reference.config needs to be updated #184

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 5 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Needs to be a combination of VRT and ET

Original issue reported on code.google.com by doug.bu...@gmail.com on 6 Jan 2012 at 8:44

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

ET version is here:
http://rules.emergingthreats.net/open/suricata/reference.config

# config reference: system URL

config reference: bugtraq   http://www.securityfocus.com/bid/ 
config reference: bid       http://www.securityfocus.com/bid/ 
config reference: cve       http://cve.mitre.org/cgi-bin/cvename.cgi?name=
#config reference: cve       http://cvedetails.com/cve/
config reference: secunia   http://www.secunia.com/advisories/

#whitehats is unfortunately gone
config reference: arachNIDS http://www.whitehats.com/info/IDS

config reference: McAfee    http://vil.nai.com/vil/content/v_
config reference: nessus    http://cgi.nessus.org/plugins/dump.php3?id=
config reference: url       http://
config reference: et        http://doc.emergingthreats.net/
config reference: etpro     http://doc.emergingthreatspro.com/
config reference: telus     http://
config reference: osvdb     http://osvdb.org/show/osvdb/
config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
config reference: md5       http://www.threatexpert.com/report.aspx?md5=
config reference: exploitdb http://www.exploit-db.com/exploits/
config reference: openpacket https://www.openpacket.org/capture/grab/
config reference: securitytracker http://securitytracker.com/id?
config reference: secunia   http://secunia.com/advisories/
config reference: xforce    http://xforce.iss.net/xforce/xfdb/
config reference: msft      http://technet.microsoft.com/security/bulletin/

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 8:45

  • Added labels: ****
  • Removed labels: ****
ET version is here:
http://rules.emergingthreats.net/open/suricata/reference.config

# config reference: system URL

config reference: bugtraq   http://www.securityfocus.com/bid/ 
config reference: bid       http://www.securityfocus.com/bid/ 
config reference: cve       http://cve.mitre.org/cgi-bin/cvename.cgi?name=
#config reference: cve       http://cvedetails.com/cve/
config reference: secunia   http://www.secunia.com/advisories/

#whitehats is unfortunately gone
config reference: arachNIDS http://www.whitehats.com/info/IDS

config reference: McAfee    http://vil.nai.com/vil/content/v_
config reference: nessus    http://cgi.nessus.org/plugins/dump.php3?id=
config reference: url       http://
config reference: et        http://doc.emergingthreats.net/
config reference: etpro     http://doc.emergingthreatspro.com/
config reference: telus     http://
config reference: osvdb     http://osvdb.org/show/osvdb/
config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
config reference: md5       http://www.threatexpert.com/report.aspx?md5=
config reference: exploitdb http://www.exploit-db.com/exploits/
config reference: openpacket https://www.openpacket.org/capture/grab/
config reference: securitytracker http://securitytracker.com/id?
config reference: secunia   http://secunia.com/advisories/
config reference: xforce    http://xforce.iss.net/xforce/xfdb/
config reference: msft      http://technet.microsoft.com/security/bulletin/

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 8:45

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

[deleted comment]
[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

ET version has everything we need. 

Copied files in place:
cp reference.config /etc/snort/
cp reference.config /etc/suricata/

Created new packages:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-suricata-config -v 20120107 /etc/suricata/
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-snort-config -v 20120107 /etc/snort/

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 9:06

  • Added labels: ****
  • Removed labels: ****
ET version has everything we need. 

Copied files in place:
cp reference.config /etc/snort/
cp reference.config /etc/suricata/

Created new packages:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-suricata-config -v 20120107 /etc/suricata/
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-snort-config -v 20120107 /etc/snort/

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 9:06

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Added the following to security-onion-upgrade.sh:

sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120106" ]; then
        NEW="20120107"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        echo "* Installing new reference.config in /etc/snort/" | $LOGGER
        apt-get -y remove securityonion-snort-conf
        FILE=securityonion-snort-config_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i --force-overwrite $FILE                         | $LOGGER

        echo "* Installing new reference.config in /etc/suricata/"                 | $LOGGER
        FILE=securityonion-suricata-config_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

        awk '{print $1}' /etc/nsm/sensortab |grep -v "#" |while read SENSOR
        do
                echo "* Installing new reference.config in /etc/nsm/$SENSOR/" | $LOGGER
                cp /etc/snort/reference.config /etc/nsm/$SENSOR/        | $LOGGER
        done
        nsm_sensor_ps-restart --only-snort-alert
        nsm_sensor_ps-restart --only-barnyard2

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 9:18

  • Added labels: ****
  • Removed labels: ****
Added the following to security-onion-upgrade.sh:

sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120106" ]; then
        NEW="20120107"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        echo "* Installing new reference.config in /etc/snort/" | $LOGGER
        apt-get -y remove securityonion-snort-conf
        FILE=securityonion-snort-config_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i --force-overwrite $FILE                         | $LOGGER

        echo "* Installing new reference.config in /etc/suricata/"                 | $LOGGER
        FILE=securityonion-suricata-config_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

        awk '{print $1}' /etc/nsm/sensortab |grep -v "#" |while read SENSOR
        do
                echo "* Installing new reference.config in /etc/nsm/$SENSOR/" | $LOGGER
                cp /etc/snort/reference.config /etc/nsm/$SENSOR/        | $LOGGER
        done
        nsm_sensor_ps-restart --only-snort-alert
        nsm_sensor_ps-restart --only-barnyard2

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 9:18

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/01/security-onion-20120107-now-available.
html

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 9:41

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Published:
http://securityonion.blogspot.com/2012/01/security-onion-20120107-now-available.
html

Original comment by doug.bu...@gmail.com on 6 Jan 2012 at 9:41

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment