Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Updated ChangeLog and added the ShortLog file

Minor change to update the global ChangeLog and added the ShortLog file.
  • Loading branch information...
commit 00dd168ac015fb64028dc87d5949d768d56a2598 1 parent c998296
@mrash authored
Showing with 747 additions and 0 deletions.
  1. +20 −0 ChangeLog
  2. +727 −0 ShortLog
View
20 ChangeLog
@@ -1,3 +1,23 @@
+commit c9982963632825c6ddd2666a0bee9643a363de3b
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Thu Jul 28 20:19:41 2011 -0400
+
+ Added iptables capabilities test for COMMENT len
+
+ In keeping with the ability to test the capabilities of iptables where fwsnort
+ is deployed, added the ability find the maximum length of a string provided to
+ the COMMENT match. This match is used to store Snort rule information within
+ the running fwsnort policy.
+
+commit 9f93d921ebdfdfa03549aa2a7058e2b71d1b15b1
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Tue Jul 26 22:17:08 2011 -0400
+
+ Added the ChangeLog file for 'git log' output.
+
+ The complete ChangeLog is derived from 'git log' with this commit. Version-
+ specific change logs will be included with each release.
+
commit 859958655bc272ffa0413fe9ba4568046a7b5f73
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 26 22:12:02 2011 -0400
View
727 ShortLog
@@ -0,0 +1,727 @@
+Michael Rash (508):
+ New repository initialized by cvs2svn.
+ Initial revision
+ added the installer
+ began code to parse snort rules, added parse_rule_hdr()
+ began parsing rule options
+ made several hashes to contain snort vs. iptable filter and log
+ options
+ added %sopt_log
+ added some better comments
+ better logging format
+ better reporting format
+ added the fwsnort.conf config file
+ removed INTERNAL_NET and EXTERNAL_NET
+ added install for Net::IPv4Addr
+ Added readconf(), moved commands into fwsnort.conf
+ changed to INTERNAL_INTF
+ added validateconf() and get_intf_net()
+ reinstated interface command line args
+ started interpreting the signature source and destination
+ added LICENSE
+ added VERSION
+ better interface validation (including NUM_INTERFACES)
+ added NUM_INTERFACES and HTTP vars
+ added dump_conf()
+ - Added several variables that exist in snort signatures such as
+ SMTP_SERVERS, SHELLCODE_PORTS, etc. - The ____SERVERS
+ variables default to the internal interface on the firewall
+ (similar to the snort defaults of "$HOME_NET").
+ minor semicolon fix
+ removed variable expansion
+ -Added a "Snort Rule Options" section to the comment area at the
+ beginning of the script. -Began completely reworking
+ add_ipt_rule(). -Removed variable expansion in lines of
+ fwsnort.conf. -Added build_port_arr().
+ replaced the four snort options hash with a single hash
+ added regex and ipt_opt keys to the snort_opt hash
+ added iptables_opts hash to map snort opts to iptables opts
+ added install routine for Tie::IxHash
+ removed commas in log-prefix output
+ added comments to iptables rule output, removed Tie::IxHash call
+ -Handle "A+" vs "A" tcp flags. -Fixed regex greediness for snort
+ rule fields. -Removed "log_only" section of %snort_opts (these
+ fields have been put into the "unsupported" section).
+ fixed regex match for ipopts
+ added add_ipt_chains() and jump_chain()
+ started making use of logr()
+ added archive()
+ -Reworked /etc/fwsnort directory structure (simplified it).
+ -Added ipt_ruleset_hdr(). -Added ip key to %intf_net.
+ removed Tie::IxHash
+ updated to include version in snort rules directory
+ standardized on ipt_blah() function names
+ logfile formatting changes
+ added code for snort_sid command line option
+ added version print
+ -Added "sameip" to supported options. -Reinstated the
+ %fwsnort_chains hash and added build_fwsnort_chains(). -Split
+ up ipt_build_rule() into ipt_build(), ipt_build_rule(), and
+ ipt_build_opts(). -Removed dependency on NUM_INTERFACES.
+ interim commit for source and destination handling
+ cleaned up calls to ipt_build_rule()
+ finished handling of INPUT chains
+ removed NUM_INTERFACES
+ updated ipt_jump_chains()
+ first stab at handling FORWARD chain rules
+ fixed EXTERNAL_NET reference
+ fixed ipopts
+ interim commit that adds ipt_allow_traffic()
+ added verbose mode, wrapped FORWARD chain code with interface
+ conditionals
+ fixed directional issue in FORWARD chain
+ interim commit that adds ipt_allow_traffic()
+ separated defined test on DMZ_INTF
+ added install routine for IPTables::Parse
+ counts for applicable iptables rules works
+ fixed echo statements, better verbose mode
+ updated usage(), added --no-ipt-log option
+ updated logfile path
+ added usage() text, added license
+ added ipt_test()
+ Added the fwsnort.8 man page
+ updated all --fw options to --ipt options
+ added INSTALL file
+ added install_manpage()
+ better Copying statement for snort rules files
+ added hex-string patch file
+ added preliminary README
+ added hex-string patch file
+ added help for --hex-string
+ Added --hex-string patch discussion section
+ more docs updates
+ added echo command
+ added DESCRIPTION section
+ added check for NULL chars in hex content, added sids to logfile
+ more docs updates
+ added config section for iptables script
+ added --hex-string discussion
+ fixed null chars in --hex-strings within iptables directly
+ updated to NULL string handling in parse_hex_string
+ minor fixes
+ updated to /etc/fwsnort/snort_rules
+ handled back tics in content field
+ updated to /etc/fwsnort/snort_rules
+ bugfix for not handling identical external and internal interfaces
+ minor comment fix in ipt_test()
+ added defined check for INTERNAL_INTF
+ bug fix for INTERNAL_INTF == EXTERNAL_INTF
+ bug fix for internal == external interfaces
+ updated to snort 2.0 rules
+ updated to snort 2.0 rules, added flow, byte_test, byte_jump, etc
+ keywords
+ added overall totals
+ allowed leading whitespace in snort rules
+ bugfix for being too strict on rule filenames
+ Initial revision
+ updated to cipherdyne.org, removed version numbers from directories
+ in perl modules
+ minor install text change
+ bugfix for number of args to logr()
+ re-ordered options hashes
+ comment testing
+ added the CREDITS file
+ added write_ipt_script() for iptables script statements
+ added in psad in SEE ALSO section psad.8
+ removed newlines from logr() and write_ipt_script() calls
+ added ChangeLog
+ added --no-ipt-jumps (Thomas Bullinger)
+ added snort_opts.pl
+ added VERSION file
+ -Added installation prefix of /usr/lib/fwsnort for perl modules.
+ -Added the ability to download latest snort rules from
+ http://www.snort.org -Added check_commands().
+ -Added --update-rules option to download latest rules from snort.org.
+ -Properly handle icmp protocol now ("Undefined code" sigs are
+ ignored, and icmp protocol rules are now no longer
+ automatically included within fwsnort.sh). -Added REJECT
+ tcp-reset support for tcp sessions that are to be blocked.
+ added text on hex string patch being accepted by iptables maintainers
+ more stuff for Thomas Bullinger
+ more stuff for 0.2
+ added 0.2 options
+ added tar and wget commands
+ added preserve_config() from psad
+ updated to 0.2
+ updated to snort-2.1 rules
+ removed Data::Dumper
+ added test for iptables ttl extension
+ incremented to version 0.5
+ added tar command path
+ bugfix for dmz interface
+ bugfix for existing downloaded_snort_rule directory
+ -Made only a single call to write_ipt_script() to reduce disk
+ accesses. -Bugfix for protocols that contain non-word chars
+ (such as ">"). -Added regex for ip addresses. -Removed
+ "<-" direction parsing for rule header since snort does not
+ even support this.
+ bugfix for negated src/dst ports
+ bugfix for negated dst port
+ -Added check for multiple ip_proto fields. -Removed "ip" as a
+ protocol that can be translated. -Truncate logfile at startup
+ (it is really just a parsing log).
+ added 0.6 stuff
+ incremented version to 0.6
+ minor help updates for ipt_script
+ added Paul O., more stuff for Thomas B.
+ bugfix for not getting the DMZ interface network
+ bugfix for not adding dmz interface rules to INPUT chain
+ updated to version 0.6.1
+ updated to 0.6.1 stuff
+ added --internal-net and --dmz-net
+ version 0.6.2
+ added icmp-port-unreachable for udp rejects, added --internal-net and
+ --dmz-net options
+ more verbose explanations
+ added Ahmad Almulhem
+ added 0.6.2 stuff
+ minor bugfix for usage()
+ split --ipt-block into --ipt-drop and --ipt-reject, added
+ --add-deleted option
+ added ignore functionality for both IPs and networks
+ added IGNOREIP and IGNORENET
+ replace --ipt-block with --ipt-reject and --ipt-drop
+ added 0.6.3 stuff
+ generic language support for ifconfig output
+ Added TODO
+ updated to new rules download link on www.snort.org
+ added flowbits
+ updated to standard logging prefixes [+], [-], and [*]
+ updated to Snort-2.3 rules
+ updated docs
+ added --replace-string patches
+ .
+ incremented version to 0.6.4
+ .
+ - Updated to not attempt to download Snort rules from snort.org
+ because the rules are no longer available for automatic downloads
+ - Changed the install.pl script and the --update-rules mode for
+ fwsnort to download the latest signature set from
+ http://www.bleedingsnort.com/. (Snort.org is now offering
+ pay-service around their rule sets). - Added signature test
+ for the "flowbits" keyword.
+ bleedingsnort vs. snort.org update
+ added support for the pass and log actions in Snort rules, added
+ general support for the ULOG target
+ 0.6.6
+ - Added support for the "resp" keyword to allow it to drive the
+ Netfilter argument to the REJECT target. - Added "pcre" to the
+ unsupported list... this knocks the fwsnort translation rate
+ down to about 50% for Snort-2.3 rules (pcre is heavily
+ utilized). - Added "priority" and "rev" to comment lines.
+ version 0.7.0
+ update Copyright date
+ -IP options bugfix to match the ipopts Snort option (several
+ arguments are not supported by the ipv4options extension).
+ -Added IP protocol support in the translation of the Snort rule
+ header.
+ started separating Snort rule header options and iptables mapping
+ hash
+ moved iptables options into snort_opts hash
+ complete chain restructuring (see ChangeLog)
+ minor path update
+ removed interface variables for the fwsnort chain restructuring,
+ fwsnort now supports Snort header variable resolution
+ added --no-ipt-conntrack command line option, added check for
+ Netfilter conntrack match
+ added the ability to restrict Netfilter rules to a specified
+ intefaces, added ability to remove INPUT, OUTPUT, or FORWARD
+ processing
+ added exclusion for loopback traffic logged via the loopback
+ interface
+ updated to handle icmp type/code rules, added rule counter in
+ fwsnort.sh script
+ more 0.8.0 stuff
+ bugfix for not excluding rules that contain ip_proto with a < or >
+ char
+ Added --snort-conf to read variables out of an existing snort.conf
+ file, fixed up usage()
+ added command line args output to fwsnort.sh
+ made use of Netfiler length match to emulate dsize Snort option,
+ added negation tests for source and destination IP addresses
+ added average packet header length vars for Netfilter length match
+ emulation of dsize option
+ bugfix for negated networks
+ bugfix for icmp-type order, bugfix for src/dst ports in non-tcp/udp
+ protocol match
+ length bugfix, non-tcp/udp protocol and port number bugfix
+ 0.8.0 stuff
+ added list processing support for --include-types and --exclude-types
+ added support for the Snort_inline replace option
+ added test for --replace-string support
+ .
+ finished is_local() function, added --no-addresses option, started on
+ --ipt-flush
+ bugfix for missing space in src/dst iptables args
+ bugfix for rules added counter, bugfix for inappropriate protocol
+ mapping based on src/dst ports
+ updated preservation code to remove interfaces from old configs
+ Initial revision
+ added linux-2.4.4_conntrack.patch
+ .
+ added conntrack patches
+ added added chain keywords
+ -Added --ipt-list to list rules in fwsnort chains. -Finished
+ --ipt-flush code. -Updated to use chain names from keywords
+ defined in fwsnort.conf. -Update usage().
+ added --no-exclude-lo, the default is now to exclude the loopback
+ interface from fwsnort processing
+ updated comment wording
+ moved to patches/ directory
+ added string_replace_kernel.patch
+ bugfix for Rules added counter, added support for multiple sids in
+ --snort-sids, added --exclude-sids option
+ --snort-sids list support
+ updated stdout output in --snort-sids mode
+ bugfix for excluding the loopback interface
+ updated to allow list of interfaces to restrict jump rules to
+ .
+ added patch to extend packet search length from 1024 to 2048 bytes
+ (longer than Ethernet MTU
+ l7 usage
+ updated man page
+ updated to add action to logging prefix if --ipt-drop or --ipt-reject
+ is used
+ DRP and REJ strings
+ updated --ipt-apply argument to just execute fwsnort.sh
+ minor bugfix to remove extra content-list hash entry
+ minor sids->sid update
+ moved --ipt-list and --ipt-flush handlers before archive()
+ updated to 8 byte ICMP header
+ added snortspoof.pl
+ .
+ updated version to 0.8.0
+ updated to handle the string match extension in the 2.6.14 kernel
+ 0.8.1 stuff
+ added uname command
+ .
+ 0.8.1
+ added hostname to fwsnort.sh doc section
+ Initial revision
+ rpm package
+ .
+ format fixes
+ .
+ updated to Snort-2.3.3 rules
+ added IPTables::Parse module
+ deprecated old IPTables module for IPTables::Parse module
+ -Updated to use perl module installation strategy from fwknop to only
+ install modules that don't already exist within the system
+ perl module tree. -Added --Force-mod-regex and
+ --force-mod-install command line arguments.
+ added patch to fix a bug where repetitive strings could not be
+ matched within payload data except at specific offests
+ updates for 0.8.2 release
+ started on 0.8.2 stuff
+ added code to detect whether a previously seen state rule applies to
+ the current rule in the policy
+ -Added --dumper mode to use Data::Dumper to print Snort rule hashes
+ and corresponding matching Netfilter rules. This is useful to
+ help diagnose IPTables::Parse to see how fwsnort is doing
+ w.r.t. matching Snort rules to Netfilter rules. -Added
+ 'ack' Snort rule option to the unsupported options in fwsnort.
+ The --log-tcp-sequence iptables argument does log
+ acknowledgment numbers however (psad can make use of them).
+ -Re-worked how fwsnort parses Netfilter policies to use the new
+ IPTables::Parse module (which returns an array of hash refs for
+ each set of rules in a Netfilter chain). -Added code see
+ if state rules apply to current Netfilter rule. -Added support
+ for OUTPUT chain.
+ bumped version to 0.8.2
+ minor bugfix for Dumper() function call in print() statement
+ updated to same format as the psad CREDITS file
+ updated to use Net::RawIP
+ switched to require Net::RawIP so a normal user can check proper
+ compilation, removed unnecessary msg var
+ updated snort sig comment
+ added GPL and standard header text
+ added Id tag expansion
+ Added cd_rpmbuilder script to make it easy to automatically build
+ fwsnort RPM files
+ minor opendir shift fix
+ backdoor update for Matrix 2.0 sig
+ minor opendir shift fix
+ linux-2.6 and string matching note
+ Added README.RPM file for automated cd_rpmbuilder
+ updated TCP header length
+ - Added ipt-file argument to allow an iptables policy to be read from
+ a file. - Added --Dump-ipt and --Dump-snort to allow iptables
+ and snort rules to be dumped to STDOUT. - Additional
+ code cleanups to better handle chain names. - Added file
+ revision
+ updated to latest version from psad project
+ minor doc updates
+ bugfix to not print duplicate rules in --Dump-ipt and --Dump-snort
+ modes
+ added bleeding-all.rules
+ more 0.8.2 stuff
+ more 0.8.2 stuff
+ 0.8.2 release
+ 0.8.2 release date
+ minor fixes for the buildroot and cwd path
+ updated to 0.8.2 changes
+ Added Revision tag expansion
+ updated to force install of IPTables::Parse
+ added comment match support for msg fields, added --ipt-rule-nums to
+ include rule numbers within fwsnort logging prefixes
+ updated to include iptables rule numbers by default (can be disabled
+ with --no-ipt-rule-nums)
+ updated to latest Bleeding Snort rules
+ documentation updates for comment and rule num options
+ minor comment update
+ added --include-regex and --exclude-regex command line args
+ save command line args
+ updated to print the entire Snort rule as a comment in the fwsnort.sh
+ script without having to use --verbose
+ 0.9.0 additions
+ added generation timestamp to fwsnort.sh
+ 0.9.0 additions
+ implemented true whitelist/blacklist functionality that is driven by
+ the fwsnort.conf WHITELIST/BLACKLIST variables
+ implemented true whitelist/blacklist functionality that is driven by
+ the fwsnort.conf WHITELIST/BLACKLIST variables
+ updated to latest Bleeding Snort rules
+ added -F and -L command line options to emulate the iptables command
+ line a bit
+ 0.9.0 additions
+ minor comment fix
+ Bugfix to ensure that traffic directed into the INPUT or coming from
+ the OUTPUT chains is treated as going toward or originating
+ from the HOME_NET. After all the HOME_NET variable may
+ contain an internal network but omit the IP assigned to an
+ external interface on the firewall.
+ Added "--log-ip-options" and "--log-tcp-options" to fwsnort LOG rules
+ by default (in the generated fwsnort.sh script). This can be
+ disabled with --no-log-ip-opts and --no-log-tcp-opts arguments
+ on the fwsnort command line.
+ init scripts
+ copyright date update to 2007
+ bumped version
+ moved the cd_rpmbuilder script into the packaging directory
+ added FWSNORT_<chain>_JUMP variables to allow the admin to control
+ where in the built-in INPUT, OUTPUT, and FORWARD chains the jump
+ rules are added for the FWSNORT chains
+ flowbits regex fix
+ added string match offset bugfix
+ updated to handle multiple content strings and fixed the minimum
+ depth criteria
+ Updated to handle negative string matches
+ bugfix for content matches that contain an escaped semicolon
+ update content strings like |00||00| to just |00 00|
+ minor update to put rule number echo statement after original snort
+ rule
+ Added emulation for distance and within from previous content match
+ (based on --from and --to and the length of the previous pattern)
+ 0.9.0 additions
+ added fwsnort version to comment string
+ fwsnort version in comment match
+ minor update Iptables -> iptables
+ bugfix to make sure the 'within' criteria is large enough
+ bugfix to ensure the LOG target is built correctly if a comment block
+ is too large
+ version 0.9.0
+ Added the SSH_PORTS variable
+ update to latest bleeding snort signatures
+ minor wording update
+ added the DNS cache poisoning signature
+ added support for reporting multiple unsupported options in the
+ /var/log/fwsnort.log file
+ doc updates
+ 0.9.0 release
+ doc update, Netfilter -> iptables
+ 0.9.0 release date
+ - Bug fix to remove any existing jump rules from the built-in INPUT,
+ OUTPUT, and FORWARD chains before creating a new jump rules.
+ This allows the fwsnort.sh script to be executed multiple
+ times without creating a new jump rule into the fwsnort
+ chains for each execution. - Added the -X command line
+ argument to allow fwsnort to delete all of the fwsnort
+ chains; this emulates the iptables command line argument of
+ the same name.
+ added copyright line
+ major update to add the --QUEUE option to speed-up inline Snort
+ implementations with in-kernel string matching
+ version update to 1.0
+ added URL to standard header
+ updated to preserve userspace signatures in --QUEUE mode, updated
+ snort_rules_mod/ dir to snort_rules_queue
+ Added NFQUEUE target support
+ Added support for NFQUEUE number with --queue-num
+ updated to include full command line args for the snort_rules_queue/
+ files in the preamble section
+ Added sid field to iptables comment match
+ added 'Finished' echo statement to the fwsnort.sh script
+ comment match update
+ updated to 1.0 release
+ - Bugfix for iptables string match --from and --to values to skip
+ past packet headers. This is an approximation until a new
+ --payload option can be added to the string match extension.
+ Also added an iptables test for the --payload option. -
+ Added a single iptables rule testing API internally within
+ fwsnort; this adds a measure of consistency and removes some
+ duplicate code.
+ man page updates to include --NFQUEUE and --QUEUE language
+ added --queue-rules-dir option
+ added --queue-num command line argument
+ 1.0 release date
+ added Hank L.
+ latest update from cipherdyne.org; bugfix for rpmbuild vs. wget path,
+ updated to remove md5 sum files
+ minor consolidation of push() calls
+ Added the ability to automatically resolve command paths if any
+ commands cannot be found at the locations specified in the
+ fwsnort.conf file.
+ TODO additions
+ bugfix for ipt_rule_test() function name.
+ bumped version to 1.0.1
+ removed ChangeLog.svn file
+ bugfix to ensure that header lengths are accounted for with payload
+ offsets
+ increased average TCP header length to 30 bytes to account for 10
+ bytes of options on ACK packets
+ version 1.0.2
+ Added 1.0.2 release
+ Added --include-regex and --exclude-regex options
+ added --include-re-caseless and --exclude-re-caseless options to have
+ --include-regex and --exclude-regex options match case
+ insensitively
+ started on 1.0.3 additions
+ - Added the ability to interpret basic PCRE's that contain strings
+ separated by ".*" or ".+" as multiple string matches. The
+ only difference between this strategy and the Snort
+ implementation is that the ordering of the strings is not
+ preserved, but most signature developers don't rely on this
+ anyway. - Added asn1 keyword to unsupported list.
+ major signature update from Bleeding Threats to include signatures
+ for some of the latest malware and exploits
+ fwsnort-1.0.3 additions
+ minor comment updates
+ fwsnort-1.0.3 release
+ updated to latest (last?) Bleeding Threats signature set
+ added LC_ALL='C' locale setting, added --Exclude-mod-regex
+ version 0.5, applied zero protocol fix from Grant, updated to handle
+ ULOG rules
+ (Grant) updated to set sport and dport to 0:0 if protocol == all
+ Added Grant
+ (Grant) Suggested bugfix to allow negated networks to be specified
+ within iptables allow rules or within the fwsnort.conf file.
+ version 1.0.4-pre1
+ updated with Grant's last name
+ version 1.0.4
+ minor usage update
+ minor usage update
+ minor contributor update
+ Franck Joncourt - Submitted patch to fix double dash format
+ in fwsnort man page.
+ added deps/ directory
+ minor update to include contributors
+ added code to handle new deps/ directory
+ moved IPTables-Parse and Net-IPv4Addr to the deps/ directory
+ added fwsnort-nodeps.spec file, updated fwsnort.spec to handle deps/
+ directory
+ minor bugfix to include missed skip_module_install var
+ update for Franck
+ added dependencies discussion
+ Updated to import perl modules from /usr/lib/fwsnort, but only if
+ this path actually exists in the filesystem. This is similar
+ to the strategy implemented by psad. A new variable
+ FWSNORT_LIBS_DIR was added to the fwsnort.conf to support
+ this.
+ bumped version to 1.0.5-pre1
+ chdir path bugfix
+ removed bleeding-all.rules and added emerging-all.rules since Matt
+ Jonkman has switched to Emerging Threats
+ moved snort_rules directory into deps/, switched to Emerging Threats
+ signature set
+ added --snort-rdir patch from Franck
+ added -nodeps patch from Franck
+ updated to handle snort_rules/ directory move to deps/
+ version to 1.0.5-pre2
+ removed moddir, minor fwsnort URL fix
+ minor fwsnort URL fix
+ minor update to make sure to always return to the source directory
+ when installing perl modules
+ applied patch from Franck Joncourt to fix fwsnort man page to replace
+ bleeding-all with emerging-all
+ removed old 'use lib' call since fwsnort uses the 'require' strategy
+ now
+ Added support for multiple Snort rule directories as a
+ comma-separated list for the argument to --snort-rdir.
+ bugfix to exclude all directories except for the first in --update
+ mode if multiple directories are given as a comma-separated list
+ added bump_version.pl file
+ bumped version to 1.0.5-pre3
+ bugfix for IPTables::ChainMgr -> IPTables::Parse
+ updated 1.0.5 release date, removed perl module path updating code
+ moved 'threshold' to the unsupported list since there will be several
+ signatures that use this feature to detect the Dan Kaminsky DNS
+ attack
+ bumped version to 1.0.5-pre4
+ minor dodumentation fixes
+ added download of Emerging Threats as a tarball (suggested by Franck
+ Joncourt)
+ Added support for nodeps RPM's
+ updated release date
+ version 1.0.5
+ updated to correct tar.gz path in --no-deps mode
+ minor update to include download directory in status output in
+ --update mode
+ bugfix in strict mode to use the fact that the threshold keyword is
+ already unsupported (Franck Joncourt)
+ content match fix for Emerging Threats Snort rule ID 2007975 (Frank
+ Joncourt)
+ wording updates for the fwsnort(8) man page from Justin B Rye and
+ Franck Joncourt
+ From: Franck Joncourt <franck.mail@dthconnex.com> Subject:
+ [PATCH] fixes/content_length
+ bumped version to 1.0.6-pre1
+ - (Franck Joncourt) Updated fwsnort to use the "! <option> <arg>"
+ syntax instead of the older "<option> ! <arg>" for the
+ iptables command line.
+ - Updated to the latest complete rule set from Emerging Threats (see
+ http://www.emergingthreats.net/).
+ updated to version 1.0.6-pre2
+ updated to the latest rule set from Emerging Threats
+ Bug fix to allow fwsnort to properly translate snort rules that have
+ "content" fields with embedded escaped semicolons (e.g. "\;").
+ This allows fwsnort to translate about 85 additional rules
+ from the Emerging Threats rule set.
+ updated version to 1.0.6-pre3
+ - Bug fix to allow case insensitive matches to work properly with the
+ --include-re-caseless and --exclude-re-caseless arguments.
+ - Added the --snort-rfile argument so that a specific Snort
+ rules file (or list of files separated by commas) is parsed.
+ minor cleanup (href->hr, aref->ar)
+ - Bug fix to move the 'rawbytes' keyword to the list of keywords that
+ are ignored since iptables does a raw match anyway as it
+ doesn't run any preprocessors in the Snort sense. - Added
+ a small hack to choose the first port from a port list until the
+ iptables 'multiport' match is supported. - Updated to
+ consolidate spaces in hex matches in the fwsnort.sh script
+ since the spaces are not part of patterns to be searched anyway.
+ bumped version to fwsnort-1.0.6-pre4
+ Added the 'BuildRequires: perl-ExtUtils-MakeMaker' statement
+ version 1.0.6
+ version 1.0.6
+ merged: svn merge -r 500:504
+ file:///home/mbr/svn/fwsnort_repos/fwsnort/branches/fwsnort-1.0.6
+ updated to the latest Emerging Threats rule set
+ updated to the latest Emerging Threats rule set
+ - Added the --include-perl-triggers command line argument so that
+ translated Snort rules can easily be tested. This argument
+ instructs fwsnort to include 'perl -e print ... ' commands as
+ comments in the /etc/fwsnort/fwsnort.sh script, and these
+ commands can be combined with netcat to send payloads across
+ the wire that match Snort rules. - Minor documentation fixes.
+ - Added the ability to build an fwsnort policy that utilizes
+ ip6tables instead of iptables. This allows fwsnort filtering
+ and altering capabilities to apply to IPv6 traffic instead of
+ just IPv4 traffic. To enable ip6tables usage, use the "-6" or
+ "--ip6tables" command line arguments.
+ updated version to 1.1
+ - Updated fwsnort to create logs in the /var/log/fwsnort/ directory
+ instead of directly in the /var/log/ directory. The path is
+ controlled by a new variable 'LOG_FILE' in the
+ /etc/fwsnort/fwsnort.conf file. - Added several variables in
+ /etc/fwsnort/fwsnort.conf to control paths to everything
+ from the config file to the snort rules path. Coupled with
+ this is the ability to create variables within path components and
+ fwsnort will expand them (e.g. 'CONF_DIR /etc/fwsnort;
+ CONF_FILE $CONF_DIR/fwsnort.conf'). - Added --Last-cmd arg so
+ that it is easy to rebuild the fwsnort.sh script with the
+ same command line args as the previous execution.
+ bumped version to 1.1-pre2
+ added Guillermo Gomez
+ bumped version to 1.1-pre3
+ added a -6 example to the EXAMPLES section
+ bumped version to 1.1
+ minor update Snort -> SNORT
+ minor version fix (1.1)
+ updated GPL license string to mention GPLv2
+ Major update to being moving to using the iptables-save format
+ instead of the older strategy to always just execute iptables
+ commands directly.
+ - Updated the iptables capabilities testing routines to add and
+ delete testing rules to/from the custom chain 'FWS_CAP_TEST'.
+ This maintains a a cleaner separation between fwsnort and any
+ existing iptables policy even during the capabilities testing
+ phase. - Added the --ipt-check-capabilities argument to have
+ fwsnort test the capabilities of the local iptables firewall
+ and exit.
+ - Updated to automatically check for the maximum length string that
+ the string match supports, and this is used to through out any
+ Snort rules with content matches longer than this length.
+ moved to instantiate the fwsnort iptables-save policy via
+ /etc/fwsnort/fwsnort.sh
+ minor comments update
+ bumped version to 1.5-pre1
+ - Added the --rules-url argument so that the URL for updating the
+ Emerging Threats rule set can be specified from the command line.
+ The default is:
+ bumped version to: 1.5-pre2
+ updated to point to the correct Emerging Threats rule set, and added
+ the --rules-url arg (similiar to fwsnort)
+ bug fix to make sure to add the 'COMMIT' and '# Completed ...' lines
+ at the end of the generated fwsnort.save file
+ updated to default to pulling Snort rules from the rules directory in
+ --snort-rfile mode when running as root
+ - Updated to the latest complete rule set from Emerging Threats (see
+ http://www.emergingthreats.net/).
+ bumped version to 1.5-pre3
+ - Added the --string-match-alg argument to allow the string matching
+ algorithm used by fwsnort to be specified from the command
+ line. The default algorithm is 'bm' for 'Boyer-Moore', but
+ 'kmp' may also be specified (short for the
+ 'Knuth–Morris–Pratt' algorithm).
+ bumped to version 1.5-pre4
+ minor update to include the GPL version number (v2) suggested by
+ Guillermo Gomez
+ added the ability to build ip6tables policies in ip6tables-save
+ format
+ minor wording update to include ip6tables policies
+ update to include information about the iptables-save format
+ added UPGRADE section
+ copyright date update
+ bumped version to: 1.5-pre5
+ minor date update
+ bumped software version to 1.5
+ wording fix for the fwsnort-1.5 ChangeLog
+ Removed legacy $Id$ tags (for old svn repos)
+ Removed old reference to $rev_num
+ Bugfix for --log-prefix maximum lengths
+ Bugfix for --ipt-list and --ipt-flush
+ Added test for conntrack --ctstate
+ Added the --Conntrack-state argument
+ Bugfix for --ipt-apply to exec fwsnort.sh
+ minor ChangeLog update
+ Added newer Snort keywords to snort_opts.pl
+ Added three Snort signature keywords
+ minor man page wording update
+ Added support for Snort keyword 'fast_pattern'
+ Added 'fast_pattern' support + no patterns bug fix
+ Merge branch 'master' of github.com:mrash/fwsnort
+ Added content match ordering based on length
+ minor comment wording update for TCP options
+ Added 'detection_filter' to not supported list
+ Fixed fast_pattern support for relative matches
+ minor man page wording update
+ Moved GetOpt() call to handle_cmd_line()
+ Added the --no-fast-pattern-ordering argument
+ Implemented tighter 'within' criteria
+ Added --no-fast-pattern-order to --help output
+ Added iptables 'multiport' match support
+ Updated to the latest Emerging Threats Snort rules
+ Added support for the Snort 'nocase' keyword
+ Minor change to not write args in --help mode.
+ Updated to allow non-root users to execute fwsnort.
+ Ignore http_uri, http_method, and urilen
+ Bugfix to support --NFQUEUE mode
+ Added iptables capabilities test for NFQUEUE modes
+ Minor man page wording update for NFQUEUE mode
+ Added --queue-pre-match-max <num> argument
+ Added support for rules updates from several URL's
+ Renamed ChangeLog -> ChangeLog.old
+ Bumped version from 1.5 to 1.6
+ Added the ChangeLog file for 'git log' output.
+ Added iptables capabilities test for COMMENT len
+
Please sign in to comment.
Something went wrong with that request. Please try again.