This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
Help me #261
Open
Help me #261
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumped revision to 313 Fix: Enable compilation without error with --enable-ipv6 Fix to spo_syslog_full Fix: operation_mode parsing (strcasecmp return value) Fix: defined values (literals instead of 0 and 1) for clarity. Fix: in complete mode used a } instead of a ] at one place in a output literal. Fix: Check for input data in spo_database.c where revision is 0, we do not log and we print messages Modified: Replaced WARNING database by INFO database so people are less alarmed when those pop-up.
Bumped: revision to 315
Fix: enable alert-on-each-packet-in-stream by default, to disable use
--disable-alert-on-each-packet-in-stream or use
config disable_alert_on_each_packet_in_stream
Fix: spo_database.c:
Was never resolved shared object (SO_RULE) signature message.
Fix: Call to GetSigByGidSid now use event revision and generate correct
Snort Alert [gid:sid:rev] messages.
Fix: spo_syslog_full
i) operation_mode complete display ip in doted notation instead
of host alligned integers for alert_ and log_
ii) Signature will also by default be prefixed with
[gid:sid:rev] block
iii) missing break statement that was causing the output plugin to
output ALERT AND LOG in complete mode.
…mmand and sumbmission protocols.
The barnyard2 repo sources exclude all of the files which result from the run of autogen.sh which is necessary before compilation. As a result, 'git status' is cluttered with automatically generated files. The included .gitgnore file lets git ignore all those intermediates. Signed-off-by: Thorsten Fischer <[email protected]>
…the event data if a packet does not exist for the event
This patch adds a check to the unlink() call made in util.c, which is not currently done. If the return value isn't zero, an error in unlinking or removing the file has occurred. This new code adds the proper check, though I don't know if you want to add a different return value in case unlink() fails.
…on into the structure created for it.
…et at startup. This should allow multiple sockets to be used at the same time. This also checks the socket name, whereas previously incorrect filenames were simply ignored.
…e they came from.
acknowledge receipt. This means in sync mode it requires a SOCK_SEQPACKET type socket instead of plain SOCK_DGRAM. It also complains about failures during sending.
This modification can allow to detect a dead VPN tunnel
(Requested fix)
Fix: configure directive disable_alert_on_each_packet_in_stream, will
work properly.
Add: Added call to PQPing in dbConnectionStatusPOSTGRESQL().
… exhaustion on connection problems
Fix: Call to memcmp in signature_reference code.
sguil: fix recursive calling of SguilSensorAgentInit
Test for PQping by attempting to link it.
Fix: Call to memcmp in signature_reference code.
when the decoded IP header is supposed to have a TCP/UDP packet but
the decoded packet does not contain such information.
A pointer validation check has been added and behavior has been
changed for ICMP handling which was already considering this case but
would lead to a processing fault. (DB_DEBUG information messages
where also added).
Bumped: Build to 319
…as it's a 'uint32_t'.
support hex(default),base64,ascii Bumped: Build to 320
Fix: Possible segfault in spo_database
Line 1033 tests IPH_IS_VALID(p), i.e. p != NULL. When this fails, execution jumps to line 1073. Then on lines 1077 and 1093: if(protocol_names[GET_IPH_PROTO(p)]) GET_IPH_PROTO(p) attempts to dereference p->iph: p->iph->ip_proto However, it is possible that execution jumped here because p->iph was NULL, so we need to test p->iph first.
…compilation. partially fixes #108.
with the help of Jim Hranicky
…rocessing in decode().
Changes to allow prelude alerts to log not only with snort
Miller ) Bumped: Revision to 337
spo_syslog_full.c: -- Add missing return after unsupported event type in OpSyslog_Log()
This actually needs some love and to made dependant on the overall project version. e.g. transform into a .in file.
…he following errors. configure:11938: gcc -c -O2 -g -pipe -Wall =format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables conftest.c >&5 gcc: error: =format-security: No such file or directory
spo_syslog_full bugfix
Some fixes to be able to create an RPM off the current head.
mariadb fix for ref_system_id
Fix: Syslog Facility and Priority for remote messages. (thanks to Mike
SSL Cipher not being populated from configuration
Add a way to set Prelude Analyzer name, model and manufacturer.
Missing dnet-devel dependency
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
make all-recursive
make[1]: Entering directory '/root/barnyard2-2-1.13'
Making all in src
make[2]: Entering directory '/root/barnyard2-2-1.13/src'
Making all in sfutil
make[3]: Entering directory '/root/barnyard2-2-1.13/src/sfutil'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/root/barnyard2-2-1.13/src/sfutil'
Making all in output-plugins
make[3]: Entering directory '/root/barnyard2-2-1.13/src/output-plugins'
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -Wall -c -o spo_database.o spo_database.c
In file included from spo_database.c:103:
../output-plugins/spo_database.h:112:1: error: expected identifier or ‘(’ before ‘--’ token
--- spo_database.h.orig
^~
../output-plugins/spo_database.h:114:1: error: stray ‘@’ in program
@@ -357,7 +357,7 @@
^
../output-plugins/spo_database.h:114:2: error: stray ‘@’ in program
@@ -357,7 +357,7 @@
^
../output-plugins/spo_database.h:114:18: error: stray ‘@’ in program
@@ -357,7 +357,7 @@
^
../output-plugins/spo_database.h:114:19: error: stray ‘@’ in program
@@ -357,7 +357,7 @@
^
../output-plugins/spo_database.h:118:1: error: expected identifier or ‘(’ before ‘-’ token
^
../output-plugins/spo_database.h:119:1: error: expected identifier or ‘(’ before ‘+’ token
^
../output-plugins/spo_database.h:368:5: error: unknown type name ‘my_bool’
my_bool mysql_reconnect; / We will handle it via the api. /
^~~~~~~
../output-plugins/spo_database.h:631:2: error: #endif without #if
#endif / SPO_DATABASE_H */
^~~~~
make[3]: *** [Makefile:390: spo_database.o] Error 1
make[3]: Leaving directory '/root/barnyard2-2-1.13/src/output-plugins'
make[2]: *** [Makefile:496: all-recursive] Error 1
make[2]: Leaving directory '/root/barnyard2-2-1.13/src'
make[1]: *** [Makefile:411: all-recursive] Error 1
make[1]: Leaving directory '/root/barnyard2-2-1.13'
make: *** [Makefile:343: all] Error 2
help me I use libcap1.8
mysqld-commity
mysql-commyti-devel