Pinkbyte/pinkbyte-overlay
1
Fork 0
Code Releases Activity

Merge branch 'snortsam'

Browse Source
This commit is contained in:
Sergey Popov 2012-06-16 17:00:59 +04:00
commit 66625ff297
3 changed files with 575 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net-analyzer/snortsam/Manifest Normal file
View File

@ -0,0 +1,4 @@
AUX snortsam-2.70-redirect.patch 22221 RMD160 b5b5016c5817fb2c227764c0fe50049c95334f76 SHA1 d53afb3154b17489c945cffd06ddc72a4b32f761 SHA256 706bc4524a5818c5b0248fea4fb912618aec186b087915ab53c3ea0ab848e3a8
DIST snortsam-2.50-ciscoacl.diff.bz2 7295 RMD160 91d36fecc3fcf14de5ed964928d69ef3cc167bae SHA1 c887162193df59bff2f3fb2fe0ae0aec253314ce SHA256 a4f39789e9f10b95e6db1bbce5f9d26f7393161311f5c955a4b8380186a2cb6b
DIST snortsam-src-2.70.tar.gz 1971624 RMD160 336b0c701754d0688e2ebc967cfdbb3f9bc2fe32 SHA1 9cc7f9aad927217fbda75de038d0489b8e5f3a9e SHA256 442040a7281a641008f6410b7f6528d709f17d5041fd3752011075f8a38d19bc
EBUILD snortsam-2.70-r9999.ebuild 1598 RMD160 9b1d28cb4ee1865c2f6f166903824f6fff91e08b SHA1 57f138c4d7868f7bea169e1f0317f657a784325a SHA256 bfafe9ab2046e19abcfcf8d8a676e5dd264e9f0f6fad277ec4ba5bfd47238759

513
net-analyzer/snortsam/files/snortsam-2.70-redirect.patch Normal file
View File

@ -0,0 +1,513 @@
diff -ur snortsam-2.7.0-orig/src/snortsam.c snortsam/src/snortsam.c
--- snortsam-2.7.0-orig/src/snortsam.c 2012-05-20 20:59:46.277029000 +0400
+++ snortsam/src/snortsam.c 2012-06-15 18:23:29.653032000 +0400
@@ -1971,7 +1971,7 @@
void block(SENSORLIST *snortbox,unsigned long bsip,unsigned short bsport,
unsigned long bdip,unsigned short bdport,
unsigned short bproto,time_t bduration,unsigned char bmode,
- time_t btime,unsigned long bsig_id)
+ time_t btime,unsigned long bsig_id,char packstat)
{ unsigned long peerip,blockip;
unsigned short blockport;
time_t t;
@@ -2022,6 +2022,8 @@
blockdata.blocktime=btime;
blockdata.sig_id=bsig_id;
blockdata.block=TRUE;
+ // Add type of block(simple block or redirect)
+ blockdata.type=packstat;
/* check for and get a blocktime limit out of the limit list based on the sensor*/
blockdata.duration=limit_duration_on_sensor(snortbox->snortip.s_addr,bduration);
@@ -2467,6 +2469,7 @@
printf("Debug: Received Packet: %s\n",packet.status==FWSAM_STATUS_CHECKIN?"CHECKIN":
packet.status==FWSAM_STATUS_CHECKOUT?"CHECKOUT":
packet.status==FWSAM_STATUS_BLOCK?"BLOCK":
+ packet.status==FWSAM_STATUS_REDIRECT?"REDIRECT":
packet.status==FWSAM_STATUS_UNBLOCK?"UNBLOCK":"**UNKNOWN**");
printf("Debug: Snort SeqNo: %x\n",packet.snortseqno[0]|(packet.snortseqno[1]<<8));
printf("Debug: Mgmt SeqNo : %x\n",packet.fwseqno[0]|(packet.fwseqno[1]<<8));
@@ -2512,11 +2515,12 @@
snortbox->toberemoved=TRUE; /* Mark sensor for removal from list. */
ret=FALSE;
}
- else if(packet.status==FWSAM_STATUS_BLOCK || packet.status==FWSAM_STATUS_UNBLOCK) /* if we received a blocking request */
+ else if(packet.status==FWSAM_STATUS_BLOCK || packet.status==FWSAM_STATUS_REDIRECT || packet.status==FWSAM_STATUS_UNBLOCK) /* if we received a blocking or redirecting request */
{ if((( (packet.fwseqno[0]|(packet.fwseqno[1]<<8)) ==snortbox->myseqno) && ( (packet.snortseqno[0]|(packet.snortseqno[1]<<8)) ==((snortbox->snortseqno+snortbox->myseqno)&0xffff) )) || disableseqnocheck)
{ packstat=packet.status;
#ifdef FWSAMDEBUG
- printf("Debug: %s request received...\n",packet.status==FWSAM_STATUS_BLOCK?"Blocking":"Unblocking");
+ printf("Debug: %s request received...\n",packet.status==FWSAM_STATUS_BLOCK?"Blocking":
+ packet.status==FWSAM_STATUS_REDIRECT?"Redirecting":"Unblocking");
#endif
bmode=packet.fwmode; /* save parameters from packet */
if(packet.endiancheck==1) /* Check if peer has the same endianess */
@@ -2604,9 +2608,9 @@
}
else
{
- if(packstat==FWSAM_STATUS_BLOCK)
+ if(packstat==FWSAM_STATUS_BLOCK || packstat==FWSAM_STATUS_REDIRECT)
{ /* call block, which performs checks */
- block(snortbox,bsip,bsport,bdip,bdport,bproto,bduration,bmode,mytime,bsig_id);
+ block(snortbox,bsip,bsport,bdip,bdport,bproto,bduration,bmode,mytime,bsig_id,packstat);
}
else
{
diff -ur snortsam-2.7.0-orig/src/snortsam.h snortsam/src/snortsam.h
--- snortsam-2.7.0-orig/src/snortsam.h 2012-05-20 20:59:46.278524000 +0400
+++ snortsam/src/snortsam.h 2012-06-15 18:30:41.524502000 +0400
@@ -242,6 +242,7 @@
#define FWSAM_STATUS_CHECKOUT 2
#define FWSAM_STATUS_BLOCK 3
#define FWSAM_STATUS_UNBLOCK 9
+#define FWSAM_STATUS_REDIRECT 10
#define FWSAM_STATUS_OK 4 /* fw to snort */
#define FWSAM_STATUS_ERROR 5
@@ -291,6 +292,7 @@
unsigned short proto; /* Protocol (if connection) */
unsigned short mode; /* Blocking mode (src, dst, connection) */
short block; /* block or unblock flag --- this flag is dynamically changed */
+ char type; /* Type of block - simple block or redirect. Taken from incoming packet status */
} BLOCKINFO;
typedef struct _oldblockinfo /* Block info structure */
@@ -495,7 +497,7 @@
void block(SENSORLIST *snortbox,unsigned long bsip,unsigned short bsport,
unsigned long bdip,unsigned short bdport,
unsigned short bproto,time_t bduration,unsigned char bmode,
- time_t btime,unsigned long bsig_id);
+ time_t btime,unsigned long bsig_id,char packstat);
void unblock(BLOCKINFO *bhp,char *comment,unsigned long reqip,int force);
void addtohistory(BLOCKHISTORY *,int);
void clearhistory(void);
diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
--- snortsam-2.7.0-orig/src/ssp_iptables.c 2012-05-20 20:59:46.275601000 +0400
+++ snortsam/src/ssp_iptables.c 2012-06-16 16:53:06.430453000 +0400
@@ -123,204 +123,227 @@
printf("Debug: [iptables][%lx] Plugin Blocking...\n",threadid);
#endif
- if(bd->block)
- { snprintf(msg,sizeof(msg)-1,"Info: Blocking ip %s", inettoa(bd->blockip));
- logmessage(3,msg,"iptables",0);
-
- switch(bd->mode&FWSAM_HOW)
- { case FWSAM_HOW_IN:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_OUT:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_INOUT:
- /* Assemble command - block src*/
- if ((snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
- "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_THIS:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- }
- }
- else
- {
- snprintf(msg,sizeof(msg)-1,"Info: UnBlocking ip %s", inettoa(bd->blockip));
- logmessage(1,msg,"iptables",0);
-switch(bd->mode&FWSAM_HOW)
- { case FWSAM_HOW_IN:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_OUT:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_INOUT:
- /* Assemble command - block src*/
- if ((snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
- "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_THIS:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- }
- }
-#ifdef FWSAMDEBUG
- printf("Debug: [iptables][%lx] command %s\n", threadid, iptcmd);
- printf("Debug: [iptables][%lx] command2 %s\n", threadid, iptcmd2);
-#endif
- /* Run the command */
- if (system(iptcmd) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd);
- logmessage(3,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd);
- logmessage(3,msg,"iptables",0);
- }
- if (system(iptcmd2) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd2);
- logmessage(1,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd2);
- logmessage(3,msg,"iptables",0);
- }
-
-/*inventiva-recorte*/
- if((bd->mode&FWSAM_HOW)==FWSAM_HOW_INOUT)
- {
- if (system(iptcmd1) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd1);
- logmessage(3,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd1);
- logmessage(3,msg,"iptables",0);
- }
- if (system(iptcmd4) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd4);
- logmessage(1,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd4);
- logmessage(3,msg,"iptables",0);
- }
- }
-
-
+ if(bd->block)
+ { snprintf(msg,sizeof(msg)-1,"Info: Blocking ip %s", inettoa(bd->blockip));
+ logmessage(3,msg,"iptables",0);
+
+ switch(bd->mode&FWSAM_HOW)
+ { case FWSAM_HOW_IN:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_OUT:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_INOUT:
+{
+ char* cmdstr_fwd;
+ char cmdstr_fwd_redirect[]="/sbin/iptables -t mangle -I PREROUTING -i %s -s %s -j MARK --set-mark 255";
+ char cmdstr_fwd_block[]="/sbin/iptables -I FORWARD -i %s -s %s -j DROP";
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ cmdstr_fwd=cmdstr_fwd_block;
+ else
+ cmdstr_fwd=cmdstr_fwd_redirect;
+ /* Assemble command - block src*/
+ if ((snprintf(iptcmd,sizeof(iptcmd)-1,
+ cmdstr_fwd,
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
+ "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
+ "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+}
+ break;
+ case FWSAM_HOW_THIS:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ }
+ }
+ else
+ {
+ snprintf(msg,sizeof(msg)-1,"Info: UnBlocking ip %s", inettoa(bd->blockip));
+ logmessage(1,msg,"iptables",0);
+
+switch(bd->mode&FWSAM_HOW)
+ { case FWSAM_HOW_IN:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_OUT:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_INOUT:
+{
+ char* cmdstr_fwd;
+ char cmdstr_fwd_unredirect[]="/sbin/iptables -t mangle -D PREROUTING -i %s -s %s -j MARK --set-mark 255";
+ char cmdstr_fwd_unblock[]="/sbin/iptables -D FORWARD -i %s -s %s -j DROP";
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ cmdstr_fwd=cmdstr_fwd_unblock;
+ else
+ cmdstr_fwd=cmdstr_fwd_unredirect;
+ /* Assemble command - block src*/
+ if ((snprintf(iptcmd,sizeof(iptcmd)-1,
+ cmdstr_fwd,
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
+ "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
+ "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+}
+ break;
+ case FWSAM_HOW_THIS:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ }
+ }
+#ifdef FWSAMDEBUG
+ printf("Debug: [iptables][%lx] command %s\n", threadid, iptcmd);
+ printf("Debug: [iptables][%lx] command2 %s\n", threadid, iptcmd2);
+#endif
+ /* Run the command */
+ if (system(iptcmd) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd);
+ logmessage(3,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd);
+ logmessage(3,msg,"iptables",0);
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if (system(iptcmd2) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd2);
+ logmessage(3,msg,"iptables",0);
+ }
+
+/*inventiva-recorte*/
+ if((bd->mode&FWSAM_HOW)==FWSAM_HOW_INOUT)
+ {
+ if (system(iptcmd1) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd1);
+ logmessage(3,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd1);
+ logmessage(3,msg,"iptables",0);
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if (system(iptcmd4) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd4);
+ logmessage(1,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd4);
+ logmessage(3,msg,"iptables",0);
+ }
+ }
+
+
#ifdef SAVETABLES
/* Save command */
if (system(savecmd) != 0) {

58
net-analyzer/snortsam/snortsam-2.70-r9999.ebuild Normal file
View File

@ -0,0 +1,58 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snortsam/snortsam-2.70.ebuild,v 1.3 2011/11/18 05:09:16 jer Exp $
EAPI="4"
inherit eutils toolchain-funcs
MY_P="${PN}-src-${PV}"
DESCRIPTION="Snort plugin that allows automated blocking of IP addresses on several firewalls"
HOMEPAGE="http://www.snortsam.net/"
SRC_URI="http://www.snortsam.net/files/snortsam/${MY_P}.tar.gz
mirror://gentoo/${PN}-2.50-ciscoacl.diff.bz2"
LICENSE="as-is"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="debug"
S=${WORKDIR}/${PN}
src_prepare() {
sed -i makesnortsam.sh \
-e "s:sbin/functions.sh:etc/init.d/functions.sh:" \
-e "s:-O2 : ${CFLAGS} :" \
-e "s:gcc :$(tc-getCC) :" \
-e "/^LDFLAGS=/d" \
-e "s:\( -o ../snortsam\): ${LDFLAGS}\1:" \
-e "s:\${SSP_LINUX_SRC} -o \${SNORTSAM}:& \${LINUX_LDFLAGS}:" \
|| die "sed failed"
find "${S}" -depth -type d -name CVS -exec rm -rf \{\} \;
}
src_compile() {
# Pinkbyte: patch for traffic redirection support
epatch "${FILESDIR}/${P}-redirect.patch"
#
sh makesnortsam.sh || die "makesnortsam.sh failed"
}
src_install() {
if use debug; then
newbin snortsam-debug snortsam
else
dobin snortsam
fi
find "${S}" -depth -type f -name "*.asc" -exec rm -f {} \;
dodoc -r docs/ conf/
}
pkg_postinst() {
elog
elog "To use snortsam with snort, you'll have to compile snort with USE=snortsam."
elog "Read the INSTALL file to configure snort for snortsam, and configure"
elog "snortsam for your particular firewall."
elog
}