ports/113551: [PATCH] security/snort: optional expression support in rc.conf
Tomoyuki Sakurai
cherry at trombik.org
Mon Jun 11 04:50:03 UTC 2007
>Number: 113551
>Category: ports
>Synopsis: [PATCH] security/snort: optional expression support in rc.conf
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 11 04:50:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Tomoyuki Sakurai
>Release: FreeBSD 6.1-RELEASE-p11 i386
>Organization:
>Environment:
System: FreeBSD spica.trombik.org 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #6: Sun Jan 7 04:14:41 JST
>Description:
With this patch, you can specify optional pcap filter in rc.conf.
Example:
snort_expression="not net after.nat.addr.ess/24"
Port maintainer (clsung at FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:
--- snort-2.6.1.4_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/snort/files/snort.sh.in /usr/home/cherry/svn/ports/security/snort/files/snort.sh.in
--- /usr/ports/security/snort/files/snort.sh.in Fri Sep 22 17:47:25 2006
+++ /usr/home/cherry/svn/ports/security/snort/files/snort.sh.in Mon Jun 11 13:39:48 2007
@@ -15,6 +15,12 @@
# Default: ""
# snort_conf (str): Snort configuration file
# Default: ${PREFIX}/etc/snort/snort.conf
+# snort_expression (str): filter expression
+# If your expression is very long, set
+# kern.ps_arg_cache_limit sysctl variable
+# to large value. Otherwise, snort won't
+# restart!
+# Default: ""
#
. %%RC_SUBR%%
@@ -33,5 +39,6 @@
[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface" \
&& pidfile="/var/run/snort_${snort_interface}.pid"
[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf"
+[ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"
run_rc_command "$1"
--- snort-2.6.1.4_1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list