Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Snort 2.9.2.2 #245

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Closed

Snort 2.9.2.2 #245

GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Labels
auto-migrated Priority-Low Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

http://blog.snort.org/2012/03/snort-2922-has-been-released.html

Released on 3/27.

Planned for 4/27.

Original issue reported on code.google.com by doug.bu...@gmail.com on 29 Mar 2012 at 2:59
@GoogleCodeExporter
Copy link
Author 

mkdir ~/20120427
cd ~/20120427

wget http://www.snort.org/downloads/1538
tar zxvf 1538
cd snort-2.9.2.2/
./configure --enable-sourcefire
make
sudo checkinstall
sudo mv securityonion-snort_20120427-1_i386.deb ..

sudo rm -rf /etc/snort/
sudo mkdir /etc/snort
sudo cp etc/* /etc/snort/
cd /etc/snort/
sudo rm snort.conf*

sudo wget http://labs.snort.org/snort/2922/snort.conf
sudo vi snort.conf
< ipvar HOME_NET [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
< var RULE_PATH /etc/nsm/rules
< var SO_RULE_PATH /etc/nsm/rules
< var PREPROC_RULE_PATH /etc/nsm/preproc_rules
< var WHITE_LIST_PATH /etc/nsm/rules
< var BLACK_LIST_PATH /etc/nsm/rules
< output unified2: filename snort.unified2, limit 128
< # rules downloaded by PulledPork
< include $RULE_PATH/downloaded.rules
< include $SO_RULE_PATH/so_rules.rules

cd /etc/nsm/
sudo rm -f gen-msg.map 
sudo wget http://labs.snort.org/snort/2922/gen-msg.map

cd ~/20120427
/usr/bin/fpm -s dir -t deb -n securityonion-snort-config -v 20120427 
/etc/snort/ /etc/nsm/gen-msg.map

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 12:12

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120425" ]; then
        NEW="20120427"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-snort-config_20120427_i386.deb securityonion-snort_20120427-1_i386.deb securityonion-logo_20120427_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

    SENSORS=`grep -v "^#" /etc/nsm/sensortab |awk '{print $1}'`
    for SENSORNAME in $SENSORS; do
        echo "* Backing up /etc/nsm/$SENSORNAME/"   | $LOGGER
        cp -a /etc/nsm/"$SENSORNAME"/ .         | $LOGGER
        echo "* Copying new snort.conf to /etc/nsm/$SENSORNAME/"    | $LOGGER
        cp /etc/snort/snort.conf /etc/nsm/"$SENSORNAME"/    | $LOGGER
        sed -i "s|# preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000|preprocessor perfmonitor: time 300 file /nsm/sensor_data/"$SENSORNAME"/snort.stats pkt
cnt 10000|" /etc/nsm/"$SENSORNAME"/snort.conf | $LOGGER
    done

    [ "$ENGINE" = "snort" ] && /usr/local/bin/pulledpork_update.sh | $LOGGER

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 12:14

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Tested by:
Tested by:
Heine Lysemose
Tom De Vries
Eric Ooi

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 11:39

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120427-now-available.
html

Original comment by doug.bu...@gmail.com on 26 Apr 2012 at 9:14

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-migrated Priority-Low Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter