New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Snort 2.9.2.2 #245

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 4 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter

GoogleCodeExporter commented Mar 24, 2015

http://blog.snort.org/2012/03/snort-2922-has-been-released.html

Released on 3/27.

Planned for 4/27.

Original issue reported on code.google.com by doug.bu...@gmail.com on 29 Mar 2012 at 2:59

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

mkdir ~/20120427
cd ~/20120427

wget http://www.snort.org/downloads/1538
tar zxvf 1538
cd snort-2.9.2.2/
./configure --enable-sourcefire
make
sudo checkinstall
sudo mv securityonion-snort_20120427-1_i386.deb ..

sudo rm -rf /etc/snort/
sudo mkdir /etc/snort
sudo cp etc/* /etc/snort/
cd /etc/snort/
sudo rm snort.conf*

sudo wget http://labs.snort.org/snort/2922/snort.conf
sudo vi snort.conf
< ipvar HOME_NET [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
< var RULE_PATH /etc/nsm/rules
< var SO_RULE_PATH /etc/nsm/rules
< var PREPROC_RULE_PATH /etc/nsm/preproc_rules
< var WHITE_LIST_PATH /etc/nsm/rules
< var BLACK_LIST_PATH /etc/nsm/rules
< output unified2: filename snort.unified2, limit 128
< # rules downloaded by PulledPork
< include $RULE_PATH/downloaded.rules
< include $SO_RULE_PATH/so_rules.rules

cd /etc/nsm/
sudo rm -f gen-msg.map 
sudo wget http://labs.snort.org/snort/2922/gen-msg.map

cd ~/20120427
/usr/bin/fpm -s dir -t deb -n securityonion-snort-config -v 20120427 
/etc/snort/ /etc/nsm/gen-msg.map 

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 12:12

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

mkdir ~/20120427
cd ~/20120427

wget http://www.snort.org/downloads/1538
tar zxvf 1538
cd snort-2.9.2.2/
./configure --enable-sourcefire
make
sudo checkinstall
sudo mv securityonion-snort_20120427-1_i386.deb ..

sudo rm -rf /etc/snort/
sudo mkdir /etc/snort
sudo cp etc/* /etc/snort/
cd /etc/snort/
sudo rm snort.conf*

sudo wget http://labs.snort.org/snort/2922/snort.conf
sudo vi snort.conf
< ipvar HOME_NET [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
< var RULE_PATH /etc/nsm/rules
< var SO_RULE_PATH /etc/nsm/rules
< var PREPROC_RULE_PATH /etc/nsm/preproc_rules
< var WHITE_LIST_PATH /etc/nsm/rules
< var BLACK_LIST_PATH /etc/nsm/rules
< output unified2: filename snort.unified2, limit 128
< # rules downloaded by PulledPork
< include $RULE_PATH/downloaded.rules
< include $SO_RULE_PATH/so_rules.rules

cd /etc/nsm/
sudo rm -f gen-msg.map 
sudo wget http://labs.snort.org/snort/2922/gen-msg.map

cd ~/20120427
/usr/bin/fpm -s dir -t deb -n securityonion-snort-config -v 20120427 
/etc/snort/ /etc/nsm/gen-msg.map 

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 12:12

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120425" ]; then
        NEW="20120427"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-snort-config_20120427_i386.deb securityonion-snort_20120427-1_i386.deb securityonion-logo_20120427_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

    SENSORS=`grep -v "^#" /etc/nsm/sensortab |awk '{print $1}'`
    for SENSORNAME in $SENSORS; do
        echo "* Backing up /etc/nsm/$SENSORNAME/"   | $LOGGER
        cp -a /etc/nsm/"$SENSORNAME"/ .         | $LOGGER
        echo "* Copying new snort.conf to /etc/nsm/$SENSORNAME/"    | $LOGGER
        cp /etc/snort/snort.conf /etc/nsm/"$SENSORNAME"/    | $LOGGER
        sed -i "s|# preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000|preprocessor perfmonitor: time 300 file /nsm/sensor_data/"$SENSORNAME"/snort.stats pkt
cnt 10000|" /etc/nsm/"$SENSORNAME"/snort.conf | $LOGGER
    done

    [ "$ENGINE" = "snort" ] && /usr/local/bin/pulledpork_update.sh | $LOGGER

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 12:14

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120425" ]; then
        NEW="20120427"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-snort-config_20120427_i386.deb securityonion-snort_20120427-1_i386.deb securityonion-logo_20120427_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

    SENSORS=`grep -v "^#" /etc/nsm/sensortab |awk '{print $1}'`
    for SENSORNAME in $SENSORS; do
        echo "* Backing up /etc/nsm/$SENSORNAME/"   | $LOGGER
        cp -a /etc/nsm/"$SENSORNAME"/ .         | $LOGGER
        echo "* Copying new snort.conf to /etc/nsm/$SENSORNAME/"    | $LOGGER
        cp /etc/snort/snort.conf /etc/nsm/"$SENSORNAME"/    | $LOGGER
        sed -i "s|# preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000|preprocessor perfmonitor: time 300 file /nsm/sensor_data/"$SENSORNAME"/snort.stats pkt
cnt 10000|" /etc/nsm/"$SENSORNAME"/snort.conf | $LOGGER
    done

    [ "$ENGINE" = "snort" ] && /usr/local/bin/pulledpork_update.sh | $LOGGER

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 12:14

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Tested by:
Tested by:
Heine Lysemose
Tom De Vries
Eric Ooi

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 11:39

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

Tested by:
Tested by:
Heine Lysemose
Tom De Vries
Eric Ooi

Original comment by doug.bu...@gmail.com on 25 Apr 2012 at 11:39

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120427-now-available.
html

Original comment by doug.bu...@gmail.com on 26 Apr 2012 at 9:14

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120427-now-available.
html

Original comment by doug.bu...@gmail.com on 26 Apr 2012 at 9:14

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment