# SHORT DESC: Intrusion Detection System # LONG DESC: Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system. # COMPILE REQUIREMENT: postgresql # COMPILE REQUIREMENT: libdnet patch -p1 << \__EOF__ || exit 1 --- snort-2.8.3.2/src/output-plugins/spo_database.c 2008-12-30 10:44:16.000000000 -0500 +++ snort-2.8.3.2-patched/src/output-plugins/spo_database.c 2009-04-09 10:00:05.278793914 -0400 @@ -303,6 +303,7 @@ int Insert(char *, DatabaseData *); int Select(char *, DatabaseData *); void Connect(DatabaseData *); +void Disconnect(DatabaseData *); void DatabasePrintUsage(); void FreeSharedDataList(); @@ -563,17 +564,6 @@ Connect(data); - /* get password out of memory since we only need it for Connect */ - if (data->password != NULL) - { - /* it'll be null terminated */ - while (*data->password != '\0') - { - *data->password = '\0'; - data->password++; - } - } - data->shared->sid = Select(select_sensor_id,data); if(data->shared->sid == 0) { @@ -2552,6 +2542,11 @@ ErrorMessage("database: postgresql_error: %s\n", PQerrorMessage(data->p_connection)); } + ErrorMessage("Disconnecting from database [INSERT]."); + Disconnect(data); + + ErrorMessage("Reconnecting to database [INSERT]."); + Connect(data); } PQclear(data->p_result); } @@ -2756,6 +2751,11 @@ ErrorMessage("database: postgresql_error: %s\n", PQerrorMessage(data->p_connection)); } + ErrorMessage("Disconnecting from database [SELECT]."); + Disconnect(data); + + ErrorMessage("Reconnecting to database [SELECT]."); + Connect(data); } PQclear(data->p_result); } @@ -2928,7 +2928,8 @@ if(PQstatus(data->p_connection) == CONNECTION_BAD) { PQfinish(data->p_connection); - FatalError("database: Connection to database '%s' failed\n", data->shared->dbname); + ErrorMessage("database: Connection to database '%s' failed\n", data->shared->dbname); + data->p_connection = NULL; } } #endif __EOF__ ( ./configure --prefix=/usr --libdir="${libdir}" --sysconfdir=/etc --localstatedir=/var --enable-prelude --enable-ipv6 --enable-flexresp2 --with-postgresql --with-mysql && \ make && \ make install || exit 1 ) || ( make distclean ./configure --prefix=/usr --libdir="${libdir}" --sysconfdir=/etc --localstatedir=/var --enable-ipv6 --enable-flexresp2 --with-postgresql --with-mysql && \ make && \ make install || exit 1 ) || exit 1 |