Home
News
Documentation
Download
Examples
Mail List



Latest available versions
SnortSam 2 v. 2.55 03-29-06
samtool v. 1.7 03-29-06


SnortSam (the agent) can be obtained via HTTP (by clicking the links) or FTP. You can also get the source code from FTP or from the CVS Repository (see below).
In addition, a patch file is available to simplify the addition of the SnortSam plugin into Snort.

Browse all files at http://www.snortsam.net/files/



Pre-patched Snort&trade source and Patches are now available for Snort 2.8.0, Snort 2.7.0.1 and Snort 2.6.1.5. These are available in the respective folders via http. See http://www.snortsam.net/files/.


Compiled Executables:

File SnortSam 2.55
MSVCRT.DLL, now required by the OPSEC library. Windows
MSVCRTD.DLL (for the Debug version). Windows
The documentation of SnortSam (cheap link to Docs page). (all)
Sample snortsam.conf file. (all)
Dontblock's for root servers. Useful for inclusion into your snortsam config file (prevents root servers from being blocked). (all)
Sample OPSEC conf file. (for fwsam and opsec methods)
Command line block/unblock tool. Windows (1.7), Solaris (1.7), Linux (1.7), FreeBSD 6.x (1.7)

Other versions not be listed here may be available via HtTP. This includes the binaries for the old 2.2, 2.1, 2.0, 1.9 and 1.8 versions. Please check the SnortSam Files


Source Code of current version 2.55:  snortsam-src-2.55.tar.gz

File Description
snortsam.c The source of SnortSam.
snortsam.h The header file of SnortSam.
plugins.h The plug-in header file of SnortSam.
ssp_opsec.c The source of the OPSEC plug-in.
ssp_opsec.h The header file of the OPSEC plug-in.
ssp_pix.c The source of the PIX plug-in.
ssp_pix.h The header file of the PIX plug-in.
ssp_ciscoacl.c The source of the Cisco ACL plug-in.
ssp_ciscoacl.h The header file of the Cisco ACL plug-in.
ssp_cisco_nullroute.c The source of the Cisco Null-Route plug-in.
ssp_cisco_nullroute.h The header file of the Cisco Null-Route plug-in.
ssp_email.c The source of the Email Notification plug-in.
ssp_email.h The header file of the Email Notification plug-in.
ssp_netscreen.c The source of the NetSreenplug-in.
ssp_netscreen.h The header file of the NetScreen plug-in.
ssp_ipf.c The source of the IPFilter plug-in.
ssp_ipf.h The header file of the IPFilter plug-in.
ssp_ipfw2.c The source of the ipfw2 plug-in.
ssp_ipfw2.h The header file of the ipfw2 plug-in.
ssp_pf.c The source of the Packet Filter plug-in.
ssp_pf.h The header file of the Packet Filter plug-in.
ssp_ipchains.c The source of the IPchains plug-in.
ssp_ipchains.h The header file of the IPchains plug-in.
ssp_iptables.c The source of the IPtables plug-in.
ssp_iptables.h The header file of the IPtables plug-in.
ssp_ebtables.c The source of the EBtables plug-in.
ssp_ebtables.h The header file of the EBtables plug-in.
ssp_wgrd.c The source of the WatchGuard plug-in.
ssp_wgrd.h The header file of the WatchGuard plug-in.
ssp_fwexec.c The source of the fwexec plug-in.
ssp_fwexec.h The header file of the fwexec plug-in.
ssp_fwsam.c The source of the fwsam plug-in (used to be in snortsam.c).
ssp_fwsam.h The header file of the fwsam plug-in.
ssp_8signs.c The source of the 8signs plug-in.
ssp_8signs.h The header file of the 8signs plug-in.
ssp_isa.cpp The source of the older ISA Server plug-in.
ssp_isa.h The header file of the older ISA Server plug-in.
ssp_isa2004.cpp The source of the ISA Server 2004 plug-in.
ssp_isa2004.h The header file of the ISA Server 2004 plug-in.
ssp_chxi.c The source of the CHX-I plug-in.
ssp_chxi.h The header file of the CHX-I plug-in.
ssp_snmp_interface_down.c The source of the SNMP Interface-Down plug-in.
ssp_snmp_interface_down.h The header file of the SNMP Interface-Down plug-in.
ssp_forward.c The source of the Forward plug-in.
ssp_forward.h The header file of the Forward plug-in.
win32_service.c The source of the Windows Service install/remove functions.
win32_service.h The header file of the Windows Service install/remove functions.
twofish.c The source of the TwoFish library.
twofish.h The header file of the TwoFish library.
samtool.c The source file of the command line tool.
samtool.dsp The samtool project file for MS VC++ compiler.
makesnortsam.sh Shell script to compile SnortSam with and without the OPSEC libraries (SDK available at http://www.opsec.com)
(use ./makesnortsam.sh or ./makesnortsam.sh opsec). This script runs on FreeBSD, Linux and Solaris (not fully tested yet. Under Solaris, you need to link against: -lnsl -lresolv -lsocket)
Makefile A real Makefile to compile SnortSam. Has been tested on FreeBSD, Linux and Solaris, but since it is fairly new, there might be issues on some platforms. Please provide feedback on the performance of this Makefile. This makefile also compiles the samtool by typing make samtool.

Patches:

Pre-patched Snort&trade source is now available for 2.7.0 and 2.6.1.5. These are available in the respective FTP folders and via http. See the Download Dir.

Following patch has to be applied to Snort™ to include the alert_fwsam plugin that allows Snort™ to contact SnortSam:

snortsam-patch.tar.gz: This tarball contains 4 files. Three supplemental patch files, and a script (patchsnort.sh) that you need to run in order to patch Snort™. Run patchsnort.sh with the path to the Snort™ source directory, for example: ./patchsnort.sh src/snort-2.6

This will patch the source files and 'patch' the make files by running sed over it a few times. This seems safer than using patch to fix the make files.


If you have problems with the patch, you might want to try to inlude the source files separately. Don't forget to edit your Makefiles (or the VC Project) to include the sources (.c and .h) for compilation under Windows:

Description For Snort™ 2.6 For Snort™ 2.4 For Snort™ 2.3.3
The modified Snort™ plugbase.c file. snort/src/plugbase.c snort/src/plugbase.c snort/src/plugbase.c
The modified Snort™ plugin_enum.h file. snort/src/plugin_enum.h snort/src/plugin_enum.h snort/src/plugin_enum.h
The TwoFish library source file. snort/src/twofish.c snort/src/twofish.c snort/src/twofish.c
The TwoFish library header file. snort/src/twofish.h snort/src/twofish.h snort/src/twofish.h
The fwsam plugin source file. snort/src/output-plugins/spo_alert_fwsam.c snort/src/output-plugins/spo_alert_fwsam.c snort/src/output-plugins/spo_alert_fwsam.c
The fwsam plugin header file. snort/src/output-plugins/spo_alert_fwsam.h snort/src/output-plugins/spo_alert_fwsam.h snort/src/output-plugins/spo_alert_fwsam.h
The modified Snort™ MS VC++ Project file. Not available. Just edit the existing one yourself in MS VisualStudio/VisualC. snort/src/win32/WIN32-Prj/snort.dsp snort/src/win32/WIN32-Prj/snort.dsp
The modified Snort™ Makefile.am file. snort/src/Makefile.am snort/src/Makefile.am snort/src/Makefile.am
And for the output plugins. snort/src/output-plugins/Makefile.am snort/src/output-plugins/Makefile.am snort/src/output-plugins/Makefile.am


CVS

The source code of the latest version, 2.55, is also available via anonymous CVS from the SnortSam Repository at cvs.snortsam.net.

       cvs -d :pserver:anonymous@cvs.snortsam.net:/cvsroot/snortsam co snortsam

To check out the patch that adds SnortSam to Snort™ (from version 2.8 back to 1.8):

       cvs -d :pserver:anonymous@cvs.snortsam.net:/cvsroot/snort-plugin co snort-plugin



© Copyright 2001-2007 Frank Knobbe. All rights reserved.
Snort and Sourcefire are registered trademarks of Sourcefire, Inc.