fix snort

2025-01-04 03:48:55 +02:00 · 2020-06-08 13:20:41 +08:00 · 2020-06-08 13:20:41 +08:00 · f1bf999ae3
commit f1bf999ae3
parent 1d4812dd8f
3 changed files with 115 additions and 116 deletions
--- a/snort/Dockerfile
+++ b/snort/Dockerfile
@ -3,18 +3,17 @@
 #

 FROM centos:7
-MAINTAINER kev <noreply@easypi.pro>
+MAINTAINER EasyPi Software Foundation

-ENV DAQ_VERSION 2.0.7
-ENV SNORT_VERSION 2.9.16
-ENV BASE_URL https://www.snort.org/downloads
+ENV SNORT_VERSION=2.9.16
+ENV SNORT_URL=https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}-1.centos7.x86_64.rpm
+ENV RULES_URL=https://www.snort.org/downloads/community/community-rules.tar.gz

 RUN set -xe \
    && yum -y install epel-release libdnet \
-    && yum -y install ${BASE_URL}/snort/daq-${DAQ_VERSION}-1.centos7.x86_64.rpm \
-                      ${BASE_URL}/snort/snort-${SNORT_VERSION}-1.centos7.x86_64.rpm \
+    && yum -y install ${SNORT_URL} \
    && mkdir -p /etc/snort/rules \
-    && curl -sSL ${BASE_URL}/community/community-rules.tar.gz | \
+    && curl -sSL ${RULES_URL} | \
       tar xz --strip 1 -C /etc/snort/rules/ community-rules/community.rules \
    && touch /etc/snort/rules/local.rules \
             /etc/snort/rules/black_list.rules \
--- a/snort/README.md
+++ b/snort/README.md
@ -3,7 +3,7 @@ snort

 ![](https://badge.imagelayers.io/vimagick/snort:latest.svg)

-[`Snort`][1] is an open source intrusion prevention system capable of real-time
+[Snort][1] is an open source intrusion prevention system capable of real-time
 traffic analysis and packet logging.

 ```yaml
--- a/snort/data/snort.conf
+++ b/snort/data/snort.conf
@ -5,12 +5,12 @@
 #     http://www.snort.org                   Snort Website
 #     http://vrt-blog.snort.org/    Sourcefire VRT Blog
 #
-#     Mailing list Contact:      snort-sigs@lists.sourceforge.net
+#     Mailing list Contact:      snort-users@lists.snort.org
 #     False Positive reports:    fp@sourcefire.com
 #     Snort bugs:                bugs@snort.org
 #
 #     Compatible with Snort Versions:
-#     VERSIONS : 2.9.11.1
+#     VERSIONS : 2.9.16
 #
 #     Snort build options:
 #     OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
@ -244,10 +244,10 @@ config paf_max: 16000
 ###################################################

 # path to dynamic preprocessor libraries
-dynamicpreprocessor directory /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/
+dynamicpreprocessor directory /usr/lib64/snort-2.9.16_dynamicpreprocessor/

 # path to base preprocessor engine
-dynamicengine /usr/lib64/snort-2.9.11.1_dynamicengine/libsf_engine.so
+dynamicengine /usr/lib64/snort-2.9.16_dynamicengine/libsf_engine.so

 # path to dynamic rules libraries
 dynamicdetection directory /usr/local/lib/snort_dynamicrules
@ -545,110 +545,110 @@ include reference.config
 # site specific rules
 include $RULE_PATH/local.rules

-# include $RULE_PATH/app-detect.rules
-# include $RULE_PATH/attack-responses.rules
-# include $RULE_PATH/backdoor.rules
-# include $RULE_PATH/bad-traffic.rules
-# include $RULE_PATH/blacklist.rules
-# include $RULE_PATH/botnet-cnc.rules
-# include $RULE_PATH/browser-chrome.rules
-# include $RULE_PATH/browser-firefox.rules
-# include $RULE_PATH/browser-ie.rules
-# include $RULE_PATH/browser-other.rules
-# include $RULE_PATH/browser-plugins.rules
-# include $RULE_PATH/browser-webkit.rules
-# include $RULE_PATH/chat.rules
-# include $RULE_PATH/content-replace.rules
-# include $RULE_PATH/ddos.rules
-# include $RULE_PATH/dns.rules
-# include $RULE_PATH/dos.rules
-# include $RULE_PATH/experimental.rules
-# include $RULE_PATH/exploit-kit.rules
-# include $RULE_PATH/exploit.rules
-# include $RULE_PATH/file-executable.rules
-# include $RULE_PATH/file-flash.rules
-# include $RULE_PATH/file-identify.rules
-# include $RULE_PATH/file-image.rules
-# include $RULE_PATH/file-multimedia.rules
-# include $RULE_PATH/file-office.rules
-# include $RULE_PATH/file-other.rules
-# include $RULE_PATH/file-pdf.rules
-# include $RULE_PATH/finger.rules
-# include $RULE_PATH/ftp.rules
-# include $RULE_PATH/icmp-info.rules
-# include $RULE_PATH/icmp.rules
-# include $RULE_PATH/imap.rules
-# include $RULE_PATH/indicator-compromise.rules
-# include $RULE_PATH/indicator-obfuscation.rules
-# include $RULE_PATH/indicator-shellcode.rules
-# include $RULE_PATH/info.rules
-# include $RULE_PATH/malware-backdoor.rules
-# include $RULE_PATH/malware-cnc.rules
-# include $RULE_PATH/malware-other.rules
-# include $RULE_PATH/malware-tools.rules
-# include $RULE_PATH/misc.rules
-# include $RULE_PATH/multimedia.rules
-# include $RULE_PATH/mysql.rules
-# include $RULE_PATH/netbios.rules
-# include $RULE_PATH/nntp.rules
-# include $RULE_PATH/oracle.rules
-# include $RULE_PATH/os-linux.rules
-# include $RULE_PATH/os-other.rules
-# include $RULE_PATH/os-solaris.rules
-# include $RULE_PATH/os-windows.rules
-# include $RULE_PATH/other-ids.rules
-# include $RULE_PATH/p2p.rules
-# include $RULE_PATH/phishing-spam.rules
-# include $RULE_PATH/policy-multimedia.rules
-# include $RULE_PATH/policy-other.rules
-# include $RULE_PATH/policy.rules
-# include $RULE_PATH/policy-social.rules
-# include $RULE_PATH/policy-spam.rules
-# include $RULE_PATH/pop2.rules
-# include $RULE_PATH/pop3.rules
-# include $RULE_PATH/protocol-finger.rules
-# include $RULE_PATH/protocol-ftp.rules
-# include $RULE_PATH/protocol-icmp.rules
-# include $RULE_PATH/protocol-imap.rules
-# include $RULE_PATH/protocol-pop.rules
-# include $RULE_PATH/protocol-services.rules
-# include $RULE_PATH/protocol-voip.rules
-# include $RULE_PATH/pua-adware.rules
-# include $RULE_PATH/pua-other.rules
-# include $RULE_PATH/pua-p2p.rules
-# include $RULE_PATH/pua-toolbars.rules
-# include $RULE_PATH/rpc.rules
-# include $RULE_PATH/rservices.rules
-# include $RULE_PATH/scada.rules
-# include $RULE_PATH/scan.rules
-# include $RULE_PATH/server-apache.rules
-# include $RULE_PATH/server-iis.rules
-# include $RULE_PATH/server-mail.rules
-# include $RULE_PATH/server-mssql.rules
-# include $RULE_PATH/server-mysql.rules
-# include $RULE_PATH/server-oracle.rules
-# include $RULE_PATH/server-other.rules
-# include $RULE_PATH/server-webapp.rules
-# include $RULE_PATH/shellcode.rules
-# include $RULE_PATH/smtp.rules
-# include $RULE_PATH/snmp.rules
-# include $RULE_PATH/specific-threats.rules
-# include $RULE_PATH/spyware-put.rules
-# include $RULE_PATH/sql.rules
-# include $RULE_PATH/telnet.rules
-# include $RULE_PATH/tftp.rules
-# include $RULE_PATH/virus.rules
-# include $RULE_PATH/voip.rules
-# include $RULE_PATH/web-activex.rules
-# include $RULE_PATH/web-attacks.rules
-# include $RULE_PATH/web-cgi.rules
-# include $RULE_PATH/web-client.rules
-# include $RULE_PATH/web-coldfusion.rules
-# include $RULE_PATH/web-frontpage.rules
-# include $RULE_PATH/web-iis.rules
-# include $RULE_PATH/web-misc.rules
-# include $RULE_PATH/web-php.rules
-# include $RULE_PATH/x11.rules
+#include $RULE_PATH/app-detect.rules
+#include $RULE_PATH/attack-responses.rules
+#include $RULE_PATH/backdoor.rules
+#include $RULE_PATH/bad-traffic.rules
+#include $RULE_PATH/blacklist.rules
+#include $RULE_PATH/botnet-cnc.rules
+#include $RULE_PATH/browser-chrome.rules
+#include $RULE_PATH/browser-firefox.rules
+#include $RULE_PATH/browser-ie.rules
+#include $RULE_PATH/browser-other.rules
+#include $RULE_PATH/browser-plugins.rules
+#include $RULE_PATH/browser-webkit.rules
+#include $RULE_PATH/chat.rules
+#include $RULE_PATH/content-replace.rules
+#include $RULE_PATH/ddos.rules
+#include $RULE_PATH/dns.rules
+#include $RULE_PATH/dos.rules
+#include $RULE_PATH/experimental.rules
+#include $RULE_PATH/exploit-kit.rules
+#include $RULE_PATH/exploit.rules
+#include $RULE_PATH/file-executable.rules
+#include $RULE_PATH/file-flash.rules
+#include $RULE_PATH/file-identify.rules
+#include $RULE_PATH/file-image.rules
+#include $RULE_PATH/file-multimedia.rules
+#include $RULE_PATH/file-office.rules
+#include $RULE_PATH/file-other.rules
+#include $RULE_PATH/file-pdf.rules
+#include $RULE_PATH/finger.rules
+#include $RULE_PATH/ftp.rules
+#include $RULE_PATH/icmp-info.rules
+#include $RULE_PATH/icmp.rules
+#include $RULE_PATH/imap.rules
+#include $RULE_PATH/indicator-compromise.rules
+#include $RULE_PATH/indicator-obfuscation.rules
+#include $RULE_PATH/indicator-shellcode.rules
+#include $RULE_PATH/info.rules
+#include $RULE_PATH/malware-backdoor.rules
+#include $RULE_PATH/malware-cnc.rules
+#include $RULE_PATH/malware-other.rules
+#include $RULE_PATH/malware-tools.rules
+#include $RULE_PATH/misc.rules
+#include $RULE_PATH/multimedia.rules
+#include $RULE_PATH/mysql.rules
+#include $RULE_PATH/netbios.rules
+#include $RULE_PATH/nntp.rules
+#include $RULE_PATH/oracle.rules
+#include $RULE_PATH/os-linux.rules
+#include $RULE_PATH/os-other.rules
+#include $RULE_PATH/os-solaris.rules
+#include $RULE_PATH/os-windows.rules
+#include $RULE_PATH/other-ids.rules
+#include $RULE_PATH/p2p.rules
+#include $RULE_PATH/phishing-spam.rules
+#include $RULE_PATH/policy-multimedia.rules
+#include $RULE_PATH/policy-other.rules
+#include $RULE_PATH/policy.rules
+#include $RULE_PATH/policy-social.rules
+#include $RULE_PATH/policy-spam.rules
+#include $RULE_PATH/pop2.rules
+#include $RULE_PATH/pop3.rules
+#include $RULE_PATH/protocol-finger.rules
+#include $RULE_PATH/protocol-ftp.rules
+#include $RULE_PATH/protocol-icmp.rules
+#include $RULE_PATH/protocol-imap.rules
+#include $RULE_PATH/protocol-pop.rules
+#include $RULE_PATH/protocol-services.rules
+#include $RULE_PATH/protocol-voip.rules
+#include $RULE_PATH/pua-adware.rules
+#include $RULE_PATH/pua-other.rules
+#include $RULE_PATH/pua-p2p.rules
+#include $RULE_PATH/pua-toolbars.rules
+#include $RULE_PATH/rpc.rules
+#include $RULE_PATH/rservices.rules
+#include $RULE_PATH/scada.rules
+#include $RULE_PATH/scan.rules
+#include $RULE_PATH/server-apache.rules
+#include $RULE_PATH/server-iis.rules
+#include $RULE_PATH/server-mail.rules
+#include $RULE_PATH/server-mssql.rules
+#include $RULE_PATH/server-mysql.rules
+#include $RULE_PATH/server-oracle.rules
+#include $RULE_PATH/server-other.rules
+#include $RULE_PATH/server-webapp.rules
+#include $RULE_PATH/shellcode.rules
+#include $RULE_PATH/smtp.rules
+#include $RULE_PATH/snmp.rules
+#include $RULE_PATH/specific-threats.rules
+#include $RULE_PATH/spyware-put.rules
+#include $RULE_PATH/sql.rules
+#include $RULE_PATH/telnet.rules
+#include $RULE_PATH/tftp.rules
+#include $RULE_PATH/virus.rules
+#include $RULE_PATH/voip.rules
+#include $RULE_PATH/web-activex.rules
+#include $RULE_PATH/web-attacks.rules
+#include $RULE_PATH/web-cgi.rules
+#include $RULE_PATH/web-client.rules
+#include $RULE_PATH/web-coldfusion.rules
+#include $RULE_PATH/web-frontpage.rules
+#include $RULE_PATH/web-iis.rules
+#include $RULE_PATH/web-misc.rules
+#include $RULE_PATH/web-php.rules
+#include $RULE_PATH/x11.rules

 ###################################################
 # Step #8: Customize your preprocessor and decoder alerts