# HG changeset patch # User Rich Burridge # Date 1415675683 28800 # Node ID 168b8acace5fa97445d27c0aa6fbef80a5b73d98 # Parent 22c15b3296057fe6847516b1affd3b964e9f49cf PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2 PSARC 2014/347 snort 2.9.6.2 16915792 The default state of the snort.conf file should be reexamined. 16915848 snort should put files under /etc/snort not directly under /etc 19557337 ipfw DAQ module shouldn't be enabled on Solaris 19696371 Update daq to version 2.0.2 19696436 Update snort to version 2.9.6.2 diff -r 22c15b329605 -r 168b8acace5f components/daq/Makefile --- a/components/daq/Makefile Mon Nov 10 15:24:46 2014 -0800 +++ b/components/daq/Makefile Mon Nov 10 19:14:43 2014 -0800 @@ -23,16 +23,16 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= daq -COMPONENT_VERSION= 0.6.2 +COMPONENT_VERSION= 2.0.2 COMPONENT_PROJECT_URL= http://www.snort.org/ COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:0159865b5dc127ed2faf8d6732d781939f27e38b7c7deabcd369a22ea9e42f26 -COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)downloads/1525 + sha256:d65d1e67c4994e02c3142c49a648642e780b7e3d942b4a51f605309beac269a8 +COMPONENT_ARCHIVE_URL= http://sourceforge.net/projects/snort/files/snort/$(COMPONENT_ARCHIVE)/download COMPONENT_BUGDB= library/daq -TPNO= 11060 +TPNO= 19384 include ../../make-rules/prep.mk include ../../make-rules/configure.mk @@ -46,6 +46,7 @@ # Set -m32 or -m64 correctly for 32 and 64 bit versions. CC += $(CC_BITS) +CONFIGURE_OPTIONS += --disable-ipfw-module CONFIGURE_OPTIONS += --enable-static=no CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)" diff -r 22c15b329605 -r 168b8acace5f components/daq/daq.p5m --- a/components/daq/daq.p5m Mon Nov 10 15:24:46 2014 -0800 +++ b/components/daq/daq.p5m Mon Nov 10 19:14:43 2014 -0800 @@ -30,29 +30,28 @@ value=org.opensolaris.category.2008:System/Libraries set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) -set name=org.opensolaris.arc-caseid value=PSARC/2012/203 +set name=org.opensolaris.arc-caseid value=PSARC/2012/203 value=PSARC/2014/346 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) file path=usr/bin/daq-modules-config +file path=usr/bin/$(MACH64)/daq-modules-config file path=usr/include/daq.h file path=usr/include/daq_api.h file path=usr/include/daq_common.h file path=usr/include/sfbpf.h file path=usr/include/sfbpf_dlt.h file path=usr/lib/$(MACH64)/daq/daq_dump.so -file path=usr/lib/$(MACH64)/daq/daq_ipfw.so file path=usr/lib/$(MACH64)/daq/daq_pcap.so -link path=usr/lib/$(MACH64)/libdaq.so target=libdaq.so.0.0.1 -link path=usr/lib/$(MACH64)/libdaq.so.0 target=libdaq.so.0.0.1 -file path=usr/lib/$(MACH64)/libdaq.so.0.0.1 +link path=usr/lib/$(MACH64)/libdaq.so target=libdaq.so.$(COMPONENT_VERSION) +link path=usr/lib/$(MACH64)/libdaq.so.2 target=libdaq.so.$(COMPONENT_VERSION) +file path=usr/lib/$(MACH64)/libdaq.so.$(COMPONENT_VERSION) link path=usr/lib/$(MACH64)/libsfbpf.so target=libsfbpf.so.0.0.1 link path=usr/lib/$(MACH64)/libsfbpf.so.0 target=libsfbpf.so.0.0.1 file path=usr/lib/$(MACH64)/libsfbpf.so.0.0.1 file path=usr/lib/daq/daq_dump.so -file path=usr/lib/daq/daq_ipfw.so file path=usr/lib/daq/daq_pcap.so -link path=usr/lib/libdaq.so target=libdaq.so.0.0.1 -link path=usr/lib/libdaq.so.0 target=libdaq.so.0.0.1 -file path=usr/lib/libdaq.so.0.0.1 +link path=usr/lib/libdaq.so target=libdaq.so.$(COMPONENT_VERSION) +link path=usr/lib/libdaq.so.2 target=libdaq.so.$(COMPONENT_VERSION) +file path=usr/lib/libdaq.so.$(COMPONENT_VERSION) link path=usr/lib/libsfbpf.so target=libsfbpf.so.0.0.1 link path=usr/lib/libsfbpf.so.0 target=libsfbpf.so.0.0.1 file path=usr/lib/libsfbpf.so.0.0.1 diff -r 22c15b329605 -r 168b8acace5f components/snort/Makefile --- a/components/snort/Makefile Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/Makefile Mon Nov 10 19:14:43 2014 -0800 @@ -26,21 +26,23 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= snort -COMPONENT_VERSION= 2.9.2 +COMPONENT_VERSION= 2.9.6.2 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb + sha256:8e1d7fc5e1523a786d845ca0102cc474abfcebfcc7e964a1653680034b5b5d77 COMPONENT_PROJECT_URL= http://www.snort.org/ -COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)dl/snort-current/$(COMPONENT_ARCHIVE) +COMPONENT_ARCHIVE_URL= http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.6.2/$(COMPONENT_ARCHIVE)/download COMPONENT_BUGDB= utility/snort -TPNO= 9027 +TPNO= 19385 include ../../make-rules/prep.mk include ../../make-rules/configure.mk include ../../make-rules/ips.mk +PATCH_LEVEL = 0 + # without this we bus error on sparc. sadly I don't see any patches # that might relate from the upstream (though maybe that's really # "happily", as this is simpler) @@ -49,6 +51,11 @@ # Need to recreate the configure script for gethrtime checks. COMPONENT_PREP_ACTION += (cd $(@D); autoconf); +# This option has the side-effect of getting the bindir lines correct in +# snort_output.pc, snort_preproc.pc and snort.pc under +# /usr/lib/$(MACH64)/pkgconfig/ +CONFIGURE_OPTIONS += --bindir=/usr/bin + CONFIGURE_OPTIONS += --with-libpcre-libraries="/usr/lib/$(MACH64)" CONFIGURE_OPTIONS += --with-dnet-libraries="/usr/lib/$(MACH64)" CONFIGURE_OPTIONS += --without-mysql diff -r 22c15b329605 -r 168b8acace5f components/snort/Solaris/snort.pc --- a/components/snort/Solaris/snort.pc Mon Nov 10 15:24:46 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,11 +0,0 @@ -prefix=/usr -exec_prefix=${prefix} -libdir=/usr/lib/64 -includedir=${prefix}/include - -Name: Snort -Description: Snort dynamic plugins/detection/rules -URL: www.snort.org -Version: 2.9.2 -Libs: -L${libdir} -lcurl -lz -ldnet -lpcre -lpcap -lsocket -lnsl -lrt -luuid -lm -ldl -ldaq -lpthread -Cflags: -m64 -mt -I/usr/include/pcre -DDYNAMIC_PLUGIN -DZLIB -DGRE -DMPLS -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DPPM_MGR -DENABLE_PAF -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3 -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE diff -r 22c15b329605 -r 168b8acace5f components/snort/Solaris/snort_preproc.pc --- a/components/snort/Solaris/snort_preproc.pc Mon Nov 10 15:24:46 2014 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -prefix=/usr -exec_prefix=${prefix} -libdir=/usr/lib/64 -package=snort -includedir=${prefix}/include - -Name: Snort -Description: Snort dynamic preprocessors -URL: www.snort.org -Version: 2.9.2 -Libs: -L${libdir}/${package}/dynamic_preproc -lsf_dynamic_preproc -Cflags: -I/usr/include/pcre -I${includedir}/${package}/dynamic_preproc -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE diff -r 22c15b329605 -r 168b8acace5f components/snort/patches/snort.8.patch --- a/components/snort/patches/snort.8.patch Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/patches/snort.8.patch Mon Nov 10 19:14:43 2014 -0800 @@ -1,7 +1,10 @@ -Adjust snort man page to be in section 1M. +Adjust snort man page to be in section 1M and fix the comments w.r.t. +configuration file usage with the -T option. ---- snort-2.9.2/snort.8.orig 2013-03-18 12:26:58.589074327 -0700 -+++ snort-2.9.2/snort.8 2013-03-18 12:28:26.378646691 -0700 +The second part of this patch (the -T changes) has been submitted upstream. + +--- snort.8.orig 2014-09-25 07:44:55.175565999 -0700 ++++ snort.8 2014-09-26 11:19:43.998692220 -0700 @@ -1,8 +1,8 @@ .\" Process this file with -.\" groff -man -Tascii snort.8 @@ -13,7 +16,17 @@ .SH NAME Snort \- open source network intrusion detection system .SH SYNOPSIS -@@ -913,15 +913,15 @@ +@@ -339,8 +339,7 @@ + indicating that everything is ready to proceed. This is a good + switch to use if daemon mode is going to be used, it verifies that + the Snort configuration that is about to be used is valid and won't fail at +-run time. Note, Snort looks for either /etc/snort.conf or ./snort.conf. +-If your config lives elsewhere, use the -c option to specify a valid ++run time. Note that you will need to use the -c option to specify a valid + .I config-file. + .IP "-u user" + Change the user/UID Snort runs under to +@@ -930,15 +929,15 @@ Causes the daemon to close all opened files and restart. Please \fBnote\fR that this will only work if the \fBfull\fR pathname is used to invoke snort in daemon mode, otherwise snort will just exit with an diff -r 22c15b329605 -r 168b8acace5f components/snort/patches/snort.c.patch --- a/components/snort/patches/snort.c.patch Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/patches/snort.c.patch Mon Nov 10 19:14:43 2014 -0800 @@ -6,7 +6,7 @@ On Linux systems, DAQ installs two static libraries: /usr/lib/libdaq_static.a - /usr/lib/libdaq_static_modules.a + /usr/lib/libdaq_static_modules.a When snort is being configured, you see: @@ -43,16 +43,15 @@ /usr/lib/64/daq - ---- snort-2.9.2/src/snort.c.orig 2013-05-15 11:52:06.640833897 -0700 -+++ snort-2.9.2/src/snort.c 2013-05-15 11:58:03.040482526 -0700 -@@ -3677,6 +3677,9 @@ +--- src/snort.c.orig 2014-09-25 07:53:43.356728058 -0700 ++++ src/snort.c 2014-09-25 07:55:05.650780347 -0700 +@@ -4039,6 +4039,9 @@ { SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig)); + /* Define where to look for DAQ modules. */ + ConfigDaqDir(sc, "/usr/lib/64/daq"); + - sc->pkt_cnt = -1; - sc->pkt_snaplen = -1; - /*user_id and group_id should be initialized to -1 by default, because + sc->pkt_cnt = 0; + #ifdef REG_TEST + sc->pkt_skip = 0; diff -r 22c15b329605 -r 168b8acace5f components/snort/patches/snort.conf.patch --- a/components/snort/patches/snort.conf.patch Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/patches/snort.conf.patch Mon Nov 10 19:14:43 2014 -0800 @@ -1,6 +1,30 @@ ---- snort-2.9.2/etc/snort.conf.orig 2013-05-15 07:26:24.138736340 -0700 -+++ snort-2.9.2/etc/snort.conf 2013-05-15 07:36:06.628399989 -0700 -@@ -143,7 +143,7 @@ +Solaris specific changes to the snort configuration file that will be +installed under /etc/snort/. + +These changes will not be submitted upstream. + +--- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700 ++++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700 +@@ -101,13 +101,13 @@ + # Path to your rules files (this can be a relative path) + # Note for Windows users: You are advised to make this an absolute path, + # such as: c:\snort\rules +-var RULE_PATH ../rules +-var SO_RULE_PATH ../so_rules +-var PREPROC_RULE_PATH ../preproc_rules ++var RULE_PATH rules ++var SO_RULE_PATH so_rules ++var PREPROC_RULE_PATH preproc_rules + + # If you are using reputation preprocessor set these +-var WHITE_LIST_PATH ../rules +-var BLACK_LIST_PATH ../rules ++var WHITE_LIST_PATH rules ++var BLACK_LIST_PATH rules + + ################################################### + # Step #2: Configure the decoder. For more information, see README.decode +@@ -153,7 +153,7 @@ # Configure DAQ related options for inline operation. For more information, see README.daq # # config daq: @@ -9,7 +33,7 @@ # config daq_mode: # config daq_var: # -@@ -217,13 +217,13 @@ +@@ -240,13 +240,13 @@ ################################################### # path to dynamic preprocessor libraries @@ -26,120 +50,127 @@ ################################################### # Step #5: Configure preprocessors -@@ -264,34 +264,34 @@ - # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000 +@@ -499,12 +499,12 @@ + check_crc - # HTTP normalization and anomaly detection. For more information, see README.http_inspect --preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 --preprocessor http_inspect_server: server default \ -- chunk_length 500000 \ -- server_flow_depth 0 \ -- client_flow_depth 0 \ -- post_depth 65495 \ -- oversize_dir_length 500 \ -- max_header_length 750 \ -- max_headers 100 \ -- ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \ -- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ -- enable_cookie \ -- extended_response_inspection \ -- inspect_gzip \ -- normalize_utf \ -- unlimited_decompress \ -- apache_whitespace no \ -- ascii no \ -- bare_byte no \ -- directory no \ -- double_decode no \ -- iis_backslash no \ -- iis_delimiter no \ -- iis_unicode no \ -- multi_slash no \ -- utf_8 no \ -- u_encode yes \ -- webroot no -+#preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 -+#preprocessor http_inspect_server: server default \ -+# chunk_length 500000 \ -+# server_flow_depth 0 \ -+# client_flow_depth 0 \ -+# post_depth 65495 \ -+# oversize_dir_length 500 \ -+# max_header_length 750 \ -+# max_headers 100 \ -+# ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \ -+# non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ -+# enable_cookie \ -+# extended_response_inspection \ -+# inspect_gzip \ -+# normalize_utf \ -+# unlimited_decompress \ -+# apache_whitespace no \ -+# ascii no \ -+# bare_byte no \ -+# directory no \ -+# double_decode no \ -+# iis_backslash no \ -+# iis_delimiter no \ -+# iis_unicode no \ -+# multi_slash no \ -+# utf_8 no \ -+# u_encode yes \ -+# webroot no - - # ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode - preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete -@@ -487,8 +487,8 @@ - # output alert_prelude - - # metadata reference data. do not modify these lines --include classification.config --include reference.config -+# include classification.config -+# include reference.config - + # Reputation preprocessor. For more information see README.reputation +-preprocessor reputation: \ +- memcap 500, \ +- priority whitelist, \ +- nested_ip inner, \ +- whitelist $WHITE_LIST_PATH/white_list.rules, \ +- blacklist $BLACK_LIST_PATH/black_list.rules ++#preprocessor reputation: \ ++# memcap 500, \ ++# priority whitelist, \ ++# nested_ip inner, \ ++# whitelist $WHITE_LIST_PATH/white_list.rules, \ ++# blacklist $BLACK_LIST_PATH/black_list.rules ################################################### -@@ -499,61 +499,61 @@ + # Step #6: Configure output plugins +@@ -538,123 +538,123 @@ ################################################### # site specific rules -include $RULE_PATH/local.rules +# include $RULE_PATH/local.rules +-include $RULE_PATH/app-detect.rules -include $RULE_PATH/attack-responses.rules -include $RULE_PATH/backdoor.rules -include $RULE_PATH/bad-traffic.rules -include $RULE_PATH/blacklist.rules -include $RULE_PATH/botnet-cnc.rules +-include $RULE_PATH/browser-chrome.rules +-include $RULE_PATH/browser-firefox.rules +-include $RULE_PATH/browser-ie.rules +-include $RULE_PATH/browser-other.rules +-include $RULE_PATH/browser-plugins.rules +-include $RULE_PATH/browser-webkit.rules -include $RULE_PATH/chat.rules -include $RULE_PATH/content-replace.rules -include $RULE_PATH/ddos.rules -include $RULE_PATH/dns.rules -include $RULE_PATH/dos.rules +-include $RULE_PATH/experimental.rules +-include $RULE_PATH/exploit-kit.rules -include $RULE_PATH/exploit.rules +-include $RULE_PATH/file-executable.rules +-include $RULE_PATH/file-flash.rules +-include $RULE_PATH/file-identify.rules +-include $RULE_PATH/file-image.rules +-include $RULE_PATH/file-java.rules +-include $RULE_PATH/file-multimedia.rules +-include $RULE_PATH/file-office.rules +-include $RULE_PATH/file-other.rules +-include $RULE_PATH/file-pdf.rules -include $RULE_PATH/finger.rules -include $RULE_PATH/ftp.rules +-include $RULE_PATH/icmp-info.rules -include $RULE_PATH/icmp.rules --include $RULE_PATH/icmp-info.rules -include $RULE_PATH/imap.rules +-include $RULE_PATH/indicator-compromise.rules +-include $RULE_PATH/indicator-obfuscation.rules +-include $RULE_PATH/indicator-scan.rules +-include $RULE_PATH/indicator-shellcode.rules -include $RULE_PATH/info.rules +-include $RULE_PATH/malware-backdoor.rules +-include $RULE_PATH/malware-cnc.rules +-include $RULE_PATH/malware-other.rules +-include $RULE_PATH/malware-tools.rules -include $RULE_PATH/misc.rules -include $RULE_PATH/multimedia.rules -include $RULE_PATH/mysql.rules -include $RULE_PATH/netbios.rules -include $RULE_PATH/nntp.rules -include $RULE_PATH/oracle.rules +-include $RULE_PATH/os-linux.rules +-include $RULE_PATH/os-mobile.rules +-include $RULE_PATH/os-other.rules +-include $RULE_PATH/os-solaris.rules +-include $RULE_PATH/os-windows.rules -include $RULE_PATH/other-ids.rules -include $RULE_PATH/p2p.rules -include $RULE_PATH/phishing-spam.rules +-include $RULE_PATH/policy-multimedia.rules +-include $RULE_PATH/policy-other.rules -include $RULE_PATH/policy.rules +-include $RULE_PATH/policy-social.rules +-include $RULE_PATH/policy-spam.rules -include $RULE_PATH/pop2.rules -include $RULE_PATH/pop3.rules +-include $RULE_PATH/protocol-dns.rules +-include $RULE_PATH/protocol-finger.rules +-include $RULE_PATH/protocol-ftp.rules +-include $RULE_PATH/protocol-icmp.rules +-include $RULE_PATH/protocol-imap.rules +-include $RULE_PATH/protocol-nntp.rules +-include $RULE_PATH/protocol-pop.rules +-include $RULE_PATH/protocol-rpc.rules +-include $RULE_PATH/protocol-scada.rules +-include $RULE_PATH/protocol-services.rules +-include $RULE_PATH/protocol-snmp.rules +-include $RULE_PATH/protocol-telnet.rules +-include $RULE_PATH/protocol-tftp.rules +-include $RULE_PATH/protocol-voip.rules +-include $RULE_PATH/pua-adware.rules +-include $RULE_PATH/pua-other.rules +-include $RULE_PATH/pua-p2p.rules +-include $RULE_PATH/pua-toolbars.rules -include $RULE_PATH/rpc.rules -include $RULE_PATH/rservices.rules -include $RULE_PATH/scada.rules -include $RULE_PATH/scan.rules +-include $RULE_PATH/server-apache.rules +-include $RULE_PATH/server-iis.rules +-include $RULE_PATH/server-mail.rules +-include $RULE_PATH/server-mssql.rules +-include $RULE_PATH/server-mysql.rules +-include $RULE_PATH/server-oracle.rules +-include $RULE_PATH/server-other.rules +-include $RULE_PATH/server-samba.rules +-include $RULE_PATH/server-webapp.rules -include $RULE_PATH/shellcode.rules -include $RULE_PATH/smtp.rules -include $RULE_PATH/snmp.rules @@ -160,39 +191,101 @@ -include $RULE_PATH/web-misc.rules -include $RULE_PATH/web-php.rules -include $RULE_PATH/x11.rules ++# include $RULE_PATH/app-detect.rules +# include $RULE_PATH/attack-responses.rules +# include $RULE_PATH/backdoor.rules +# include $RULE_PATH/bad-traffic.rules +# include $RULE_PATH/blacklist.rules +# include $RULE_PATH/botnet-cnc.rules ++# include $RULE_PATH/browser-chrome.rules ++# include $RULE_PATH/browser-firefox.rules ++# include $RULE_PATH/browser-ie.rules ++# include $RULE_PATH/browser-other.rules ++# include $RULE_PATH/browser-plugins.rules ++# include $RULE_PATH/browser-webkit.rules +# include $RULE_PATH/chat.rules +# include $RULE_PATH/content-replace.rules +# include $RULE_PATH/ddos.rules +# include $RULE_PATH/dns.rules +# include $RULE_PATH/dos.rules ++# include $RULE_PATH/experimental.rules ++# include $RULE_PATH/exploit-kit.rules +# include $RULE_PATH/exploit.rules ++# include $RULE_PATH/file-executable.rules ++# include $RULE_PATH/file-flash.rules ++# include $RULE_PATH/file-identify.rules ++# include $RULE_PATH/file-image.rules ++# include $RULE_PATH/file-java.rules ++# include $RULE_PATH/file-multimedia.rules ++# include $RULE_PATH/file-office.rules ++# include $RULE_PATH/file-other.rules ++# include $RULE_PATH/file-pdf.rules +# include $RULE_PATH/finger.rules +# include $RULE_PATH/ftp.rules ++# include $RULE_PATH/icmp-info.rules +# include $RULE_PATH/icmp.rules -+# include $RULE_PATH/icmp-info.rules +# include $RULE_PATH/imap.rules ++# include $RULE_PATH/indicator-compromise.rules ++# include $RULE_PATH/indicator-obfuscation.rules ++# include $RULE_PATH/indicator-scan.rules ++# include $RULE_PATH/indicator-shellcode.rules +# include $RULE_PATH/info.rules ++# include $RULE_PATH/malware-backdoor.rules ++# include $RULE_PATH/malware-cnc.rules ++# include $RULE_PATH/malware-other.rules ++# include $RULE_PATH/malware-tools.rules +# include $RULE_PATH/misc.rules +# include $RULE_PATH/multimedia.rules +# include $RULE_PATH/mysql.rules +# include $RULE_PATH/netbios.rules +# include $RULE_PATH/nntp.rules +# include $RULE_PATH/oracle.rules ++# include $RULE_PATH/os-linux.rules ++# include $RULE_PATH/os-mobile.rules ++# include $RULE_PATH/os-other.rules ++# include $RULE_PATH/os-solaris.rules ++# include $RULE_PATH/os-windows.rules +# include $RULE_PATH/other-ids.rules +# include $RULE_PATH/p2p.rules +# include $RULE_PATH/phishing-spam.rules ++# include $RULE_PATH/policy-multimedia.rules ++# include $RULE_PATH/policy-other.rules +# include $RULE_PATH/policy.rules ++# include $RULE_PATH/policy-social.rules ++# include $RULE_PATH/policy-spam.rules +# include $RULE_PATH/pop2.rules +# include $RULE_PATH/pop3.rules ++# include $RULE_PATH/protocol-dns.rules ++# include $RULE_PATH/protocol-finger.rules ++# include $RULE_PATH/protocol-ftp.rules ++# include $RULE_PATH/protocol-icmp.rules ++# include $RULE_PATH/protocol-imap.rules ++# include $RULE_PATH/protocol-nntp.rules ++# include $RULE_PATH/protocol-pop.rules ++# include $RULE_PATH/protocol-rpc.rules ++# include $RULE_PATH/protocol-scada.rules ++# include $RULE_PATH/protocol-services.rules ++# include $RULE_PATH/protocol-snmp.rules ++# include $RULE_PATH/protocol-telnet.rules ++# include $RULE_PATH/protocol-tftp.rules ++# include $RULE_PATH/protocol-voip.rules ++# include $RULE_PATH/pua-adware.rules ++# include $RULE_PATH/pua-other.rules ++# include $RULE_PATH/pua-p2p.rules ++# include $RULE_PATH/pua-toolbars.rules +# include $RULE_PATH/rpc.rules +# include $RULE_PATH/rservices.rules +# include $RULE_PATH/scada.rules +# include $RULE_PATH/scan.rules ++# include $RULE_PATH/server-apache.rules ++# include $RULE_PATH/server-iis.rules ++# include $RULE_PATH/server-mail.rules ++# include $RULE_PATH/server-mssql.rules ++# include $RULE_PATH/server-mysql.rules ++# include $RULE_PATH/server-oracle.rules ++# include $RULE_PATH/server-other.rules ++# include $RULE_PATH/server-samba.rules ++# include $RULE_PATH/server-webapp.rules +# include $RULE_PATH/shellcode.rules +# include $RULE_PATH/smtp.rules +# include $RULE_PATH/snmp.rules diff -r 22c15b329605 -r 168b8acace5f components/snort/patches/solaris-build.patch --- a/components/snort/patches/solaris-build.patch Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/patches/solaris-build.patch Mon Nov 10 19:14:43 2014 -0800 @@ -6,12 +6,12 @@ 3/ Removed the need to define lines like "CFLAGS += -Du_int8_t=uint8_t" in the snort component Makefile. -It has been sent upstream for consideration by the snort maintainers for +It has been sent upstream for consideration by the snort maintainers for a future release. ---- snort-2.9.2/configure.in.orig 2013-06-04 14:05:22.814684109 -0700 -+++ snort-2.9.2/configure.in 2013-06-04 14:41:42.703306013 -0700 -@@ -686,27 +686,8 @@ +--- configure.in.orig 2014-09-25 08:05:35.171512464 -0700 ++++ configure.in 2014-09-25 08:06:12.896272259 -0700 +@@ -746,27 +746,8 @@ AC_MSG_RESULT(no) fi @@ -41,9 +41,9 @@ # modified from gnulib/m4/visibility.m4 AC_DEFUN([CC_VISIBILITY], ---- snort-2.9.2/src/cpuclock.h.orig 2013-06-04 12:30:59.362777817 -0700 -+++ snort-2.9.2/src/cpuclock.h 2013-06-04 14:19:42.869930833 -0700 -@@ -83,26 +83,15 @@ +--- src/cpuclock.h.orig 2014-09-25 08:07:00.139948870 -0700 ++++ src/cpuclock.h 2014-09-25 08:08:38.401237764 -0700 +@@ -84,26 +84,15 @@ val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \ } #else @@ -74,9 +74,9 @@ #endif /* POWERPC || PPC */ #endif /* IA64 && HPUX */ #endif /* IA64 && GNUC */ ---- snort-2.9.2/src/sfutil/sf_ip.h.orig 2013-06-04 12:33:38.923475148 -0700 -+++ snort-2.9.2/src/sfutil/sf_ip.h 2013-06-04 12:33:52.951704625 -0700 -@@ -38,6 +38,7 @@ +--- src/sfutil/sf_ip.h.orig 2014-09-25 08:09:20.181312683 -0700 ++++ src/sfutil/sf_ip.h 2014-09-25 08:09:41.442009279 -0700 +@@ -39,6 +39,7 @@ #endif #include "snort_debug.h" /* for inline definition */ diff -r 22c15b329605 -r 168b8acace5f components/snort/resolve.deps --- a/components/snort/resolve.deps Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/resolve.deps Mon Nov 10 19:14:43 2014 -0800 @@ -1,4 +1,6 @@ library/pcre +library/security/openssl +library/security/openssl/openssl-fips-140 library/zlib shell/ksh93 system/core-os diff -r 22c15b329605 -r 168b8acace5f components/snort/snort.p5m --- a/components/snort/snort.p5m Mon Nov 10 15:24:46 2014 -0800 +++ b/components/snort/snort.p5m Mon Nov 10 19:14:43 2014 -0800 @@ -32,29 +32,55 @@ value=org.opensolaris.category.2008:Applications/Internet set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) -set name=org.opensolaris.arc-caseid value=PSARC/2009/256 value=PSARC/2013/113 +set name=org.opensolaris.arc-caseid value=PSARC/2009/256 \ + value=PSARC/2013/113 value=PSARC/2014/347 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) -file path=etc/attribute_table.dtd -file path=etc/classification.config mode=0644 \ - original_name=SUNWsnort:etc/classification.config overlay=allow \ - preserve=renamenew -file path=etc/gen-msg.map -file path=etc/reference.config mode=0644 \ - original_name=SUNWsnort:etc/reference.config overlay=allow \ - preserve=renamenew +file etc/attribute_table.dtd path=etc/snort/attribute_table.dtd +file etc/classification.config path=etc/snort/classification.config mode=0644 \ + original_name=SUNWsnort:etc/classification.config \ + overlay=allow preserve=renamenew +file etc/gen-msg.map path=etc/snort/gen-msg.map +file etc/reference.config path=etc/snort/reference.config mode=0644 \ + original_name=SUNWsnort:etc/reference.config \ + overlay=allow preserve=renamenew file Solaris/auth_attr path=etc/security/auth_attr.d/snort file Solaris/exec_attr path=etc/security/exec_attr.d/snort -file path=etc/snort.conf mode=0644 original_name=SUNWsnort:etc/snort.conf \ +file etc/snort.conf path=etc/snort/snort.conf mode=0644 \ + original_name=SUNWsnort:etc/snort.conf \ + overlay=allow preserve=renamenew +file etc/threshold.conf path=etc/snort/threshold.conf mode=0644 \ + original_name=SUNWsnort:etc/threshold.conf \ overlay=allow preserve=renamenew -file path=etc/threshold.conf mode=0644 \ - original_name=SUNWsnort:etc/threshold.conf overlay=allow preserve=renamenew -file path=etc/unicode.map +# Directories for snort rules. +dir path=etc/snort/rules +dir path=etc/snort/so_rules +dir path=etc/snort/preproc_rules +# +file etc/file_magic.conf path=etc/snort/file_magic.conf +file etc/unicode.map path=etc/snort/unicode.map file Solaris/snort.xml path=lib/svc/manifest/network/snort.xml file Solaris/snortd path=lib/svc/method/snortd -file usr/bin/$(MACH64)/snort path=usr/bin/snort -file path=usr/include/snort/dynamic_preproc/attribute_table_api.h +file path=usr/bin/snort +file path=usr/include/snort/dynamic_output/bitop.h +file path=usr/include/snort/dynamic_output/ipv6_port.h +file path=usr/include/snort/dynamic_output/obfuscation.h +file path=usr/include/snort/dynamic_output/output_api.h +file path=usr/include/snort/dynamic_output/output_common.h +file path=usr/include/snort/dynamic_output/output_lib.h +file path=usr/include/snort/dynamic_output/preprocids.h +file path=usr/include/snort/dynamic_output/sf_dynamic_common.h +file path=usr/include/snort/dynamic_output/sf_ip.h +file path=usr/include/snort/dynamic_output/sf_protocols.h +file path=usr/include/snort/dynamic_output/sf_snort_packet.h +file path=usr/include/snort/dynamic_output/sfPolicy.h +file path=usr/include/snort/dynamic_output/sfrt_dir.h +file path=usr/include/snort/dynamic_output/sfrt_trie.h +file path=usr/include/snort/dynamic_output/sfrt.h +file path=usr/include/snort/dynamic_output/snort_debug.h +file path=usr/include/snort/dynamic_output/stream_api.h file path=usr/include/snort/dynamic_preproc/bitop.h file path=usr/include/snort/dynamic_preproc/cpuclock.h +file path=usr/include/snort/dynamic_preproc/file_api.h file path=usr/include/snort/dynamic_preproc/idle_processing.h file path=usr/include/snort/dynamic_preproc/ipv6_port.h file path=usr/include/snort/dynamic_preproc/mempool.h @@ -75,6 +101,7 @@ file path=usr/include/snort/dynamic_preproc/sf_preproc_info.h file path=usr/include/snort/dynamic_preproc/sf_protocols.h file path=usr/include/snort/dynamic_preproc/sf_sdlist_types.h +file path=usr/include/snort/dynamic_preproc/sf_seqnums.h file path=usr/include/snort/dynamic_preproc/sf_snort_packet.h file path=usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h file path=usr/include/snort/dynamic_preproc/sfcommon.h @@ -89,8 +116,9 @@ file path=usr/include/snort/dynamic_preproc/ssl.h file path=usr/include/snort/dynamic_preproc/str_search.h file path=usr/include/snort/dynamic_preproc/stream_api.h -file Solaris/snort.pc path=usr/lib/$(MACH64)/pkgconfig/snort.pc -file Solaris/snort_preproc.pc path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc +file path=usr/lib/$(MACH64)/pkgconfig/snort_output.pc +file path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc +file path=usr/lib/$(MACH64)/pkgconfig/snort.pc # link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so \ target=libsf_engine.so.0.0.0 @@ -197,7 +225,6 @@ file path=usr/share/doc/snort/NEWS file path=usr/share/doc/snort/PROBLEMS file path=usr/share/doc/snort/README -file path=usr/share/doc/snort/README.ARUBA file path=usr/share/doc/snort/README.GTP file path=usr/share/doc/snort/README.PLUGINS file path=usr/share/doc/snort/README.PerfProfiling @@ -210,18 +237,20 @@ file path=usr/share/doc/snort/README.counts file path=usr/share/doc/snort/README.csv file path=usr/share/doc/snort/README.daq -file path=usr/share/doc/snort/README.database file path=usr/share/doc/snort/README.dcerpc2 file path=usr/share/doc/snort/README.decode file path=usr/share/doc/snort/README.decoder_preproc_rules file path=usr/share/doc/snort/README.dnp3 file path=usr/share/doc/snort/README.dns file path=usr/share/doc/snort/README.event_queue +file path=usr/share/doc/snort/README.file +file path=usr/share/doc/snort/README.file_ips file path=usr/share/doc/snort/README.filters file path=usr/share/doc/snort/README.flowbits file path=usr/share/doc/snort/README.frag3 file path=usr/share/doc/snort/README.ftptelnet file path=usr/share/doc/snort/README.gre +file path=usr/share/doc/snort/README.ha file path=usr/share/doc/snort/README.http_inspect file path=usr/share/doc/snort/README.imap file path=usr/share/doc/snort/README.ipip @@ -244,6 +273,7 @@ file path=usr/share/doc/snort/README.tag file path=usr/share/doc/snort/README.thresholding file path=usr/share/doc/snort/README.u2boat +file path=usr/share/doc/snort/README.unified2 file path=usr/share/doc/snort/README.variables file path=usr/share/doc/snort/TODO file path=usr/share/doc/snort/USAGE