packages/net/snort3/files, branch master

snort3: run as regular user rather than as root

2025-10-17T19:31:54Z

Running as a dedicated user is better from both a security and an isolation perspective than running as root. Signed-off-by: John Audia

snort3: improve date filtering in report

2024-06-25T17:03:07Z

- Take advantage of bug fix in jsonfilter to get rid of array hack, should improve memory footprint quite a bit - Implement substring matching in dates so you can collect data for a specific day, hour or run bin reports for histograms - Report title now contains specified date range, footer percentages Signed-off-by: Eric Fahlgren

snort3: fix bug with unset variable

2024-04-27T10:28:14Z

- Parameter not set in two places: /usr/bin/snort-mgr: eval: line 125: options: parameter not set Reported-by: @klingon888 Signed-off-by: Eric Fahlgren

snort3: fix issue caused by ucode semantics change

2024-04-13T05:22:40Z

A recent change in the ucode interpeter caused a failure when using the 'in' operator. https://github.com/jow-/ucode/commit/be767ae197babd656d4f5d9c2d5013e39ddbe656 Reported in a forum post by @graysky2. https://forum.openwrt.org/t/194218/28 Signed-off-by: Eric Fahlgren

snort3: clean up ucode usage

2024-02-14T04:53:28Z

- Add missing 'ucode' package dependency - Proto-ify the ConfigItem objects - Fix indentation and tab usage Signed-off-by: Eric Fahlgren

snort3: improve script reliability

2024-02-07T22:01:11Z

- Enable missing variable checking by default - Explicitly check variables are defined in all 'rm' commands Signed-off-by: Eric Fahlgren

snort3: finish up several incomplete capabilities

2024-02-05T00:21:11Z

Reporting - Use json alert data for 10x speed improvement in report generation - Include both gid and sid, plus packet direction in report output - Add by-date incident filtering - Add verbose mode which displays actual rules triggered and their source - Attempt to look up host names from IPs in verbose mode - Clean up display of port number involved in incidents Rules - Complete downloader for subscription rules using oinkcode (only tested with snort.org's "free" tier subscription) - Auto-detect multiple rules files and include them in lua 'ips.rules' - Add '--backup' option to copy out current rules before installing new - Add '--persistent' option to 'snort-rules', storing in persistent location CLI interface - Completely rework command line option parsing in all user scripts - Allow options and commands to be in any order on command line - Add long-form names for all options ('--help' for '-h' and so on) - Detect errors properly in options, enhance help pages Bug fixes - Use 'mkdir -p' on all directory creation - Use proper tmp directory from 'snort.snort.temp_dir' everywhere Signed-off-by: Eric Fahlgren

snort3: add missing action-override option

2024-01-02T23:29:50Z

Allow use of rules as-defined, and don't override their actions. This is generally the best way to use the ruleset, and overriding their actions should only be undertaken when you fully understand how it affects their use. Signed-off-by: Eric Fahlgren

snort3: add missing config include and general cleanup

2023-12-16T14:08:49Z

- Delete legacy configuration files homenet.lua and local.lua - Add snort config 'include' to allow user customizations in the lua - Enhance 'check' to test generated nftables file - Suppress inclusion of rules file when doing silent config check - Suppress warnings on configuration check unless '-v'erbose - Replace text logging with json logging to reduce footprint and make reports easier - Fix some typos in the snort.uc template - Fix up some error messages suggesting solutions Signed-off-by: Eric Fahlgren

snort3: complete rework

2023-12-03T21:53:58Z

- Add many options to config file. - Move rules and generated snort.lua to /tmp. - Add script for downloading rules. - Add preliminary reporting capabilites. Signed-off-by: Eric Fahlgren