ports/104730: Port update to security/snort_inline
Nick Rogness
nick at rogness.net
Tue Oct 24 03:10:24 UTC 2006
>Number: 104730
>Category: ports
>Synopsis: Port update to security/snort_inline
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 24 03:10:20 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Nick Rogness
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD skywalker.rogness.net 5.4-STABLE FreeBSD 5.4-STABLE #0: Mon Jul 11 21:54:56 MDT 2005 nick at skywalker.rogness.net:/usr/src/sys/i386/compile/SKYWALKER i386
>Description:
Update port security/snort_inline to version 2.4.5
>How-To-Repeat:
Attached Unified diff under Fix
>Fix:
diff -ruN snort_inline.old/Makefile snort_inline/Makefile
--- snort_inline.old/Makefile Fri May 12 22:15:15 2006
+++ snort_inline/Makefile Mon Oct 23 20:16:34 2006
@@ -2,23 +2,19 @@
# Date created: 4 March 2005
# Whom: nick at rogness.net
#
-# $FreeBSD: ports/security/snort_inline/Makefile,v 1.4 2006/05/13 04:15:15 edwin Exp $
+# $FreeBSD: ports/security/snort_inline/Makefile,v 1.3 2005/11/14 17:07:04 sem Exp $
#
PORTNAME= snort_inline
-PORTVERSION= 2.3.0
-PORTREVISION= 1
+PORTVERSION= 2.4.5
CATEGORIES= security
MASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/
-DISTNAME= snort_inline-2.3.0-RC1
MAINTAINER= nick at rogness.net
COMMENT= An inline IPS system based on snort using ipfw
LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre
-WRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1
-
USE_GPG= yes
SIG_SUFFIX= .asc
GNU_CONFIGURE= yes
@@ -26,9 +22,7 @@
CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
CONFIGURE_ARGS+= --enable-inline --enable-ipfw
-BUILD_DEPENDS+= libnet*<=1.1.0,1:${PORTSDIR}/net/libnet10
-CONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \
- --with-libnet-libraries=${LOCALBASE}/lib
+LIB_DEPENDS+= dnet:${PORTSDIR}/net/libdnet
.if defined(WITH_MYSQL)
USE_MYSQL= yes
@@ -55,14 +49,20 @@
CONFIGURE_ARGS+= --with-postgresql=no
.endif
-MAN8= snort.8
+MAN8= snort.8 snort_inline.8
DOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \
doc/README* doc/TODO doc/USAGE doc/*.pdf
+RULE_PATH= ${DATADIR}/rules
+
USE_RC_SUBR= snort.sh
post-patch:
${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c
+ ${REINPLACE_CMD} "s,/etc/snort_inline/drop-rules,${RULE_PATH}," ${WRKSRC}/etc/snort_inline.conf
+ ${REINPLACE_CMD} "s,$RULE_PATH/classification.config,${DATADIR}/classification.config," ${WRKSRC}/etc/snort_inline.conf
+ ${REINPLACE_CMD} "s,$RULE_PATH/reference.config,${DATADIR}/reference.config," ${WRKSRC}/etc/snort_inline.conf
+ ${REINPLACE_CMD} -e "s/^unicode.map/\/usr\/local\/share\/snort_inline\/unicode.map/" ${WRKSRC}/etc/snort_inline.conf
pre-configure:
@${ECHO} ""
@@ -72,7 +72,7 @@
post-install:
@${MKDIR} ${DATADIR}
- ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR}
+ @${MKDIR} ${RULE_PATH}
${INSTALL_DATA} ${WRKSRC}/etc/classification.config \
${DATADIR}/classification.config-sample
[ -f ${DATADIR}/classification.config ] || \
@@ -82,7 +82,13 @@
${DATADIR}/reference.config-sample
[ -f ${DATADIR}/reference.config ] || \
${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config
-.for f in snort.conf snort_inline.conf unicode.map threshold.conf
+ ${INSTALL_DATA} ${WRKSRC}/etc/threshold.conf \
+ ${DATADIR}/threshold.conf-sample
+ [ -f ${DATADIR}/threshold.conf ] || \
+ ${CP} ${DATADIR}/threshold.conf-sample ${DATADIR}/threshold.conf
+ ${INSTALL_DATA} ${WRKSRC}/etc/unicode.map \
+ ${DATADIR}/unicode.map
+.for f in snort.conf snort_inline.conf
${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
[ -f ${PREFIX}/etc/${f} ] || \
${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
diff -ruN snort_inline.old/distinfo snort_inline/distinfo
--- snort_inline.old/distinfo Mon Jan 23 18:03:27 2006
+++ snort_inline/distinfo Wed Jun 7 18:12:19 2006
@@ -1,3 +1,3 @@
-MD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419
-SHA256 (snort_inline-2.3.0-RC1.tar.gz) = 46027eeb583dd2efa1ca724948a84fd79d320a0f04df4befde27688c4f7995dc
-SIZE (snort_inline-2.3.0-RC1.tar.gz) = 2742898
+MD5 (snort_inline-2.4.5.tar.gz) = 6fbc46cb339cd9f7b9699104b9a99b1a
+SHA256 (snort_inline-2.4.5.tar.gz) = c417dd23d06d468f0fc5d2cc4f9d1022db5b02a9a77d702f8e24261f0a433651
+SIZE (snort_inline-2.4.5.tar.gz) = 3019957
diff -ruN snort_inline.old/files/snort.sh.in snort_inline/files/snort.sh.in
--- snort_inline.old/files/snort.sh.in Mon Feb 20 13:47:40 2006
+++ snort_inline/files/snort.sh.in Wed Jun 7 18:09:58 2006
@@ -4,7 +4,7 @@
# PROVIDE: snort
# REQUIRE: DAEMON
# BEFORE: LOGIN
-# KEYWORD: shutdown
+# KEYWORD: FreeBSD shutdown
# Add the following lines to /etc/rc.conf to enable snort:
# snort_enable (bool): Set to YES to enable snort
@@ -22,7 +22,7 @@
name="snort"
rcvar=`set_rcvar`
-command="%%PREFIX%%/bin/snort"
+command="%%PREFIX%%/bin/snort_inline"
load_rc_config $name
diff -ruN snort_inline.old/pkg-plist snort_inline/pkg-plist
--- snort_inline.old/pkg-plist Sat May 28 05:06:39 2005
+++ snort_inline/pkg-plist Mon Oct 23 20:45:39 2006
@@ -5,11 +5,11 @@
@unexec if [ -f %D/etc/snort_inline.conf ] && cmp -s %D/etc/snort_inline.conf %D/etc/snort_inline.conf-sample; then rm -f %D/etc/snort_inline.conf; fi
etc/snort_inline.conf-sample
@exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf
- at unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi
-etc/unicode.map-sample
+ at unexec if [ -f %B/unicode.map ] && cmp -s %B/unicode.map %B/unicode.map-sample; then rm -f %B/etc/unicode.map; fi
+%%DATADIR%%/unicode.map
@exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map
- at unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi
-etc/threshold.conf-sample
+ at unexec if [ -f %B/threshold.conf ] && cmp -s %B/threshold.conf %B/threshold.conf-sample; then rm -f %B/threshold.conf; fi
+%%DATADIR%%/threshold.conf-sample
@exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/BUGS
@@ -36,63 +36,20 @@
%%PORTDOCS%%%%DOCSDIR%%/README.http_inspect
%%PORTDOCS%%%%DOCSDIR%%/README.thresholding
%%PORTDOCS%%%%DOCSDIR%%/README.wireless
+%%PORTDOCS%%%%DOCSDIR%%/README.NFQUEUE
+%%PORTDOCS%%%%DOCSDIR%%/README.clamav
+%%PORTDOCS%%%%DOCSDIR%%/README.frag3
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/USAGE
%%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf
%%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf
%%PORTDOCS%%@dirrm %%DOCSDIR%%
-%%DATADIR%%/attack-responses.rules
-%%DATADIR%%/backdoor.rules
-%%DATADIR%%/bad-traffic.rules
-%%DATADIR%%/chat.rules
@unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi
%%DATADIR%%/classification.config-sample
@exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config
-%%DATADIR%%/ddos.rules
-%%DATADIR%%/deleted.rules
-%%DATADIR%%/dns.rules
-%%DATADIR%%/dos.rules
-%%DATADIR%%/experimental.rules
-%%DATADIR%%/exploit.rules
-%%DATADIR%%/finger.rules
-%%DATADIR%%/ftp.rules
-%%DATADIR%%/icmp-info.rules
-%%DATADIR%%/icmp.rules
-%%DATADIR%%/imap.rules
-%%DATADIR%%/info.rules
-%%DATADIR%%/local.rules
-%%DATADIR%%/misc.rules
-%%DATADIR%%/multimedia.rules
-%%DATADIR%%/mysql.rules
-%%DATADIR%%/netbios.rules
-%%DATADIR%%/nntp.rules
-%%DATADIR%%/oracle.rules
-%%DATADIR%%/other-ids.rules
-%%DATADIR%%/p2p.rules
-%%DATADIR%%/policy.rules
-%%DATADIR%%/pop2.rules
-%%DATADIR%%/pop3.rules
-%%DATADIR%%/porn.rules
+%%DATADIR%%/classification.config
@unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi
%%DATADIR%%/reference.config-sample
@exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config
-%%DATADIR%%/rpc.rules
-%%DATADIR%%/rservices.rules
-%%DATADIR%%/scan.rules
-%%DATADIR%%/shellcode.rules
-%%DATADIR%%/smtp.rules
-%%DATADIR%%/snmp.rules
-%%DATADIR%%/sql.rules
-%%DATADIR%%/telnet.rules
-%%DATADIR%%/tftp.rules
-%%DATADIR%%/virus.rules
-%%DATADIR%%/web-attacks.rules
-%%DATADIR%%/web-cgi.rules
-%%DATADIR%%/web-client.rules
-%%DATADIR%%/web-coldfusion.rules
-%%DATADIR%%/web-frontpage.rules
-%%DATADIR%%/web-iis.rules
-%%DATADIR%%/web-misc.rules
-%%DATADIR%%/web-php.rules
-%%DATADIR%%/x11.rules
+ at dirrmtry %%DATADIR%%/rules
@dirrm %%DATADIR%%
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list