summaryrefslogtreecommitdiffstats
path: root/package/snort-wireless/patches
diff options
context:
space:
mode:
authornico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>2005-11-06 16:06:51 +0000
committernico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>2005-11-06 16:06:51 +0000
commit7a950538a0a336c547f81651100e7e66a1ddb6cf (patch)
tree92a00f05d735005fdaf2f520fa95536232ede5da /package/snort-wireless/patches
parentc88f7929cc66d0f2639a60b9b033995d70d06796 (diff)
add snort-wireless package (thanks to Florian Fainelli)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2354 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/snort-wireless/patches')
-rw-r--r--package/snort-wireless/patches/500-no-config-search.patch35
-rw-r--r--package/snort-wireless/patches/750-lightweight-config.patch178
2 files changed, 213 insertions, 0 deletions
diff --git a/package/snort-wireless/patches/500-no-config-search.patch b/package/snort-wireless/patches/500-no-config-search.patch
new file mode 100644
index 000000000..d674ba66a
--- /dev/null
+++ b/package/snort-wireless/patches/500-no-config-search.patch
@@ -0,0 +1,35 @@
+--- snort-2.3.2-orig/src/snort.c 2005-01-13 21:36:20.000000000 +0100
++++ snort-2.3.2-1/src/snort.c 2005-04-04 20:03:34.000000000 +0200
+@@ -1949,7 +1949,7 @@
+ {
+ struct stat st;
+ int i;
+- char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};
++ char *conf_files[]={"/etc/snort/snort.conf", NULL};
+ char *fname = NULL;
+ char *home_dir = NULL;
+ char *rval = NULL;
+@@ -1970,23 +1970,6 @@
+ i++;
+ }
+
+- /* search for .snortrc in the HOMEDIR */
+- if(!rval)
+- {
+- if((home_dir = getenv("HOME")))
+- {
+- /* create the full path */
+- fname = (char *)malloc(strlen(home_dir) + strlen("/.snortrc") + 1);
+- if(!fname)
+- FatalError("Out of memory searching for config file\n");
+-
+- if(stat(fname, &st) != -1)
+- rval = fname;
+- else
+- free(fname);
+- }
+- }
+-
+ return rval;
+ }
+
diff --git a/package/snort-wireless/patches/750-lightweight-config.patch b/package/snort-wireless/patches/750-lightweight-config.patch
new file mode 100644
index 000000000..daea3be5a
--- /dev/null
+++ b/package/snort-wireless/patches/750-lightweight-config.patch
@@ -0,0 +1,178 @@
+--- snort-wireless-2.4.3-alpha04/etc/snort.conf 2005-10-21 09:41:01.000000000 +0200
++++ /Users/florian/telechargements/snort.conf 2005-10-30 13:20:17.000000000 +0100
+@@ -6,6 +6,7 @@
+ #
+ ###################################################
+ # This file contains a sample snort configuration.
++# Most preprocessors and rules were disabled to save memory.
+ # You can take the following steps to create your own custom configuration:
+ #
+ # 1) Set the variables for your network
+@@ -42,10 +43,10 @@
+ # or you can specify the variable to be any IP address
+ # like this:
+
+-var HOME_NET any
++var HOME_NET 192.168.1.0/24
+
+ # Set up the external network addresses as well. A good start may be "any"
+-var EXTERNAL_NET any
++var EXTERNAL_NET !$HOME_NET
+
+ # Configure your wireless AP lists. This allows snort to look for attacks
+ # against your wireless network, such as rogue access points or adhoc wireless
+@@ -137,7 +138,7 @@
+ # Path to your rules files (this can be a relative path)
+ # Note for Windows users: You are advised to make this an absolute path,
+ # such as: c:\snort\rules
+-var RULE_PATH ../rules
++var RULE_PATH /etc/snort/rules
+
+ # Configure the snort decoder
+ # ============================
+@@ -413,11 +414,11 @@
+ # lots of options available here. See doc/README.http_inspect.
+ # unicode.map should be wherever your snort.conf lives, or given
+ # a full path to where snort can find it.
+-preprocessor http_inspect: global \
+- iis_unicode_map unicode.map 1252
++#preprocessor http_inspect: global \
++# iis_unicode_map unicode.map 1252
+
+-preprocessor http_inspect_server: server default \
+- profile all ports { 80 8080 8180 } oversize_dir_length 500
++#preprocessor http_inspect_server: server default \
++# profile all ports { 80 8080 8180 } oversize_dir_length 500
+
+ #
+ # Example unique server configuration
+@@ -451,7 +452,7 @@
+ # no_alert_incomplete - don't alert when a single segment
+ # exceeds the current packet size
+
+-preprocessor rpc_decode: 111 32771
++#preprocessor rpc_decode: 111 32771
+
+ # bo: Back Orifice detector
+ # -------------------------
+@@ -474,7 +475,7 @@
+ # 3 Back Orifice Server Traffic Detected
+ # 4 Back Orifice Snort Buffer Attack
+
+-preprocessor bo
++#preprocessor bo
+
+ # telnet_decode: Telnet negotiation string normalizer
+ # ---------------------------------------------------
+@@ -486,7 +487,7 @@
+ # This preprocessor requires no arguments.
+ # Portscan uses Generator ID 109 and does not generate any SID currently.
+
+-preprocessor telnet_decode
++#preprocessor telnet_decode
+
+ # sfPortscan
+ # ----------
+@@ -537,9 +538,9 @@
+ # are still watched as scanner hosts. The 'ignore_scanned' option is
+ # used to tune alerts from very active hosts such as syslog servers, etc.
+ #
+-preprocessor sfportscan: proto { all } \
+- memcap { 10000000 } \
+- sense_level { low }
++#preprocessor sfportscan: proto { all } \
++# memcap { 10000000 } \
++# sense_level { low }
+
+ # arpspoof
+ #----------------------------------------
+@@ -814,41 +815,41 @@
+ include $RULE_PATH/bad-traffic.rules
+ include $RULE_PATH/exploit.rules
+ include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
+
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
+ # include $RULE_PATH/web-attacks.rules
+ # include $RULE_PATH/backdoor.rules
+ # include $RULE_PATH/shellcode.rules
+@@ -856,11 +857,11 @@
+ # include $RULE_PATH/porn.rules
+ # include $RULE_PATH/info.rules
+ # include $RULE_PATH/icmp-info.rules
+- include $RULE_PATH/virus.rules
++# include $RULE_PATH/virus.rules
+ # include $RULE_PATH/chat.rules
+ # include $RULE_PATH/multimedia.rules
+ # include $RULE_PATH/p2p.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/experimental.rules
+ #include $RULE_PATH/wifi.rules
+
+ # Include any thresholding or suppression commands. See threshold.conf in the