[package] update snort to 2.8.4.1 (#3653)

git-svn-id: svn://svn.openwrt.org/openwrt/packages@16820 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-12 19:17:38 +00:00 · 2009-07-12 19:17:38 +00:00 · 82a6ed491c
commit 82a6ed491c
parent 0ac173fb47
4 changed files with 242 additions and 47 deletions
--- a/net/snort/Makefile
+++ b/net/snort/Makefile
@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2009 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=snort
-PKG_VERSION:=2.4.4
+PKG_VERSION:=2.8.4.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.snort.org/dl/current/
-PKG_MD5SUM:=9dc9060d1f2e248663eceffadfc45e7e
+PKG_SOURCE_URL:=http://dl.snort.org/snort-current/
+PKG_MD5SUM:=63f4e76ae96a2d133f4c7b741bad5458

 include $(INCLUDE_DIR)/package.mk

@ -26,22 +26,43 @@ define Package/snort/Default
  URL:=http://www.snort.org/
 endef

+define Package/snort/Default/description
+  Snort is an open source network intrusion detection and prevention system.
+  It is capable of performing real-time traffic analysis, alerting, blocking
+  and packet logging on IP networks.  It utilizes a combination of protocol
+  analysis and pattern matching in order to detect anomalies, misuse and
+  attacks.
+endef
+
 define Package/snort
  $(call Package/snort/Default)
 endef

+define Package/snort/description
+  $(call Package/snort/Default/description)
+endef
+
 define Package/snort-mysql
  $(call Package/snort/Default)
  DEPENDS+= +libmysqlclient
  TITLE+= (MySQL)
 endef

+define Package/snort-mysql/description
+  $(call Package/snort/Default/description)
+  This package contains snort with support for logging to a MySQL database.
+endef
+
 define Package/snort-pgsql
  $(call Package/snort/Default)
  DEPENDS+= +libpq
  TITLE+= (PostgreSQL)
 endef

+define Package/snort-pgsql/description
+  $(call Package/snort/Default/description)
+  This package contains snort with support for logging to a PostgreSQL database.
+endef

 define Compile/Template

--- a/net/snort/patches/100-cross-compile.patch
+++ b/net/snort/patches/100-cross-compile.patch
@ -0,0 +1,77 @@
+--- a/configure
+++ b/configure
+@@ -20770,8 +20770,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+@@ -22981,8 +22980,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+@@ -23766,8 +23764,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+@@ -23854,8 +23851,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+diff -urN snort-2.8.4.1/configure snort-2.8.4.1.new/configure
+--- snort-2.8.4.1/configure	2009-04-21 21:39:16.000000000 +0200
+++ snort-2.8.4.1.new/configure	2009-07-12 19:59:26.000000000 +0200
+@@ -23766,8 +23766,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+--- snort-2.8.4.1/configure	2009-07-12 20:33:36.000000000 +0200
+++ snort-2.8.4.1.new/configure	2009-07-12 20:34:10.000000000 +0200
+@@ -24651,8 +24651,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+@@ -24719,8 +24718,7 @@
+   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+ See \`config.log' for more details." >&5
+ echo "$as_me: error: cannot run test program while cross compiling
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
+See \`config.log' for more details." >&2;} }
+ else
+   cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
--- a/net/snort/patches/500-no-config-search.patch
+++ b/net/snort/patches/500-no-config-search.patch
@ -1,27 +1,34 @@
--- snort-2.3.2-orig/src/snort.c	2005-01-13 21:36:20.000000000 +0100
-+++ snort-2.3.2-1/src/snort.c	2005-04-04 20:03:34.000000000 +0200
-@@ -1949,7 +1949,7 @@
+--- a/src/snort.c
+++ b/src/snort.c
+@@ -4140,7 +4140,7 @@
 {
     struct stat st;
     int i;
 -    char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};
 +    char *conf_files[]={"/etc/snort/snort.conf", NULL};
     char *fname = NULL;
-     char *home_dir = NULL;
     char *rval = NULL;
-@@ -1970,23 +1970,6 @@
+ 
+@@ -4159,30 +4159,6 @@
         i++;
     }
 
 -    /* search for .snortrc in the HOMEDIR */
 -    if(!rval)
 -    {
-        if((home_dir = getenv("HOME")))
+-        char *home_dir = NULL;
+-
+-        if((home_dir = getenv("HOME")) != NULL)
 -        {
+-            char *snortrc = "/.snortrc";
+-            int path_len;
+-
+-            path_len = strlen(home_dir) + strlen(snortrc) + 1;
+-
 -            /* create the full path */
-            fname = (char *)malloc(strlen(home_dir) + strlen("/.snortrc") + 1);
-            if(!fname)
-                FatalError("Out of memory searching for config file\n");
+-            fname = (char *)SnortAlloc(path_len);
+-
+-            SnortSnprintf(fname, path_len, "%s%s", home_dir, snortrc);
 -
 -            if(stat(fname, &st) != -1)
 -                rval = fname;
--- a/net/snort/patches/750-lightweight-config.patch
+++ b/net/snort/patches/750-lightweight-config.patch
@ -1,5 +1,7 @@
--- snort-2.3.2-orig/etc/snort.conf	2005-03-10 23:04:38.000000000 +0100
-+++ snort-2.3.2-1/etc/snort.conf	2005-04-04 20:01:41.000000000 +0200
+Index: snort-2.8.4.1/etc/snort.conf
+===================================================================
+--- snort-2.8.4.1.orig/etc/snort.conf	2009-04-21 21:39:51.000000000 +0200
+++ snort-2.8.4.1/etc/snort.conf	2009-07-12 19:54:47.000000000 +0200
@@ -6,6 +6,7 @@
 #
 ###################################################
@ -7,8 +9,8 @@
 +# Most preprocessors and rules were disabled to save memory.
 # You can take the following steps to create your own custom configuration:
 #
- #  1) Set the network variables for your network
-@@ -41,10 +42,10 @@
+ #  1) Set the variables for your network
+@@ -43,10 +44,10 @@
 # or you can specify the variable to be any IP address
 # like this:
 
@ -21,23 +23,25 @@
 
 # Configure your server lists.  This allows snort to only look for attacks to
 # systems that have a service up.  Why look for HTTP attacks if you are not
-@@ -106,7 +107,7 @@
+@@ -107,8 +108,8 @@
 # Path to your rules files (this can be a relative path)
 # Note for Windows users:  You are advised to make this an absolute path,
 # such as:  c:\snort\rules
 -var RULE_PATH ../rules
+-var PREPROC_RULE_PATH ../preproc_rules
 +var RULE_PATH /etc/snort/rules
+var PREPROC_RULE_PATH /etc/snort/preproc_rules
 
 # Configure the snort decoder
 # ============================
-@@ -297,11 +298,11 @@
+@@ -307,11 +308,11 @@
 # lots of options available here. See doc/README.http_inspect.
 # unicode.map should be wherever your snort.conf lives, or given
 # a full path to where snort can find it.
 -preprocessor http_inspect: global \
 -    iis_unicode_map unicode.map 1252 
 +#preprocessor http_inspect: global \
-+#    iis_unicode_map unicode.map 1252 
+#    iis_unicode_map unicode.map 1252
 
 -preprocessor http_inspect_server: server default \
 -    profile all ports { 80 8080 8180 } oversize_dir_length 500
@ -46,7 +50,7 @@
 
 #
 #  Example unique server configuration
-@@ -335,7 +336,7 @@
+@@ -345,7 +346,7 @@
 # no_alert_incomplete - don't alert when a single segment
 #                       exceeds the current packet size
 
@ -55,27 +59,96 @@
 
 # bo: Back Orifice detector
 # -------------------------
-@@ -347,7 +348,7 @@
- # -----   -------------------
- #   1       Back Orifice traffic detected
+@@ -368,7 +369,7 @@
+ #   3       Back Orifice Server Traffic Detected
+ #   4       Back Orifice Snort Buffer Attack
 
 -preprocessor bo
 +#preprocessor bo
 
- # telnet_decode: Telnet negotiation string normalizer
- # ---------------------------------------------------
-@@ -359,7 +360,7 @@
- # This preprocessor requires no arguments.
- # Portscan uses Generator ID 109 and does not generate any SID currently.
+ # ftp_telnet: FTP & Telnet normalizer, protocol enforcement and buff overflow
+ # ---------------------------------------------------------------------------
+@@ -391,32 +392,32 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_ftptelnet_preproc.so>
 
-preprocessor telnet_decode
-+#preprocessor telnet_decode
+-preprocessor ftp_telnet: global \
+-   encrypted_traffic yes \
+-   inspection_type stateful
+-
+-preprocessor ftp_telnet_protocol: telnet \
+-   normalize \
+-   ayt_attack_thresh 200
+#preprocessor ftp_telnet: global \
+#   encrypted_traffic yes \
+#   inspection_type stateful
+
+#preprocessor ftp_telnet_protocol: telnet \
+#   normalize \
+#   ayt_attack_thresh 200
 
- # Flow-Portscan: detect a variety of portscans
- # ---------------------------------------
-@@ -455,9 +456,9 @@
- #       are still watched as scanner hosts.  The 'ignore_scanned' option is
- #       used to tune alerts from very active hosts such as syslog servers, etc.
+ # This is consistent with the FTP rules as of 18 Sept 2004.
+ # CWD can have param length of 200
+ # MODE has an additional mode of Z (compressed)
+ # Check for string formats in USER & PASS commands
+ # Check nDTM commands that set modification time on the file.
+-preprocessor ftp_telnet_protocol: ftp server default \
+-   def_max_param_len 100 \
+-   alt_max_param_len 200 { CWD } \
+-   cmd_validity MODE < char ASBCZ > \
+-   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+-   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+-   telnet_cmds yes \
+-   data_chan
+-
+-preprocessor ftp_telnet_protocol: ftp client default \
+-   max_resp_len 256 \
+-   bounce yes \
+-   telnet_cmds yes
+#preprocessor ftp_telnet_protocol: ftp server default \
+#   def_max_param_len 100 \
+#   alt_max_param_len 200 { CWD } \
+#   cmd_validity MODE < char ASBCZ > \
+#   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+#   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+#   telnet_cmds yes \
+#   data_chan
+
+#preprocessor ftp_telnet_protocol: ftp client default \
+#   max_resp_len 256 \
+#   bounce yes \
+#   telnet_cmds yes
+ 
+ # smtp: SMTP normalizer, protocol enforcement and buffer overflow
+ # ---------------------------------------------------------------------------
+@@ -434,15 +435,15 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_smtp_preproc.so>
+ 
+-preprocessor smtp: \
+-  ports { 25 587 691 } \
+-  inspection_type stateful \
+-  normalize cmds \
+-  normalize_cmds { EXPN VRFY RCPT } \
+-  alt_max_command_line_len 260 { MAIL } \
+-  alt_max_command_line_len 300 { RCPT } \
+-  alt_max_command_line_len 500 { HELP HELO ETRN } \
+-  alt_max_command_line_len 255 { EXPN VRFY }
+#preprocessor smtp: \
+#  ports { 25 587 691 } \
+#  inspection_type stateful \
+#  normalize cmds \
+#  normalize_cmds { EXPN VRFY RCPT } \
+#  alt_max_command_line_len 260 { MAIL } \
+#  alt_max_command_line_len 300 { RCPT } \
+#  alt_max_command_line_len 500 { HELP HELO ETRN } \
+#  alt_max_command_line_len 255 { EXPN VRFY }
+ 
+ # sfPortscan
+ # ----------
+@@ -498,9 +499,9 @@
+ #       false alerts, especially under heavy load with dropped packets; which is why
+ #       the option is off by default.
 #
 -preprocessor sfportscan: proto  { all } \
 -                         memcap { 10000000 } \
@ -86,7 +159,29 @@
 
 # arpspoof
 #----------------------------------------
-@@ -642,41 +643,41 @@
+@@ -623,9 +624,9 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_dns_preproc.so>
+ 
+-preprocessor dns: \
+-    ports { 53 } \
+-    enable_rdata_overflow
+#preprocessor dns: \
+#    ports { 53 } \
+#    enable_rdata_overflow
+ 
+ # SSL
+ #----------------------------------------
+@@ -649,7 +650,7 @@
+ #   To add reassembly on port 443 to Stream5, use 'port both 443' in the 
+ #   Stream5 configuration.
+ 
+-preprocessor ssl: noinspect_encrypted, trustservers
+#preprocessor ssl: noinspect_encrypted, trustservers
+ 
+ 
+ ####################################################################
+@@ -811,41 +812,41 @@
 include $RULE_PATH/bad-traffic.rules
 include $RULE_PATH/exploit.rules
 include $RULE_PATH/scan.rules
@ -162,17 +257,12 @@
 # include $RULE_PATH/web-attacks.rules
 # include $RULE_PATH/backdoor.rules
 # include $RULE_PATH/shellcode.rules
-@@ -684,11 +685,11 @@
- # include $RULE_PATH/porn.rules
- # include $RULE_PATH/info.rules
- # include $RULE_PATH/icmp-info.rules
- include $RULE_PATH/virus.rules
-+# include $RULE_PATH/virus.rules
- # include $RULE_PATH/chat.rules
- # include $RULE_PATH/multimedia.rules
+@@ -859,7 +860,7 @@
 # include $RULE_PATH/p2p.rules
+ # include $RULE_PATH/spyware-put.rules
+ # include $RULE_PATH/specific-threats.rules
 -include $RULE_PATH/experimental.rules
 +#include $RULE_PATH/experimental.rules
 
- # Include any thresholding or suppression commands. See threshold.conf in the
- # <snort src>/etc directory for details. Commands don't necessarily need to be
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules