Changeset 1563
- Timestamp:
- 02/22/08 09:02:17 (6 months ago)
- Files:
-
- nebula/trunk/src/classify.c (modified) (1 diff)
- nebula/trunk/src/nebula.c (modified) (6 diffs)
- nebula/trunk/src/session.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nebula/trunk/src/classify.c
r1562 r1563 198 198 199 199 // check for signature generation criteria here 200 if ((((hash*)t->data)->cl) && ((hash*)t->data)->cl->cnt > 2) {200 if ((((hash*)t->data)->cl) && ((hash*)t->data)->cl->cnt > 5) { 201 201 printf("[=] cluster hit size threshold, generating signature.\n"); 202 202 if (pthread_create(&ntid, NULL, pt_siggen, (void *) ((hash*)t->data)->cl)) { nebula/trunk/src/nebula.c
r1562 r1563 60 60 "\t\t -c <similarity> cluster criteria (a similarity measure in percent)\n" 61 61 "\t\t -d\t\t daemonize\n" 62 "\t\t -h\t\t this help\n" 62 63 "\t\t -E <size>\t cluster element queue size\n" 63 "\t\t - h <snort pid>\t send a SIGHUP to this process ID after a new rule was generated\n"64 "\t\t -i <sid>\t initial snort signature ID\n" 64 65 "\t\t -O <size>\t outlier queue size\n" 65 66 "\t\t -p <port>\t listen on this port\n" 67 "\t\t -r <snort pid>\t send a SIGHUP to this process ID after a new rule was generated\n" 66 68 "\t\t -s <secret>\t secret string for use in submissions\n" 67 69 "\t\t -v\t\t be verbose\n" … … 121 123 122 124 // process args 123 while((option = getopt(argc, argv, "a:c:C:dE:h :O:p:s:v?")) > 0) {125 while((option = getopt(argc, argv, "a:c:C:dE:hi:O:p:r:s:v?")) > 0) { 124 126 switch(option) { 125 127 case 'a': … … 150 152 } 151 153 break; 152 case ' h':153 snort_pid = atoi(optarg);154 if (! snort_pid) {155 fprintf(stderr, "Error - Invalid processID.\n");154 case 'i': 155 global_sid = strtoul(optarg, NULL, 10); 156 if (!global_sid) { 157 fprintf(stderr, "Error - Invalid initial snort signature ID.\n"); 156 158 exit(EXIT_FAILURE); 157 159 } … … 171 173 } 172 174 break; 175 case 'r': 176 snort_pid = atoi(optarg); 177 if (!snort_pid) { 178 fprintf(stderr, "Error - Invalid process ID.\n"); 179 exit(EXIT_FAILURE); 180 } 181 break; 173 182 case 's': 174 183 secret = optarg; … … 177 186 verbose++; 178 187 break; 188 case 'h': 179 189 case '?': 180 190 usage(argv[0], EXIT_SUCCESS); … … 195 205 196 206 if (!secret) { 197 printf(" Warning - No submission secret given.\n");198 } else if (verbose) printf(" Submission secret: %s\n", secret);207 printf(" Warning - No submission secret given.\n"); 208 } else if (verbose) printf(" Submission secret: %s\n", secret); 199 209 200 210 if (snort_pid && !rules_file) { 201 printf(" Warning - Snort will not be notified about updated rules: No rule filename given.\n");211 printf(" Warning - Snort will not be notified about updated rules: No rule filename given.\n"); 202 212 } else if (!snort_pid && rules_file) { 203 printf(" Warning - Snort will not be notified about updated rules: No pid given.\n");213 printf(" Warning - Snort will not be notified about updated rules: No pid given.\n"); 204 214 } else if (verbose) { 205 printf("Notifying snort about rule file updates in %s.\n", rules_file); 206 } 215 printf(" Notifying snort about rule file updates in %s.\n", rules_file); 216 } 217 218 if (verbose) printf(" Initial snort signature ID: %u\n\n", global_sid); 207 219 208 220 nebula/trunk/src/session.c
r1562 r1563 150 150 return(-1); 151 151 } 152 if (s->protocol == 6) 153 printf("[x] rejected known attack (%lu bytes from port %u/tcp)\n", s->attack_len, s->port); 154 else if (s->protocol == 17) 155 printf("[x] rejected known attack (%lu bytes from port %u/udp)\n", s->attack_len, s->port); 152 printf("[x] rejected known attack\n"); 156 153 157 154 session_reset(s, pfd);
