Subject: pkg/21540: security/snortsnarf update
To: None <gnats-bugs@gnats.netbsd.org>
From: None <hiramatu@boreas.dti.ne.jp>
List: netbsd-bugs
Date: 05/11/2003 22:01:10
>Number: 21540
>Category: pkg
>Synopsis: security/snortsnarf update
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun May 11 21:52:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Hiramatsu Yoshifumi
>Release: NetBSD 1.6S
>Organization:
>Environment:
System: NetBSD orinoco.my.domain 1.6S NetBSD 1.6S (Orinoco) #0: Fri May 9 22:59:00 JST 2003 hiramatsu@orinoco.my.domain:/sys/arch/i386/compile/Orinoco i386
Architecture: i386
Machine: i386
>Description:
This patch updates security/snortsnarf to 20021111.1 version.
Changes from previous version(20020516.1)
+ alerts with original packet included now have both sets of ports and
first set of IPs as links
+ added -obfuscateip option to change the IP addresses in alerts to randomly
(but consistently) chosen alternates (not presently available for database
input)
+ Updated parsing for Snort 1.9.0 full alert files
+ new-style Spade reports now processed (Spade version 021008.1 and on)
+ spp_portscan2 log files now processed (these entries are displayed
somewhat prettified)
+ updated linking to ICMP log files; this involved updates for new ICMP
header format in Snort 1.9.0
+ more robust recognition of non-packet alerts in different formats(these
get ignored)
+ clarified warning about unknown ICMP type text and added repeat warning
suppression (you'll now only get a warning about a particular string
twice)
+ SnortSnarf will now ignore lines beginning with '#' between alerts, so
you can use that to begin a comment
>How-To-Repeat:
>Fix:
diff -buNr snortsnarf.orig/Makefile snortsnarf/Makefile
--- snortsnarf.orig/Makefile 2003-05-11 11:23:41.000000000 +0900
+++ snortsnarf/Makefile 2003-05-11 11:23:48.000000000 +0900
@@ -1,8 +1,8 @@
# $NetBSD: Makefile,v 1.3 2002/12/14 03:43:20 schmonz Exp $
#
-DISTNAME= SnortSnarf-020516.1
-PKGNAME= snortsnarf-20020516.1
+DISTNAME= SnortSnarf-021111.1
+PKGNAME= snortsnarf-20021111.1
CATEGORIES= security net
MASTER_SITES= http://www.silicondefense.com/software/snortsnarf/
@@ -33,7 +33,8 @@
AllMods.pm BasicFilters.pm KnownEquiv.pm SnortFileInput.pm \
HTMLAnomMemStorage.pm Input.pm SorterBase.pm Sort.pm \
StorageBase.pm MemAlert.pm BasicSorters.pm Filter.pm \
- SnortRules.pm MemStorage.pm SnortDBInput.pm TimeFilters.pm
+ SnortRules.pm MemStorage.pm SnortDBInput.pm TimeFilters.pm \
+ HTMLOutput+other.pm IPObfuscater.pm
${INSTALL_DATA} ${WRKSRC}/include/SnortSnarf/${f} \
${PREFIX}/share/snortsnarf/SnortSnarf
.endfor
diff -buNr snortsnarf.orig/PLIST snortsnarf/PLIST
--- snortsnarf.orig/PLIST 2003-05-11 11:23:41.000000000 +0900
+++ snortsnarf/PLIST 2003-05-11 11:23:48.000000000 +0900
@@ -11,7 +11,9 @@
share/snortsnarf/SnortSnarf/Filtering.pm
share/snortsnarf/SnortSnarf/HTMLAnomMemStorage.pm
share/snortsnarf/SnortSnarf/HTMLMemStorage.pm
+share/snortsnarf/SnortSnarf/HTMLOutput+other.pm
share/snortsnarf/SnortSnarf/HTMLOutput.pm
+share/snortsnarf/SnortSnarf/IPObfuscater.pm
share/snortsnarf/SnortSnarf/Input.pm
share/snortsnarf/SnortSnarf/KnownEquiv.pm
share/snortsnarf/SnortSnarf/MemAlert.pm
diff -buNr snortsnarf.orig/distinfo snortsnarf/distinfo
--- snortsnarf.orig/distinfo 2003-05-11 11:23:41.000000000 +0900
+++ snortsnarf/distinfo 2003-05-11 11:23:48.000000000 +0900
@@ -1,5 +1,5 @@
$NetBSD: distinfo,v 1.2 2002/08/11 00:50:36 fredb Exp $
-SHA1 (SnortSnarf-020516.1.tar.gz) = 01b4aebabea68dee5973e0d3fa20bfb73afa4b3f
-Size (SnortSnarf-020516.1.tar.gz) = 146806 bytes
-SHA1 (patch-aa) = b99cf1b838b2173f1bc17954e1acb51e37ba8682
+SHA1 (SnortSnarf-021111.1.tar.gz) = f06ce45095b9bcdc0e49033f8180a29141978f43
+Size (SnortSnarf-021111.1.tar.gz) = 143623 bytes
+SHA1 (patch-aa) = 4d03479074abd949d0e5b97607aaa9cb87b07da0
diff -buNr snortsnarf.orig/patches/patch-aa snortsnarf/patches/patch-aa
--- snortsnarf.orig/patches/patch-aa 2003-05-11 11:23:41.000000000 +0900
+++ snortsnarf/patches/patch-aa 2003-05-11 11:23:48.000000000 +0900
@@ -1,13 +1,13 @@
$NetBSD$
---- snortsnarf.pl.orig Fri May 17 09:00:56 2002
+--- snortsnarf.pl.orig 2002-11-12 10:11:36.000000000 +0900
+++ snortsnarf.pl
@@ -77,3 +77,3 @@
-use lib qw(./include);
+use lib qw(@PREFIX@/share/snortsnarf/);
use Cwd;
-@@ -455,2 +455,3 @@ OPTION is one of the following:
+@@ -459,2 +459,3 @@ OPTION is one of the following:
>>
-}
\ No newline at end of file
>Release-Note:
>Audit-Trail:
>Unformatted: