diff options
Diffstat (limited to 'package/snort-wireless')
-rw-r--r-- | package/snort-wireless/Config.in | 17 | ||||
-rw-r--r-- | package/snort-wireless/Makefile | 49 | ||||
-rw-r--r-- | package/snort-wireless/files/snort-wireless.init | 27 | ||||
-rw-r--r-- | package/snort-wireless/ipkg/snort-wireless.conffiles | 2 | ||||
-rw-r--r-- | package/snort-wireless/ipkg/snort-wireless.control | 6 | ||||
-rw-r--r-- | package/snort-wireless/ipkg/snort-wireless.postinst | 4 | ||||
-rw-r--r-- | package/snort-wireless/patches/500-no-config-search.patch | 35 | ||||
-rw-r--r-- | package/snort-wireless/patches/750-lightweight-config.patch | 178 |
8 files changed, 318 insertions, 0 deletions
diff --git a/package/snort-wireless/Config.in b/package/snort-wireless/Config.in new file mode 100644 index 000000000..d8cb07f7d --- /dev/null +++ b/package/snort-wireless/Config.in @@ -0,0 +1,17 @@ +config ADK_PACKAGE_SNORT_WIRELESS + prompt "snort-wireless.................... Ligthweight Wireless Network Intrusion Detection System (NIDS)" + tristate + select ADK_PACKAGE_LIBNET + select ADK_PACKAGE_LIBPCAP + select ADK_PACKAGE_LIBPCRE + default n + help + + A ligthweight Wireless Network Intrusion Detection System (NIDS) + + http://www.snort-wireless.org/ + + Depends: + - libnet + - libpcap + - libpcre diff --git a/package/snort-wireless/Makefile b/package/snort-wireless/Makefile new file mode 100644 index 000000000..965ece735 --- /dev/null +++ b/package/snort-wireless/Makefile @@ -0,0 +1,49 @@ +# $Id$ +#- +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include $(TOPDIR)/rules.mk + +PKG_NAME:= snort-wireless +PKG_VERSION:= 2.4.3-alpha04 +PKG_RELEASE:= 9 +PKG_MD5SUM:= 1aa699ae279bf7a1140cf6cca02f9999 +MASTER_SITES:= http://www.snort-wireless.org/files/ + +include $(TOPDIR)/mk/package.mk + +$(eval $(call PKG_template,SNORT_WIRELESS,snort-wireless,${PKG_VERSION}-${PKG_RELEASE},${ARCH})) + +CONFIGURE_STYLE= gnu +CONFIGURE_ARGS+= --enable-flexresp \ + --with-libnet-includes="${STAGING_DIR}/usr/include" \ + --with-libnet-libraries="${STAGING_DIR}/usr/lib" \ + --with-libpcap-includes="${STAGING_DIR}/usr/include" \ + --with-libpcap-libraries="${STAGING_DIR}/usr/lib" \ + --with-libpcre-includes="${STAGING_DIR}/usr/include" \ + --with-libpcre-libraries="${STAGING_DIR}/usr/lib" \ + --without-mysql \ + --without-postgresql \ + --disable-inline +BUILD_STYLE= auto +INSTALL_STYLE= auto + +post-install: + ${INSTALL_DIR} ${IDIR_SNORT_WIRELESS}/usr/bin + ${INSTALL_DIR} ${IDIR_SNORT_WIRELESS}/etc/init.d + ${INSTALL_DIR} ${IDIR_SNORT_WIRELESS}/etc/snort + ${INSTALL_BIN} ./files/snort-wireless.init \ + ${IDIR_SNORT_WIRELESS}/etc/init.d/snort + ${INSTALL_DATA} ${WRKBUILD}/etc/snort.conf ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_DATA} ${WRKBUILD}/etc/classification.config \ + ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_DATA} ${WRKBUILD}/etc/gen-msg.map ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_DATA} ${WRKBUILD}/etc/reference.config ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_DATA} ${WRKBUILD}/etc/sid-msg.map ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_DATA} ${WRKBUILD}/etc/threshold.conf ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_DATA} ${WRKBUILD}/etc/unicode.map ${IDIR_SNORT_WIRELESS}/etc/snort/ + ${INSTALL_BIN} ${WRKINST}/usr/bin/snort ${IDIR_SNORT_WIRELESS}/usr/bin + + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/snort-wireless/files/snort-wireless.init b/package/snort-wireless/files/snort-wireless.init new file mode 100644 index 000000000..6986f6118 --- /dev/null +++ b/package/snort-wireless/files/snort-wireless.init @@ -0,0 +1,27 @@ +#!/bin/sh +#FWINIT 75 +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${snort_wireless:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + [ -d /var/log/snort ] || mkdir -p /var/log/snort + snort ${snort_wireless_flags} + ;; +stop) + killall snort + ;; +restart) + sh $0 stop + sh $0 start + ;; +*) + echo "Usage: $0 {start | stop | restart}" + exit 1 + ;; +esac +exit $? diff --git a/package/snort-wireless/ipkg/snort-wireless.conffiles b/package/snort-wireless/ipkg/snort-wireless.conffiles new file mode 100644 index 000000000..a224c4c1d --- /dev/null +++ b/package/snort-wireless/ipkg/snort-wireless.conffiles @@ -0,0 +1,2 @@ +/etc/snort/snort.conf +/etc/snort/threshold.conf diff --git a/package/snort-wireless/ipkg/snort-wireless.control b/package/snort-wireless/ipkg/snort-wireless.control new file mode 100644 index 000000000..11bede931 --- /dev/null +++ b/package/snort-wireless/ipkg/snort-wireless.control @@ -0,0 +1,6 @@ +Package: snort-wireless +Priority: optional +Section: net +Depends: libnet, libpcap, libpcre +Description: a flexible Wireless Network Intrusion Detection System (NIDS), + built without database logging support diff --git a/package/snort-wireless/ipkg/snort-wireless.postinst b/package/snort-wireless/ipkg/snort-wireless.postinst new file mode 100644 index 000000000..a348b7a82 --- /dev/null +++ b/package/snort-wireless/ipkg/snort-wireless.postinst @@ -0,0 +1,4 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +add_rcconf snort-wireless snort_wireless NO +add_rcconf snort-wireless snort_wireless_flags "-i eth0.1 -c /etc/snort/snort.conf -D -N -q -s" diff --git a/package/snort-wireless/patches/500-no-config-search.patch b/package/snort-wireless/patches/500-no-config-search.patch new file mode 100644 index 000000000..d674ba66a --- /dev/null +++ b/package/snort-wireless/patches/500-no-config-search.patch @@ -0,0 +1,35 @@ +--- snort-2.3.2-orig/src/snort.c 2005-01-13 21:36:20.000000000 +0100 ++++ snort-2.3.2-1/src/snort.c 2005-04-04 20:03:34.000000000 +0200 +@@ -1949,7 +1949,7 @@ + { + struct stat st; + int i; +- char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL}; ++ char *conf_files[]={"/etc/snort/snort.conf", NULL}; + char *fname = NULL; + char *home_dir = NULL; + char *rval = NULL; +@@ -1970,23 +1970,6 @@ + i++; + } + +- /* search for .snortrc in the HOMEDIR */ +- if(!rval) +- { +- if((home_dir = getenv("HOME"))) +- { +- /* create the full path */ +- fname = (char *)malloc(strlen(home_dir) + strlen("/.snortrc") + 1); +- if(!fname) +- FatalError("Out of memory searching for config file\n"); +- +- if(stat(fname, &st) != -1) +- rval = fname; +- else +- free(fname); +- } +- } +- + return rval; + } + diff --git a/package/snort-wireless/patches/750-lightweight-config.patch b/package/snort-wireless/patches/750-lightweight-config.patch new file mode 100644 index 000000000..daea3be5a --- /dev/null +++ b/package/snort-wireless/patches/750-lightweight-config.patch @@ -0,0 +1,178 @@ +--- snort-wireless-2.4.3-alpha04/etc/snort.conf 2005-10-21 09:41:01.000000000 +0200 ++++ /Users/florian/telechargements/snort.conf 2005-10-30 13:20:17.000000000 +0100 +@@ -6,6 +6,7 @@ + # + ################################################### + # This file contains a sample snort configuration. ++# Most preprocessors and rules were disabled to save memory. + # You can take the following steps to create your own custom configuration: + # + # 1) Set the variables for your network +@@ -42,10 +43,10 @@ + # or you can specify the variable to be any IP address + # like this: + +-var HOME_NET any ++var HOME_NET 192.168.1.0/24 + + # Set up the external network addresses as well. A good start may be "any" +-var EXTERNAL_NET any ++var EXTERNAL_NET !$HOME_NET + + # Configure your wireless AP lists. This allows snort to look for attacks + # against your wireless network, such as rogue access points or adhoc wireless +@@ -137,7 +138,7 @@ + # Path to your rules files (this can be a relative path) + # Note for Windows users: You are advised to make this an absolute path, + # such as: c:\snort\rules +-var RULE_PATH ../rules ++var RULE_PATH /etc/snort/rules + + # Configure the snort decoder + # ============================ +@@ -413,11 +414,11 @@ + # lots of options available here. See doc/README.http_inspect. + # unicode.map should be wherever your snort.conf lives, or given + # a full path to where snort can find it. +-preprocessor http_inspect: global \ +- iis_unicode_map unicode.map 1252 ++#preprocessor http_inspect: global \ ++# iis_unicode_map unicode.map 1252 + +-preprocessor http_inspect_server: server default \ +- profile all ports { 80 8080 8180 } oversize_dir_length 500 ++#preprocessor http_inspect_server: server default \ ++# profile all ports { 80 8080 8180 } oversize_dir_length 500 + + # + # Example unique server configuration +@@ -451,7 +452,7 @@ + # no_alert_incomplete - don't alert when a single segment + # exceeds the current packet size + +-preprocessor rpc_decode: 111 32771 ++#preprocessor rpc_decode: 111 32771 + + # bo: Back Orifice detector + # ------------------------- +@@ -474,7 +475,7 @@ + # 3 Back Orifice Server Traffic Detected + # 4 Back Orifice Snort Buffer Attack + +-preprocessor bo ++#preprocessor bo + + # telnet_decode: Telnet negotiation string normalizer + # --------------------------------------------------- +@@ -486,7 +487,7 @@ + # This preprocessor requires no arguments. + # Portscan uses Generator ID 109 and does not generate any SID currently. + +-preprocessor telnet_decode ++#preprocessor telnet_decode + + # sfPortscan + # ---------- +@@ -537,9 +538,9 @@ + # are still watched as scanner hosts. The 'ignore_scanned' option is + # used to tune alerts from very active hosts such as syslog servers, etc. + # +-preprocessor sfportscan: proto { all } \ +- memcap { 10000000 } \ +- sense_level { low } ++#preprocessor sfportscan: proto { all } \ ++# memcap { 10000000 } \ ++# sense_level { low } + + # arpspoof + #---------------------------------------- +@@ -814,41 +815,41 @@ + include $RULE_PATH/bad-traffic.rules + include $RULE_PATH/exploit.rules + include $RULE_PATH/scan.rules +-include $RULE_PATH/finger.rules +-include $RULE_PATH/ftp.rules +-include $RULE_PATH/telnet.rules +-include $RULE_PATH/rpc.rules +-include $RULE_PATH/rservices.rules +-include $RULE_PATH/dos.rules +-include $RULE_PATH/ddos.rules +-include $RULE_PATH/dns.rules +-include $RULE_PATH/tftp.rules +- +-include $RULE_PATH/web-cgi.rules +-include $RULE_PATH/web-coldfusion.rules +-include $RULE_PATH/web-iis.rules +-include $RULE_PATH/web-frontpage.rules +-include $RULE_PATH/web-misc.rules +-include $RULE_PATH/web-client.rules +-include $RULE_PATH/web-php.rules +- +-include $RULE_PATH/sql.rules +-include $RULE_PATH/x11.rules +-include $RULE_PATH/icmp.rules +-include $RULE_PATH/netbios.rules +-include $RULE_PATH/misc.rules +-include $RULE_PATH/attack-responses.rules +-include $RULE_PATH/oracle.rules +-include $RULE_PATH/mysql.rules +-include $RULE_PATH/snmp.rules +- +-include $RULE_PATH/smtp.rules +-include $RULE_PATH/imap.rules +-include $RULE_PATH/pop2.rules +-include $RULE_PATH/pop3.rules ++#include $RULE_PATH/finger.rules ++#include $RULE_PATH/ftp.rules ++#include $RULE_PATH/telnet.rules ++#include $RULE_PATH/rpc.rules ++#include $RULE_PATH/rservices.rules ++#include $RULE_PATH/dos.rules ++#include $RULE_PATH/ddos.rules ++#include $RULE_PATH/dns.rules ++#include $RULE_PATH/tftp.rules ++ ++#include $RULE_PATH/web-cgi.rules ++#include $RULE_PATH/web-coldfusion.rules ++#include $RULE_PATH/web-iis.rules ++#include $RULE_PATH/web-frontpage.rules ++#include $RULE_PATH/web-misc.rules ++#include $RULE_PATH/web-client.rules ++#include $RULE_PATH/web-php.rules ++ ++#include $RULE_PATH/sql.rules ++#include $RULE_PATH/x11.rules ++#include $RULE_PATH/icmp.rules ++#include $RULE_PATH/netbios.rules ++#include $RULE_PATH/misc.rules ++#include $RULE_PATH/attack-responses.rules ++#include $RULE_PATH/oracle.rules ++#include $RULE_PATH/mysql.rules ++#include $RULE_PATH/snmp.rules ++ ++#include $RULE_PATH/smtp.rules ++#include $RULE_PATH/imap.rules ++#include $RULE_PATH/pop2.rules ++#include $RULE_PATH/pop3.rules + +-include $RULE_PATH/nntp.rules +-include $RULE_PATH/other-ids.rules ++#include $RULE_PATH/nntp.rules ++#include $RULE_PATH/other-ids.rules + # include $RULE_PATH/web-attacks.rules + # include $RULE_PATH/backdoor.rules + # include $RULE_PATH/shellcode.rules +@@ -856,11 +857,11 @@ + # include $RULE_PATH/porn.rules + # include $RULE_PATH/info.rules + # include $RULE_PATH/icmp-info.rules +- include $RULE_PATH/virus.rules ++# include $RULE_PATH/virus.rules + # include $RULE_PATH/chat.rules + # include $RULE_PATH/multimedia.rules + # include $RULE_PATH/p2p.rules +-include $RULE_PATH/experimental.rules ++#include $RULE_PATH/experimental.rules + #include $RULE_PATH/wifi.rules + + # Include any thresholding or suppression commands. See threshold.conf in the |