From f1bf999ae3a72f1638e222082870af970a105230 Mon Sep 17 00:00:00 2001 From: kev Date: Mon, 8 Jun 2020 13:20:41 +0800 Subject: [PATCH] fix snort --- snort/Dockerfile | 13 ++- snort/README.md | 2 +- snort/data/snort.conf | 216 +++++++++++++++++++++--------------------- 3 files changed, 115 insertions(+), 116 deletions(-) diff --git a/snort/Dockerfile b/snort/Dockerfile index e0af804..6217b0d 100644 --- a/snort/Dockerfile +++ b/snort/Dockerfile @@ -3,18 +3,17 @@ # FROM centos:7 -MAINTAINER kev +MAINTAINER EasyPi Software Foundation -ENV DAQ_VERSION 2.0.7 -ENV SNORT_VERSION 2.9.16 -ENV BASE_URL https://www.snort.org/downloads +ENV SNORT_VERSION=2.9.16 +ENV SNORT_URL=https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}-1.centos7.x86_64.rpm +ENV RULES_URL=https://www.snort.org/downloads/community/community-rules.tar.gz RUN set -xe \ && yum -y install epel-release libdnet \ - && yum -y install ${BASE_URL}/snort/daq-${DAQ_VERSION}-1.centos7.x86_64.rpm \ - ${BASE_URL}/snort/snort-${SNORT_VERSION}-1.centos7.x86_64.rpm \ + && yum -y install ${SNORT_URL} \ && mkdir -p /etc/snort/rules \ - && curl -sSL ${BASE_URL}/community/community-rules.tar.gz | \ + && curl -sSL ${RULES_URL} | \ tar xz --strip 1 -C /etc/snort/rules/ community-rules/community.rules \ && touch /etc/snort/rules/local.rules \ /etc/snort/rules/black_list.rules \ diff --git a/snort/README.md b/snort/README.md index 4aef4ae..fd97599 100644 --- a/snort/README.md +++ b/snort/README.md @@ -3,7 +3,7 @@ snort ![](https://badge.imagelayers.io/vimagick/snort:latest.svg) -[`Snort`][1] is an open source intrusion prevention system capable of real-time +[Snort][1] is an open source intrusion prevention system capable of real-time traffic analysis and packet logging. ```yaml diff --git a/snort/data/snort.conf b/snort/data/snort.conf index f86d6ce..8b17e33 100644 --- a/snort/data/snort.conf +++ b/snort/data/snort.conf @@ -5,12 +5,12 @@ # http://www.snort.org Snort Website # http://vrt-blog.snort.org/ Sourcefire VRT Blog # -# Mailing list Contact: snort-sigs@lists.sourceforge.net +# Mailing list Contact: snort-users@lists.snort.org # False Positive reports: fp@sourcefire.com # Snort bugs: bugs@snort.org # # Compatible with Snort Versions: -# VERSIONS : 2.9.11.1 +# VERSIONS : 2.9.16 # # Snort build options: # OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 @@ -244,10 +244,10 @@ config paf_max: 16000 ################################################### # path to dynamic preprocessor libraries -dynamicpreprocessor directory /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/ +dynamicpreprocessor directory /usr/lib64/snort-2.9.16_dynamicpreprocessor/ # path to base preprocessor engine -dynamicengine /usr/lib64/snort-2.9.11.1_dynamicengine/libsf_engine.so +dynamicengine /usr/lib64/snort-2.9.16_dynamicengine/libsf_engine.so # path to dynamic rules libraries dynamicdetection directory /usr/local/lib/snort_dynamicrules @@ -545,110 +545,110 @@ include reference.config # site specific rules include $RULE_PATH/local.rules -# include $RULE_PATH/app-detect.rules -# include $RULE_PATH/attack-responses.rules -# include $RULE_PATH/backdoor.rules -# include $RULE_PATH/bad-traffic.rules -# include $RULE_PATH/blacklist.rules -# include $RULE_PATH/botnet-cnc.rules -# include $RULE_PATH/browser-chrome.rules -# include $RULE_PATH/browser-firefox.rules -# include $RULE_PATH/browser-ie.rules -# include $RULE_PATH/browser-other.rules -# include $RULE_PATH/browser-plugins.rules -# include $RULE_PATH/browser-webkit.rules -# include $RULE_PATH/chat.rules -# include $RULE_PATH/content-replace.rules -# include $RULE_PATH/ddos.rules -# include $RULE_PATH/dns.rules -# include $RULE_PATH/dos.rules -# include $RULE_PATH/experimental.rules -# include $RULE_PATH/exploit-kit.rules -# include $RULE_PATH/exploit.rules -# include $RULE_PATH/file-executable.rules -# include $RULE_PATH/file-flash.rules -# include $RULE_PATH/file-identify.rules -# include $RULE_PATH/file-image.rules -# include $RULE_PATH/file-multimedia.rules -# include $RULE_PATH/file-office.rules -# include $RULE_PATH/file-other.rules -# include $RULE_PATH/file-pdf.rules -# include $RULE_PATH/finger.rules -# include $RULE_PATH/ftp.rules -# include $RULE_PATH/icmp-info.rules -# include $RULE_PATH/icmp.rules -# include $RULE_PATH/imap.rules -# include $RULE_PATH/indicator-compromise.rules -# include $RULE_PATH/indicator-obfuscation.rules -# include $RULE_PATH/indicator-shellcode.rules -# include $RULE_PATH/info.rules -# include $RULE_PATH/malware-backdoor.rules -# include $RULE_PATH/malware-cnc.rules -# include $RULE_PATH/malware-other.rules -# include $RULE_PATH/malware-tools.rules -# include $RULE_PATH/misc.rules -# include $RULE_PATH/multimedia.rules -# include $RULE_PATH/mysql.rules -# include $RULE_PATH/netbios.rules -# include $RULE_PATH/nntp.rules -# include $RULE_PATH/oracle.rules -# include $RULE_PATH/os-linux.rules -# include $RULE_PATH/os-other.rules -# include $RULE_PATH/os-solaris.rules -# include $RULE_PATH/os-windows.rules -# include $RULE_PATH/other-ids.rules -# include $RULE_PATH/p2p.rules -# include $RULE_PATH/phishing-spam.rules -# include $RULE_PATH/policy-multimedia.rules -# include $RULE_PATH/policy-other.rules -# include $RULE_PATH/policy.rules -# include $RULE_PATH/policy-social.rules -# include $RULE_PATH/policy-spam.rules -# include $RULE_PATH/pop2.rules -# include $RULE_PATH/pop3.rules -# include $RULE_PATH/protocol-finger.rules -# include $RULE_PATH/protocol-ftp.rules -# include $RULE_PATH/protocol-icmp.rules -# include $RULE_PATH/protocol-imap.rules -# include $RULE_PATH/protocol-pop.rules -# include $RULE_PATH/protocol-services.rules -# include $RULE_PATH/protocol-voip.rules -# include $RULE_PATH/pua-adware.rules -# include $RULE_PATH/pua-other.rules -# include $RULE_PATH/pua-p2p.rules -# include $RULE_PATH/pua-toolbars.rules -# include $RULE_PATH/rpc.rules -# include $RULE_PATH/rservices.rules -# include $RULE_PATH/scada.rules -# include $RULE_PATH/scan.rules -# include $RULE_PATH/server-apache.rules -# include $RULE_PATH/server-iis.rules -# include $RULE_PATH/server-mail.rules -# include $RULE_PATH/server-mssql.rules -# include $RULE_PATH/server-mysql.rules -# include $RULE_PATH/server-oracle.rules -# include $RULE_PATH/server-other.rules -# include $RULE_PATH/server-webapp.rules -# include $RULE_PATH/shellcode.rules -# include $RULE_PATH/smtp.rules -# include $RULE_PATH/snmp.rules -# include $RULE_PATH/specific-threats.rules -# include $RULE_PATH/spyware-put.rules -# include $RULE_PATH/sql.rules -# include $RULE_PATH/telnet.rules -# include $RULE_PATH/tftp.rules -# include $RULE_PATH/virus.rules -# include $RULE_PATH/voip.rules -# include $RULE_PATH/web-activex.rules -# include $RULE_PATH/web-attacks.rules -# include $RULE_PATH/web-cgi.rules -# include $RULE_PATH/web-client.rules -# include $RULE_PATH/web-coldfusion.rules -# include $RULE_PATH/web-frontpage.rules -# include $RULE_PATH/web-iis.rules -# include $RULE_PATH/web-misc.rules -# include $RULE_PATH/web-php.rules -# include $RULE_PATH/x11.rules +#include $RULE_PATH/app-detect.rules +#include $RULE_PATH/attack-responses.rules +#include $RULE_PATH/backdoor.rules +#include $RULE_PATH/bad-traffic.rules +#include $RULE_PATH/blacklist.rules +#include $RULE_PATH/botnet-cnc.rules +#include $RULE_PATH/browser-chrome.rules +#include $RULE_PATH/browser-firefox.rules +#include $RULE_PATH/browser-ie.rules +#include $RULE_PATH/browser-other.rules +#include $RULE_PATH/browser-plugins.rules +#include $RULE_PATH/browser-webkit.rules +#include $RULE_PATH/chat.rules +#include $RULE_PATH/content-replace.rules +#include $RULE_PATH/ddos.rules +#include $RULE_PATH/dns.rules +#include $RULE_PATH/dos.rules +#include $RULE_PATH/experimental.rules +#include $RULE_PATH/exploit-kit.rules +#include $RULE_PATH/exploit.rules +#include $RULE_PATH/file-executable.rules +#include $RULE_PATH/file-flash.rules +#include $RULE_PATH/file-identify.rules +#include $RULE_PATH/file-image.rules +#include $RULE_PATH/file-multimedia.rules +#include $RULE_PATH/file-office.rules +#include $RULE_PATH/file-other.rules +#include $RULE_PATH/file-pdf.rules +#include $RULE_PATH/finger.rules +#include $RULE_PATH/ftp.rules +#include $RULE_PATH/icmp-info.rules +#include $RULE_PATH/icmp.rules +#include $RULE_PATH/imap.rules +#include $RULE_PATH/indicator-compromise.rules +#include $RULE_PATH/indicator-obfuscation.rules +#include $RULE_PATH/indicator-shellcode.rules +#include $RULE_PATH/info.rules +#include $RULE_PATH/malware-backdoor.rules +#include $RULE_PATH/malware-cnc.rules +#include $RULE_PATH/malware-other.rules +#include $RULE_PATH/malware-tools.rules +#include $RULE_PATH/misc.rules +#include $RULE_PATH/multimedia.rules +#include $RULE_PATH/mysql.rules +#include $RULE_PATH/netbios.rules +#include $RULE_PATH/nntp.rules +#include $RULE_PATH/oracle.rules +#include $RULE_PATH/os-linux.rules +#include $RULE_PATH/os-other.rules +#include $RULE_PATH/os-solaris.rules +#include $RULE_PATH/os-windows.rules +#include $RULE_PATH/other-ids.rules +#include $RULE_PATH/p2p.rules +#include $RULE_PATH/phishing-spam.rules +#include $RULE_PATH/policy-multimedia.rules +#include $RULE_PATH/policy-other.rules +#include $RULE_PATH/policy.rules +#include $RULE_PATH/policy-social.rules +#include $RULE_PATH/policy-spam.rules +#include $RULE_PATH/pop2.rules +#include $RULE_PATH/pop3.rules +#include $RULE_PATH/protocol-finger.rules +#include $RULE_PATH/protocol-ftp.rules +#include $RULE_PATH/protocol-icmp.rules +#include $RULE_PATH/protocol-imap.rules +#include $RULE_PATH/protocol-pop.rules +#include $RULE_PATH/protocol-services.rules +#include $RULE_PATH/protocol-voip.rules +#include $RULE_PATH/pua-adware.rules +#include $RULE_PATH/pua-other.rules +#include $RULE_PATH/pua-p2p.rules +#include $RULE_PATH/pua-toolbars.rules +#include $RULE_PATH/rpc.rules +#include $RULE_PATH/rservices.rules +#include $RULE_PATH/scada.rules +#include $RULE_PATH/scan.rules +#include $RULE_PATH/server-apache.rules +#include $RULE_PATH/server-iis.rules +#include $RULE_PATH/server-mail.rules +#include $RULE_PATH/server-mssql.rules +#include $RULE_PATH/server-mysql.rules +#include $RULE_PATH/server-oracle.rules +#include $RULE_PATH/server-other.rules +#include $RULE_PATH/server-webapp.rules +#include $RULE_PATH/shellcode.rules +#include $RULE_PATH/smtp.rules +#include $RULE_PATH/snmp.rules +#include $RULE_PATH/specific-threats.rules +#include $RULE_PATH/spyware-put.rules +#include $RULE_PATH/sql.rules +#include $RULE_PATH/telnet.rules +#include $RULE_PATH/tftp.rules +#include $RULE_PATH/virus.rules +#include $RULE_PATH/voip.rules +#include $RULE_PATH/web-activex.rules +#include $RULE_PATH/web-attacks.rules +#include $RULE_PATH/web-cgi.rules +#include $RULE_PATH/web-client.rules +#include $RULE_PATH/web-coldfusion.rules +#include $RULE_PATH/web-frontpage.rules +#include $RULE_PATH/web-iis.rules +#include $RULE_PATH/web-misc.rules +#include $RULE_PATH/web-php.rules +#include $RULE_PATH/x11.rules ################################################### # Step #8: Customize your preprocessor and decoder alerts