Bug 10255

Summary: Snort and daq update
Product: IPFire Reporter: Erik Kapfer <ummeegge>
Component: ---Assignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: Major Usability    
Priority: - Unknown - CC: arne.fitzenreiter, michael.tremer, stefan.schantl
Version: 2   
Hardware: all   
OS: Linux   
Attachments: Patch for the Snort configuration file
Snort rootfile patch
Snort lfs patch
daq rootfile patch
Snort lfs patch

Description Erik Kapfer 2012-10-29 16:07:12 UTC
Created attachment 89 [details]
Patch for the Snort configuration file

Hi all,
i have updated Snort to 2.9.3.1 and daq to 1.1.1 . Snort´s configuration file was also extend with the new version so i have updated the snort.conf. Explanations for the new GTP decoder and preprocessors can be found in here --> http://blog.snort.org/2012/01/gtp-decoder-and-preprocessor.html .
Also i have extend "portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]" cause it was mentioned in the forum that some functions of Snort only works with this additionals. There are a couple of other things, i have added the patches for them in the attachment.

I have tested it also for a little while now and it works for me with, also with the new rulesets and the new configuration file. But nevertheless a deeper testing round should be done.

I have heard that the comming new ruleset won´t be compatible with the old 2.9.1.2 version. So that´s why i have give this Bug a "higher priority" .

Greetings 

Erik
Comment 1 Erik Kapfer 2012-10-29 16:08:43 UTC
Created attachment 90 [details]
Snort rootfile patch
Comment 2 Erik Kapfer 2012-10-29 16:09:13 UTC
Created attachment 91 [details]
Snort lfs patch
Comment 3 Erik Kapfer 2012-10-29 16:09:33 UTC
Created attachment 92 [details]
daq rootfile patch
Comment 4 Erik Kapfer 2012-10-29 16:09:51 UTC
Created attachment 93 [details]
Snort lfs patch
Comment 5 Erik Kapfer 2012-10-30 10:37:46 UTC
For potential testers, i have uploaded an image from Core62 with the updated version of daq and snort with the new config file.

---> http://people.ipfire.org/~ummeegge/ipfire-2.11.i586-full-core62.iso

Greetings 

Erik
Comment 6 Erik Kapfer 2012-11-01 17:08:33 UTC
I have commit now the update from Snort and daq. 
http://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=shortlog;h=refs/heads/snort-update
http://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=shortlog;h=refs/heads/daq-update

Please go for testing cause there are also some changes on the Snort config file and also some new rules available.

Greetings Erik
Comment 7 Erik Kapfer 2012-11-01 17:09:34 UTC
An .iso Image with the updated version can also be found in here --> http://people.ipfire.org/~ummeegge/IPFire-SnortUpdate/
Comment 8 Stefan Schantl 2012-12-08 22:45:56 UTC
Changes have been applied and released with IPFire Core Update 64.