - # --------------------------------------------------------------------------- -@@ -434,15 +435,15 @@ preprocessor ftp_telnet_protocol: ftp cl - # or use commandline option - # --dynamic-preprocessor-lib - --preprocessor smtp: \ -- ports { 25 587 691 } \ -- inspection_type stateful \ -- normalize cmds \ -- normalize_cmds { EXPN VRFY RCPT } \ -- alt_max_command_line_len 260 { MAIL } \ -- alt_max_command_line_len 300 { RCPT } \ -- alt_max_command_line_len 500 { HELP HELO ETRN } \ -- alt_max_command_line_len 255 { EXPN VRFY } -+#preprocessor smtp: \ -+# ports { 25 587 691 } \ -+# inspection_type stateful \ -+# normalize cmds \ -+# normalize_cmds { EXPN VRFY RCPT } \ -+# alt_max_command_line_len 260 { MAIL } \ -+# alt_max_command_line_len 300 { RCPT } \ -+# alt_max_command_line_len 500 { HELP HELO ETRN } \ -+# alt_max_command_line_len 255 { EXPN VRFY } - - # sfPortscan - # ---------- -@@ -498,9 +499,9 @@ preprocessor smtp: \ - # false alerts, especially under heavy load with dropped packets; which is why - # the option is off by default. - # --preprocessor sfportscan: proto { all } \ -- memcap { 10000000 } \ -- sense_level { low } -+#preprocessor sfportscan: proto { all } \ -+# memcap { 10000000 } \ -+# sense_level { low } - - # arpspoof - #---------------------------------------- -@@ -605,8 +606,8 @@ preprocessor sfportscan: proto { all } - # See doc/README.dcerpc2 for explanations of what the - # preprocessor does and how to configure it. - # --preprocessor dcerpc2 --preprocessor dcerpc2_server: default -+#preprocessor dcerpc2 -+#preprocessor dcerpc2_server: default - - - # DNS -@@ -623,9 +624,9 @@ preprocessor dcerpc2_server: default - # or use commandline option - # --dynamic-preprocessor-lib - --preprocessor dns: \ -- ports { 53 } \ -- enable_rdata_overflow -+#preprocessor dns: \ -+# ports { 53 } \ -+# enable_rdata_overflow - - # SSL - #---------------------------------------- -@@ -649,7 +650,7 @@ preprocessor dns: \ - # To add reassembly on port 443 to Stream5, use 'port both 443' in the - # Stream5 configuration. - --preprocessor ssl: noinspect_encrypted, trustservers -+#preprocessor ssl: noinspect_encrypted, trustservers - - - #################################################################### -@@ -808,44 +809,44 @@ include reference.config - #========================================= - - include $RULE_PATH/local.rules --include $RULE_PATH/bad-traffic.rules --include $RULE_PATH/exploit.rules --include $RULE_PATH/scan.rules --include $RULE_PATH/finger.rules --include $RULE_PATH/ftp.rules --include $RULE_PATH/telnet.rules --include $RULE_PATH/rpc.rules --include $RULE_PATH/rservices.rules --include $RULE_PATH/dos.rules --include $RULE_PATH/ddos.rules --include $RULE_PATH/dns.rules --include $RULE_PATH/tftp.rules -- --include $RULE_PATH/web-cgi.rules --include $RULE_PATH/web-coldfusion.rules --include $RULE_PATH/web-iis.rules --include $RULE_PATH/web-frontpage.rules --include $RULE_PATH/web-misc.rules --include $RULE_PATH/web-client.rules --include $RULE_PATH/web-php.rules -- --include $RULE_PATH/sql.rules --include $RULE_PATH/x11.rules --include $RULE_PATH/icmp.rules --include $RULE_PATH/netbios.rules --include $RULE_PATH/misc.rules --include $RULE_PATH/attack-responses.rules --include $RULE_PATH/oracle.rules --include $RULE_PATH/mysql.rules --include $RULE_PATH/snmp.rules -- --include $RULE_PATH/smtp.rules --include $RULE_PATH/imap.rules --include $RULE_PATH/pop2.rules --include $RULE_PATH/pop3.rules -+#include $RULE_PATH/bad-traffic.rules -+#include $RULE_PATH/exploit.rules -+#include $RULE_PATH/scan.rules -+#include $RULE_PATH/finger.rules -+#include $RULE_PATH/ftp.rules -+#include $RULE_PATH/telnet.rules -+#include $RULE_PATH/rpc.rules -+#include $RULE_PATH/rservices.rules -+#include $RULE_PATH/dos.rules -+#include $RULE_PATH/ddos.rules -+#include $RULE_PATH/dns.rules -+#include $RULE_PATH/tftp.rules -+ -+#include $RULE_PATH/web-cgi.rules -+#include $RULE_PATH/web-coldfusion.rules -+#include $RULE_PATH/web-iis.rules -+#include $RULE_PATH/web-frontpage.rules -+#include $RULE_PATH/web-misc.rules -+#include $RULE_PATH/web-client.rules -+#include $RULE_PATH/web-php.rules -+ -+#include $RULE_PATH/sql.rules -+#include $RULE_PATH/x11.rules -+#include $RULE_PATH/icmp.rules -+#include $RULE_PATH/netbios.rules -+#include $RULE_PATH/misc.rules -+#include $RULE_PATH/attack-responses.rules -+#include $RULE_PATH/oracle.rules -+#include $RULE_PATH/mysql.rules -+#include $RULE_PATH/snmp.rules -+ -+#include $RULE_PATH/smtp.rules -+#include $RULE_PATH/imap.rules -+#include $RULE_PATH/pop2.rules -+#include $RULE_PATH/pop3.rules - --include $RULE_PATH/nntp.rules --include $RULE_PATH/other-ids.rules -+#include $RULE_PATH/nntp.rules -+#include $RULE_PATH/other-ids.rules - # include $RULE_PATH/web-attacks.rules - # include $RULE_PATH/backdoor.rules - # include $RULE_PATH/shellcode.rules -@@ -859,7 +860,7 @@ include $RULE_PATH/other-ids.rules - # include $RULE_PATH/p2p.rules - # include $RULE_PATH/spyware-put.rules - # include $RULE_PATH/specific-threats.rules --include $RULE_PATH/experimental.rules -+#include $RULE_PATH/experimental.rules - - # include $PREPROC_RULE_PATH/preprocessor.rules - # include $PREPROC_RULE_PATH/decoder.rules