Navigation Menu

Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Snort 2.9.2.1 #197

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Closed

Snort 2.9.2.1 #197

GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Labels
auto-migrated Priority-Low Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

Now available:
http://www.snort.org/snort-downloads?

Snort 2.9.2.1 is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Latest Release section.

2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).

Snort 2.9.2.1 includes the following updates and improvements:
  * Added new alerts for HTTP (undefined methods & HTTP 0.9 simple
    requests).

  * Updates to Stream preprocessor in TCP session tracking to avoid
    re-queuing retransmitted data that was already flushed.  Also
    various tweaks for PAF flushing.

  * Updates to reputation preprocessor to handle shared memory
    switching.

  * Updates to the SCADA preprocessors in their handling of PAF
    flushing and Modbus request/response length checking.  Also tweaks
    in alerts for reserved DNP3 functions.

  * Updates to flowbit groups to always use the group when some rules
    refer to a flow group while others do not refer to a group for the
    same flowbit.

  * Updates to GTP preprocessor to check invalid extension header
    length for GTPv1.

  * Updates to sfrt library, used in reputation preprocessor and target
    based configuration, when calculating memory allocated and support
    for IPv6.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team

Original issue reported on code.google.com by doug.bu...@gmail.com on 19 Jan 2012 at 6:25
@GoogleCodeExporter
Copy link
Author 

# Download, compile, and package Snort
mkdir 20120326
cd 20120326
wget http://www.snort.org/downloads/1416
tar zxvf 1416 
cd snort-*
./configure --enable-sourcefire
make
sudo checkinstall
mv securityonion-snort_20120326-1_i386.deb ..

# Verify
snort -V
dpkg -l |grep snort

# configuration files (/etc/snort/)
sudo rm -rf /etc/snort/
sudo mkdir /etc/snort
sudo cp etc/* /etc/snort/
cd /etc/snort/
sudo rm snort.conf*
sudo wget http://labs.snort.org/snort/2921/snort.conf

# Edit snort.conf
# diff snort.conf /etc/snort/snort.conf |grep "^> "
> ipvar HOME_NET [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
> var RULE_PATH /etc/nsm/rules
> var SO_RULE_PATH /etc/nsm/so_rules
> var PREPROC_RULE_PATH /etc/nsm/preproc_rules
> var WHITE_LIST_PATH /etc/nsm/rules
> var BLACK_LIST_PATH /etc/nsm/rules
> output unified2: filename snort.unified2, limit 128
> # rules downloaded by PulledPork
> include $RULE_PATH/downloaded.rules

# gen-msg.map
cd /etc/nsm/
sudo rm -f gen-msg.map
sudo wget http://labs.snort.org/snort/2921/gen-msg.map

# Package config files
/usr/bin/fpm -s dir -t deb -n securityonion-snort-config -v 20120326 
/etc/snort/ /etc/nsm/gen-msg.map

Original comment by doug.bu...@gmail.com on 26 Mar 2012 at 10:39

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120321" ]; then
        NEW="20120326"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-snort-config_20120326_i386.deb securityonion-snort_20120326-1_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

    SENSORS=`grep -v "^#" /etc/nsm/sensortab |awk '{print $1}'`
    for SENSORNAME in $SENSORS; do
        echo "* Backing up /etc/nsm/$SENSORNAME/"   | $LOGGER
        cp -a /etc/nsm/"$SENSORNAME"/ .         | $LOGGER
        echo "* Copying new snort.conf to /etc/nsm/$SENSORNAME/"    | $LOGGER
        cp /etc/snort/snort.conf /etc/nsm/"$SENSORNAME"/    | $LOGGER
        sed -i "s|# preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000|preprocessor perfmonitor: time 300 file /nsm/sensor_data/"$SENSORNAME"/snort.stats pkt
cnt 10000|" /etc/nsm/"$SENSORNAME"/snort.conf | $LOGGER
    done

    [ "$ENGINE" = "snort" ] && /usr/local/bin/pulledpork_update.sh | $LOGGER

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 26 Mar 2012 at 10:39

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Tested by:
Craig Shannon
Heine Lysemose

Original comment by doug.bu...@gmail.com on 26 Mar 2012 at 10:40

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Published:
http://securityonion.blogspot.com/2012/03/security-onion-20120326-now-available.
html

Original comment by doug.bu...@gmail.com on 26 Mar 2012 at 11:02

  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-migrated Priority-Low Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter