Snort version updates

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

Snort version updates

breda
Hi working with LEDE OpenWrt  developer  on getting The Shield's updated to latest snort version I have limit technical skills in this area and want to find out how can I backup my shield to send  developer a complete copy of all the files  or only certain directories that  snort runs?  the developer will not have physical possession of the device   any of the experienced users can you please get back to me appreciate that also if you have any other update requeste you like to see i could forward that to the developers awell

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
There is some of the question the developer has

1- What are you planning to update
- Snort rules
- Snort service?
- Whole firmware

2- Do you have SSH access to the box?

3- Do you have serial access to the box?

4- How many devices do you have?

5- Do you have a firmware backup?


I was going to share it with everyone   user8446 has been kind to assist me and has agreed to do testing on the update once it develop and I'll be happy to share it with everyone else thats want to do testing  stability to make it work i,m out of my league and appreciate all the help
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

Roadrunnere42
Great work breda in getting  a developer  from the LEDE Openwrt to help with snort.

The easiest way in getting the file is by using the windows programs winscp (also works in via wine on a linux computer) and just copying the files from the Shield to a folder on your computer.

Some of the question the developer has

1- What are you planning to update
- Snort rules
 Snort rules are updated daily automatically 

- Snort service?
 needs updating to latest version

- Whole firmware
Could be a tricky one as not sure how Itus Network forked from the main Openwrt source code

2- Do you have SSH access to the box?
Access is via dropbear

3- Do you have serial access to the box?
 Via USB RJ45 serial cable

4- How many devices do you have?

5- Do you have a firmware backup?

I have two devices and will be willing to test any updates out on one of these devices, I think the first port of call would be to get  snort updated, as the many program of IDS.I did try updating snort from the openwrt web site but just stopped the shield working, so just done a reset and gave up as. Think it was because the config files are in different places on the shield

Any question or help just ask.

Roadrunnere42



Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
Thanks, Roadrunnere42 trying to copy all the files via winscp but getting this error

 


Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
 some more questions from  the developer

Thanks for taking the time to answer all my questions. As I can see you have some spare boards to tests, with both, ssh and serial, that is really good!

So, if I understand you correctly you have Snort 2.9.7.2 and you would like to run a newer version, probably Snort 2.9.9.0? Or which version?

As far as I know/check Snort 2.9.7.2 is the latest version supported by OpenWRT, so you would like to cross compile the new version for your board and install it. Is this correct?
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

user8446
Administrator
Hi Breda,

All of the files on our box are here: https://github.com/ItusShield/Shield-Master
Please share w/ your contact. As for your personal backup of your box, have you done this fix from user @Gnomad ? It fixes System>Backup Config where you can put in anything you want to backup and restore anytime. Let us know if you need help.
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
  Hi, user8446 thanks for the help


the developer sent me some questions if you can please let me know


So, if I understand you correctly you have Snort 2.9.7.2 and you would like to run a newer version, probably Snort 2.9.9.0? Or which version?


https://wiki.openwrt.org/doc/howto/snort


As far as I know/check Snort 2.9.7.2 is the latest version supported by OpenWRT, so you would like to cross compile the new version for your board and install it. Is this correct?


Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

Roadrunnere42
Hi

 Cross compiling  snort 2.9.9.0  for the Shield and allowing to install would be great.

Roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

Roadrunnere42
Heres the version and some details you may find useful  (for the developer)

opkg info snort
Package: snort
Version: 2.9.7.2-1
Depends: libc, librt, libpthread, libdaq, libdnet, libopenssl, libpcap, libpcre, libuuid, zlib
Status: install user installed
Architecture: cn70xx
Conffiles:
 /etc/config/snort 1f4e6b5ff28e9c5e0acd788dc04b220429


Roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
Hi, Roadrunnere42 thanks, I will email him back can you confirm the files on https://github.com/ItusShield  are up to date I going to send him link and wanted to make sure all firmware bugfix and any update are all there
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
Hi, Roadrunnere42 got this email from the developer

We could check this from the snort site or the rpm for i386.
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
Hi, here new email (form the developer)


Please correct me if I'm wrong but you told me that you have already done some tests with the new version. Isn't it?
Have you check the dependencies and their version?
We could check this from the snort site or the rpm for i386
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

Roadrunnere42
Hi
all i did was try and install snort and failed, i have done no testing on snort.

Roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
HI, the developer said since snort 2.9.9.0 it not version is not yet supported by OpenWrt, so you will need to check any issue if we update to 2.9.9.0   with the project maintainer, and the project mail list. This or any other issue can arise, of course.

Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
Hi, still waiting for the developer  to get back to me
Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
Hi, [email protected]  user8446 Here is what one of the developers said I'm checking with few different one's developers


Ok, so here is what I will provide:

The patches/Makefile for the updated snort

The opkg which you should be able to install directly

The build artefacts (which includes the binaries)

Obviously I won't be able to test this, and I'm not familiar with snort myself, so any configuration items, etc etc are out of scope, and there's no documentation as such.  


Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
This post was updated on .
In reply to this post by Roadrunnere42
Hi, Roadrunnere42 just got to the file from the developer please email me  he said we must do testing to make sure it works with Shield



Reply | Threaded
Open this post in threaded view
|

Re: Snort version updates

breda
In reply to this post by Roadrunnere42
Hi, installed the update but seeing a lot  of errors


Sat Jun 17 10:31:00 2017 cron.info crond[3182]:  line sh /sbin/fw_upgrade
Sat Jun 17 10:31:00 2017 cron.info crond[3182]:  line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart
Sat Jun 17 10:31:04 2017 daemon.err uhttpd[13908]: cat: can't open '/.do_date': No such file or directory
Sat Jun 17 10:31:04 2017 daemon.err uhttpd[13908]: ls: /etc/snort/rules/snort.rules: No such file or directory
Sat Jun 17 10:31:11 2017 daemon.err uhttpd[13908]: ls: /etc/snort/rules/snort.rules: No such file or directory
Sat Jun 17 10:31:11 2017 daemon.err uhttpd[13908]: cat: can't open '/.do_date': No such file or directory
Sat Jun 17 10:31:11 2017 daemon.info dnsmasq[13979]: query[A] yourhost.example.com from 127.0.0.1
Sat Jun 17 10:31:11 2017 daemon.info dnsmasq[13979]: cached yourhost.example.com is NXDOMAIN
Sat Jun 17 10:31:11 2017 daemon.info dnsmasq[13979]: query[AAAA] yourhost.example.com from 127.0.0.1
Sat Jun 17 10:31:11 2017 daemon.info dnsmasq[13979]: cached yourhost.example.com is NXDOMAIN