ports/81378: New port: security/snort_inline
Nick Rogness
nick at rogness.net
Mon May 23 02:40:03 UTC 2005
>Number: 81378
>Category: ports
>Synopsis: New port: security/snort_inline
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon May 23 02:40:01 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Nick Rogness
>Release: FreeBSD 5.2.1-RC i386
>Organization:
>Environment:
System: FreeBSD skywalker.rogness.net 5.2.1-RC FreeBSD 5.2.1-RC #0: Sat Jan 31 05:36:22 GMT 2004 root at cypress.btc.adpatec.com:/usr/obj/usr/src/sys/GENERIC i386
>Description:
New port: security/snort_inline, An inline IPS system based on snort using ipfw.
>How-To-Repeat:
N/A
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# snort_inline
# snort_inline/Makefile
# snort_inline/pkg-descr
# snort_inline/pkg-plist
# snort_inline/distinfo
# snort_inline/files
# snort_inline/files/snort.sh
# snort_inline/pkg-message
#
echo c - snort_inline
mkdir -p snort_inline > /dev/null 2>&1
echo x - snort_inline/Makefile
sed 's/^X//' >snort_inline/Makefile << 'END-of-snort_inline/Makefile'
X# New ports collection makefile for: snort_inline
X# Date created: 4 March 2005
X# Whom: nick at rogness.net
X#
X# $FreeBSD$
X#
X
XPORTNAME= snort_inline
XPORTVERSION= 2.3.0
XCATEGORIES= security
XMASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/
XDISTNAME= snort_inline-2.3.0-RC1
X
XMAINTAINER= nick at rogness.net
XCOMMENT= An inline IPS system based on snort using ipfw
X
XLIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre
X
XWRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1
X
XUSE_GPG= yes
XSIG_SUFFIX= .asc
XUSE_REINPLACE= yes
XGNU_CONFIGURE= yes
XCONFIGURE_ENV= LDFLAGS="${LDFLAGS}"
XCONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
XCONFIGURE_ARGS+= --enable-inline --enable-ipfw
X
XBUILD_DEPENDS+= ${LOCALBASE}/lib/libnet.a:${PORTSDIR}/net/libnet
XCONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \
X --with-libnet-libraries=${LOCALBASE}/lib
X
X.if defined(WITH_MYSQL)
XUSE_MYSQL= yes
XCONFIGURE_ARGS+= --with-mysql=${LOCALBASE}
X.else
XCONFIGURE_ARGS+= --with-mysql=no
X.endif
X
X.if defined(WITH_ODBC)
XLIB_DEPENDS+= odbc.1:${PORTSDIR}/databases/unixODBC
XCONFIGURE_ARGS+= --with-odbc=${LOCALBASE}
XLDFLAGS+= ${PTHREAD_LIBS}
X.else
XCONFIGURE_ARGS+= --with-odbc=no
X.endif
X
X.if defined(WITH_POSTGRESQL)
XPOSTGRESQL_PORT?= databases/postgresql7
XLIB_DEPENDS+= pq.3:${PORTSDIR}/${POSTGRESQL_PORT}
XCONFIGURE_ARGS+= --with-postgresql=${LOCALBASE}
X.if exists(/usr/lib/libssl.a) && exists(/usr/lib/libcrypto.a)
XLDFLAGS+= -lssl -lcrypto
X.endif
X.else
XCONFIGURE_ARGS+= --with-postgresql=no
X.endif
X
XMAN8= snort.8
XDOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \
X doc/README* doc/TODO doc/USAGE doc/*.pdf
X
XUSE_RC_SUBR= yes
XRC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
X
Xpost-patch:
X ${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c
X @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
X ${FILESDIR}/snort.sh > ${WRKDIR}/snort.sh
X
Xpre-configure:
X @${ECHO} ""
X @${ECHO} "Set WITH_MYSQL, WITH_ODBC or WITH_POSTGRESQL"
X @${ECHO} "to get additional support."
X @${ECHO} ""
X
Xpost-install:
X @${MKDIR} ${DATADIR}
X ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR}
X ${INSTALL_DATA} ${WRKSRC}/etc/classification.config \
X ${DATADIR}/classification.config-sample
X [ -f ${DATADIR}/classification.config ] || \
X ${CP} ${DATADIR}/classification.config-sample \
X ${DATADIR}/classification.config
X ${INSTALL_DATA} ${WRKSRC}/etc/reference.config \
X ${DATADIR}/reference.config-sample
X [ -f ${DATADIR}/reference.config ] || \
X ${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config
X ${INSTALL_SCRIPT} -m 751 ${WRKDIR}/snort.sh ${PREFIX}/etc/rc.d/snort.sh
X.for f in snort.conf snort_inline.conf unicode.map threshold.conf
X ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
X [ -f ${PREFIX}/etc/${f} ] || \
X ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
X.endfor
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
X.endif
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.mk>
END-of-snort_inline/Makefile
echo x - snort_inline/pkg-descr
sed 's/^X//' >snort_inline/pkg-descr << 'END-of-snort_inline/pkg-descr'
Xsnort-inline is a variation of snort that interfaces with the
XIPFW firewall and divert sockets to provide a simple IPS system
Xusing snort signatures.
X
XWWW: http://freebsd.rogness.net/snort_inline
X
X- Nick Rogness
Xnick at rogness.net
END-of-snort_inline/pkg-descr
echo x - snort_inline/pkg-plist
sed 's/^X//' >snort_inline/pkg-plist << 'END-of-snort_inline/pkg-plist'
Xbin/snort_inline
X at unexec if [ -f %D/etc/snort.conf ] && cmp -s %D/etc/snort.conf %D/etc/snort.conf-sample; then rm -f %D/etc/snort.conf; fi
Xetc/snort.conf-sample
X at exec [ -f %B/snort.conf ] || cp %B/%f %B/snort.conf
X at exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf
X at unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi
Xetc/unicode.map-sample
X at exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map
X at unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi
Xetc/threshold.conf-sample
X at exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf
Xetc/rc.d/snort.sh
X%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
X%%PORTDOCS%%%%DOCSDIR%%/BUGS
X%%PORTDOCS%%%%DOCSDIR%%/CREDITS
X%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
X%%PORTDOCS%%%%DOCSDIR%%/faq.pdf
X%%PORTDOCS%%%%DOCSDIR%%/faq.tex
X%%PORTDOCS%%%%DOCSDIR%%/NEWS
X%%PORTDOCS%%%%DOCSDIR%%/README
X%%PORTDOCS%%%%DOCSDIR%%/README.INLINE
X%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP
X%%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS
X%%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK
X%%PORTDOCS%%%%DOCSDIR%%/README.WIN32
X%%PORTDOCS%%%%DOCSDIR%%/README.alert_order
X%%PORTDOCS%%%%DOCSDIR%%/README.csv
X%%PORTDOCS%%%%DOCSDIR%%/README.database
X%%PORTDOCS%%%%DOCSDIR%%/README.event_queue
X%%PORTDOCS%%%%DOCSDIR%%/README.flow
X%%PORTDOCS%%%%DOCSDIR%%/README.flowbits
X%%PORTDOCS%%%%DOCSDIR%%/README.flow-portscan
X%%PORTDOCS%%%%DOCSDIR%%/README.sfportscan
X%%PORTDOCS%%%%DOCSDIR%%/README.asn1
X%%PORTDOCS%%%%DOCSDIR%%/README.http_inspect
X%%PORTDOCS%%%%DOCSDIR%%/README.thresholding
X%%PORTDOCS%%%%DOCSDIR%%/README.wireless
X%%PORTDOCS%%%%DOCSDIR%%/TODO
X%%PORTDOCS%%%%DOCSDIR%%/USAGE
X%%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf
X%%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf
X%%PORTDOCS%%@dirrm %%DOCSDIR%%
X%%DATADIR%%/attack-responses.rules
X%%DATADIR%%/backdoor.rules
X%%DATADIR%%/bad-traffic.rules
X%%DATADIR%%/chat.rules
X at unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi
X%%DATADIR%%/classification.config-sample
X at exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config
X%%DATADIR%%/ddos.rules
X%%DATADIR%%/deleted.rules
X%%DATADIR%%/dns.rules
X%%DATADIR%%/dos.rules
X%%DATADIR%%/experimental.rules
X%%DATADIR%%/exploit.rules
X%%DATADIR%%/finger.rules
X%%DATADIR%%/ftp.rules
X%%DATADIR%%/icmp-info.rules
X%%DATADIR%%/icmp.rules
X%%DATADIR%%/imap.rules
X%%DATADIR%%/info.rules
X%%DATADIR%%/local.rules
X%%DATADIR%%/misc.rules
X%%DATADIR%%/multimedia.rules
X%%DATADIR%%/mysql.rules
X%%DATADIR%%/netbios.rules
X%%DATADIR%%/nntp.rules
X%%DATADIR%%/oracle.rules
X%%DATADIR%%/other-ids.rules
X%%DATADIR%%/p2p.rules
X%%DATADIR%%/policy.rules
X%%DATADIR%%/pop2.rules
X%%DATADIR%%/pop3.rules
X%%DATADIR%%/porn.rules
X at unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi
X%%DATADIR%%/reference.config-sample
X at exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config
X%%DATADIR%%/rpc.rules
X%%DATADIR%%/rservices.rules
X%%DATADIR%%/scan.rules
X%%DATADIR%%/shellcode.rules
X%%DATADIR%%/smtp.rules
X%%DATADIR%%/snmp.rules
X%%DATADIR%%/sql.rules
X%%DATADIR%%/telnet.rules
X%%DATADIR%%/tftp.rules
X%%DATADIR%%/virus.rules
X%%DATADIR%%/web-attacks.rules
X%%DATADIR%%/web-cgi.rules
X%%DATADIR%%/web-client.rules
X%%DATADIR%%/web-coldfusion.rules
X%%DATADIR%%/web-frontpage.rules
X%%DATADIR%%/web-iis.rules
X%%DATADIR%%/web-misc.rules
X%%DATADIR%%/web-php.rules
X%%DATADIR%%/x11.rules
X at dirrm %%DATADIR%%
END-of-snort_inline/pkg-plist
echo x - snort_inline/distinfo
sed 's/^X//' >snort_inline/distinfo << 'END-of-snort_inline/distinfo'
XMD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419
END-of-snort_inline/distinfo
echo c - snort_inline/files
mkdir -p snort_inline/files > /dev/null 2>&1
echo x - snort_inline/files/snort.sh
sed 's/^X//' >snort_inline/files/snort.sh << 'END-of-snort_inline/files/snort.sh'
X#!/bin/sh
X# $Id$
X
X# PROVIDE: snort
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X# KEYWORD: FreeBSD shutdown
X
X# Add the following lines to /etc/rc.conf to enable snort:
X# snort_enable (bool): Set to YES to enable snort
X# Default: NO
X# snort_flags (str): Extra flags passed to snort
X# Default: -Dq -J 8000
X# snort_interface (str): Network interface to sniff
X# Default: ""
X# snort_conf (str): Snort configuration file
X# Default: ${PREFIX}/etc/snort_inline.conf
X#
X
X. %%RC_SUBR%%
X
Xname="snort"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/bin/snort"
X
Xload_rc_config $name
X
X[ -z "$snort_enable" ] && snort_enable="NO"
X[ -z "$snort_conf" ] && snort_conf="%%PREFIX%%/etc/snort_inline.conf"
X[ -z "$snort_flags" ] && snort_flags="-Dq -J 8000"
X
X[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface"
X[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf"
X
Xrun_rc_command "$1"
END-of-snort_inline/files/snort.sh
echo x - snort_inline/pkg-message
sed 's/^X//' >snort_inline/pkg-message << 'END-of-snort_inline/pkg-message'
X ***********************************
X * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X ***********************************
X
Xsnort_inline uses rcNG startup scripts and must be enabled via /etc/rc.conf
X
XAvailable variables:
X
X snort_enable (bool): Set to YES to enable snort
X Default: NO
X snort_flags (str): Extra flags passed to snort
X Default: -Dq -J 8000
X snort_interface (str): Network interface to sniff
X Default: ""
X snort_conf (str): Snort configuration file
X Default: ${PREFIX}/etc/snort_inline.conf
X
XAlso, make sure that your kernel is compiled with:
X
X options IPFIREWALL
X options IPDIVERT
X
XThe default divert port is 8000. See http://freebsd.rogness.net/snort_inline
Xfor more information.
END-of-snort_inline/pkg-message
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list