svn commit: r400577 - in head/security/pulledpork: . files
Olli Hauer
ohauer at FreeBSD.org
Sat Oct 31 13:08:51 UTC 2015
Author: ohauer
Date: Sat Oct 31 13:08:49 2015
New Revision: 400577
URL: https://svnweb.freebsd.org/changeset/ports/400577
Log:
- update patches to match latest git rev (v0.7.2)
- add ca_root_nss as direct runtime dependency
- use new option target to install docs
Download URL has changed from s3.amazonaws to snort.org!
Please adjust your pulledpork.conf
MFH: 2015Q4
Modified:
head/security/pulledpork/Makefile
head/security/pulledpork/files/patch-etc__pulledpork.conf
head/security/pulledpork/files/patch-pulledpork.pl
head/security/pulledpork/pkg-descr
Modified: head/security/pulledpork/Makefile
==============================================================================
--- head/security/pulledpork/Makefile Sat Oct 31 12:29:19 2015 (r400576)
+++ head/security/pulledpork/Makefile Sat Oct 31 13:08:49 2015 (r400577)
@@ -3,9 +3,10 @@
PORTNAME= pulledpork
PORTVERSION= 0.7.0
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
-MASTER_SITES= GOOGLE_CODE
+MASTER_SITES= GOOGLE_CODE \
+ LOCAL/ohauer
MAINTAINER= ohauer at FreeBSD.org
COMMENT= Script to update snort-2.8+ rules
@@ -14,7 +15,8 @@ LICENSE= GPLv2
RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \
p5-LWP-Protocol-https>=6.00:${PORTSDIR}/www/p5-LWP-Protocol-https \
- p5-libwww>=0:${PORTSDIR}/www/p5-libwww
+ p5-libwww>=0:${PORTSDIR}/www/p5-libwww \
+ ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
NO_BUILD= yes
USES= perl5 shebangfix
@@ -46,6 +48,8 @@ do-install:
@${MKDIR} ${STAGEDIR}${DATADIR}
${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR}
${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR}
+
+do-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR}
Modified: head/security/pulledpork/files/patch-etc__pulledpork.conf
==============================================================================
--- head/security/pulledpork/files/patch-etc__pulledpork.conf Sat Oct 31 12:29:19 2015 (r400576)
+++ head/security/pulledpork/files/patch-etc__pulledpork.conf Sat Oct 31 13:08:49 2015 (r400577)
@@ -1,6 +1,25 @@
--- etc/pulledpork.conf.orig 2013-09-11 21:01:05 UTC
+++ etc/pulledpork.conf
-@@ -121,14 +121,14 @@ config_path=/usr/local/etc/snort/snort.c
+@@ -18,13 +18,15 @@
+ # i.e. url|tarball|123456789,
+ rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
+ # NEW Community ruleset:
+-rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community
++rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
+ # NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode>
+ # This format MUST be followed to let pulledpork know that this is a blacklist
+-rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
++rule_url=http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open
+ # URL for rule documentation! (slow to process)
+ rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>
+-#rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
++# THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!
++# and open-nogpl, to avoid conflicts.
++#rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl
+ # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
+ # and the et oinkcode requirement!
+ #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>
+@@ -121,14 +123,14 @@ config_path=/usr/local/etc/snort/snort.c
# Define your distro, this is for the precompiled shared object libs!
# Valid Distro Types:
@@ -21,18 +40,18 @@
####### This next section is optional, but probably pretty useful to you.
####### Please read thoroughly!
-@@ -187,7 +187,7 @@ snort_control=/usr/local/bin/snort_contr
+@@ -187,7 +189,7 @@ snort_control=/usr/local/bin/snort_contr
# This value MUST contain all 4 minor version
# numbers. ET rules are now also dependant on this, verify supported ET versions
# prior to simply throwing rubbish in this variable kthx!
-# snort_version=2.9.0.0
-+# snort_version=2.9.7.3
++# snort_version=2.9.7.5
# Here you can specify what rule modification files to run automatically.
# simply uncomment and specify the apt path.
-@@ -206,4 +206,4 @@ snort_control=/usr/local/bin/snort_contr
+@@ -206,4 +208,4 @@ snort_control=/usr/local/bin/snort_contr
####### need to process so_rules, simply comment out the so_rule section
####### you can also specify -T at runtime to process only GID 1 rules.
-version=0.7.0
-+version=0.7.1
++version=0.7.2
Modified: head/security/pulledpork/files/patch-pulledpork.pl
==============================================================================
--- head/security/pulledpork/files/patch-pulledpork.pl Sat Oct 31 12:29:19 2015 (r400576)
+++ head/security/pulledpork/files/patch-pulledpork.pl Sat Oct 31 13:08:49 2015 (r400577)
@@ -1,22 +1,56 @@
---- pulledpork.pl.orig 2015-06-01 19:41:36 UTC
+--- pulledpork.pl.orig 2013-09-11 21:01:05 UTC
+++ pulledpork.pl
@@ -3,7 +3,7 @@
## pulledpork v(whatever it says below!)
## cummingsj at gmail.com
-# Copyright (C) 2009-2013 JJ Cummings and the PulledPork Team!
-+# Copyright (C) 2009-2014 JJ Cummings and the PulledPork Team!
++# Copyright (C) 2009-2015 JJ Cummings, Michael Shirk and the PulledPork Team!
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
-@@ -41,16 +41,17 @@ use Data::Dumper;
+@@ -41,16 +41,51 @@ use Data::Dumper;
# we are gonna need these!
my ( $oinkcode, $temp_path, $rule_file, $Syslogging );
-my $VERSION = "PulledPork v0.7.0 - Swine Flu!";
-+my $VERSION = "PulledPork v0.7.1 - Swine Flu with a side of Ebola!";
++my $VERSION = "PulledPork v0.7.2 - E.Coli in your water bottle!";
my $ua = LWP::UserAgent->new;
++# for certificate validation, check for the operating system
++# and set the path to the certificate store if required.
++my $oSystem = "$^O";
++my $CAFile = "OS Default";
++if ($oSystem =~ /freebsd/i) {
++ #Check to ensure the cert file exists
++ if ( -e "/etc/ssl/cert.pem" ) {
++ $CAFile = "/etc/ssl/cert.pem";
++ if ( -r $CAFile) {
++ $ua->ssl_opts( SSL_ca_file => $CAFile );
++ } else {
++ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n";
++ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n")
++ if $Syslogging;
++ exit(1);
++ }
++ #Check for the other location for the cert file
++ } elsif ( -e "/usr/local/share/certs/ca-root-nss.crt" ) {
++ $CAFile = "/usr/local/share/certs/ca-root-nss.crt";
++ if ( -r $CAFile) {
++ $ua->ssl_opts( SSL_ca_file => $CAFile );
++ } else {
++ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n";
++ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n")
++ if $Syslogging;
++ exit(1);
++ }
++ } else {
++ carp "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/share/certs/ca-root-nss.crt) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n";
++ syslogit( 'err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n")
++ if $Syslogging;
++ exit(1);
++ }
++}
+
my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto );
my ( $Output, $Distro, $Snort, $sid_changelog, $ignore_files );
@@ -29,7 +63,7 @@
my $Sostubs = 1;
# verbose and quiet control print()
-@@ -144,11 +145,11 @@ sub Help {
+@@ -144,11 +179,11 @@ sub Help {
-D What Distro are you running on, for the so_rules
For latest supported options see http://www.snort.org/snort-rules/shared-object-rules
Valid Distro Types:
@@ -46,7 +80,7 @@
-e Where the enablesid config file lives.
-E Write ONLY the enabled rules to the output files.
-g grabonly (download tarball rule file(s) and do NOT process)
-@@ -176,6 +177,7 @@ sub Help {
+@@ -176,6 +211,7 @@ sub Help {
-V Print Version and exit
-v Verbose mode, you know.. for troubleshooting and such nonsense.
-vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense.
@@ -54,16 +88,31 @@
__EOT
exit(0);
-@@ -191,7 +193,7 @@ sub pulledpork {
+@@ -186,12 +222,12 @@ sub pulledpork {
+
+ print <<__EOT;
+
+- http://code.google.com/p/pulledpork/
++ https://github.com/shirkdog/pulledpork
+ _____ ____
`----,\\ )
`--==\\\\ / $VERSION
`--==\\\\/
- .-~~~~-.Y|\\\\_ Copyright (C) 2009-2013 JJ Cummings
-+ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2014 JJ Cummings
++ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2015 JJ Cummings
\@_/ / 66\\_ cummingsj\@gmail.com
| \\ \\ _(\")
\\ /-| ||'--' Rules give me wings!
-@@ -350,9 +352,27 @@ sub compare_md5 {
+@@ -227,7 +263,7 @@ sub rule_extract {
+ $tar->read( $temp_path . $rule_file );
+ $tar->setcwd( cwd() );
+ local $Archive::Tar::CHOWN = 0;
+- my @ignores = split( /,/, $ignore );
++ my @ignores = split( /,/, $ignore ) if (defined $ignore);
+
+ foreach (@ignores) {
+ if ( $_ =~ /\.rules/ ) {
+@@ -350,9 +386,27 @@ sub compare_md5 {
## mimic LWP::Simple getstore routine - Thx pkthound!
sub getstore {
my ( $url, $file ) = @_;
@@ -94,7 +143,92 @@
}
## time to grab the real 0xb33f
-@@ -1507,7 +1527,8 @@ GetOptions(
+@@ -527,9 +581,9 @@ sub read_rules {
+ elsif ( $row !~ /\\$/ && $trk == 1 )
+ { # last line of multiline rule here
+ $record .= $row;
+- if ( $record =~ /sid:\s*\d+\s*;/i ) {
++ if ( $record =~ /\ssid:\s*\d+\s*;/i ) {
+ $sid = $&;
+- $sid =~ s/sid:\s*//;
++ $sid =~ s/\ssid:\s*//;
+ $sid =~ s/\s*;//;
+ $$hashref{0}{ trim($sid) }{'rule'} = $record;
+ }
+@@ -537,9 +591,9 @@ sub read_rules {
+ undef $record;
+ }
+ else {
+- if ( $row =~ /sid:\s*\d+\s*;/i ) {
++ if ( $row =~ /\ssid:\s*\d+\s*;/i ) {
+ $sid = $&;
+- $sid =~ s/sid:\s*//;
++ $sid =~ s/\ssid:\s*//;
+ $sid =~ s/\s*;//;
+ $$hashref{0}{ trim($sid) }{'rule'} = $row;
+ }
+@@ -563,13 +617,13 @@ sub read_rules {
+ $rule = trim($rule);
+ if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) {
+
+- if ( $rule =~ /sid:\s*\d+\s*;/i ) {
++ if ( $rule =~ /\ssid:\s*\d+\s*;/i ) {
+ $sid = $&;
+- $sid =~ s/sid:\s*//;
++ $sid =~ s/\ssid:\s*//;
+ $sid =~ s/\s*;//;
+- if ( $rule =~ /gid:\s*\d+/i ) {
++ if ( $rule =~ /\sgid:\s*\d+/i ) {
+ $gid = $&;
+- $gid =~ s/gid:\s*//;
++ $gid =~ s/\sgid:\s*//;
+ }
+ else { $gid = 1; }
+ if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/i ) {
+@@ -616,12 +670,12 @@ sub read_rules {
+
+ foreach my $rule (@elements) {
+ if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) {
+- if ( $rule =~ /sid:\s*\d+/ ) {
++ if ( $rule =~ /\ssid:\s*\d+/ ) {
+ $sid = $&;
+- $sid =~ s/sid:\s*//;
+- if ( $rule =~ /gid:\s*\d+/i ) {
++ $sid =~ s/\ssid:\s*//;
++ if ( $rule =~ /\sgid:\s*\d+/i ) {
+ $gid = $&;
+- $gid =~ s/gid:\s*//;
++ $gid =~ s/\sgid:\s*//;
+ }
+ else { $gid = 1; }
+ if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/ ) {
+@@ -1463,6 +1517,25 @@ sub archive_wanted {
+ push( @records, $File::Find::name );
+ }
+
++## Create ignore_files from conf file
++sub get_ignore_files {
++ my ($ignore_conf_file) = @_;
++ my $ignore_list;
++
++ print "\tReading ignore_file: $ignore_conf_file\n";
++
++ # Read ignore file and exclude comments/blank lines
++ open ( FH, '<', $ignore_conf_file ) || croak "Couldn't read $ignore_conf_file $!\n";
++ while ( <FH> ) {
++ chomp;
++ s/#.*//;
++ if ( ! /^\s*$/ ) { $ignore_list .= "$_," };
++ };
++ close FH;
++ $ignore_list =~ s/,\s*$//g ;
++ return $ignore_list
++}
++
+ ###
+ ### Main here, let's get on with it already
+ ###
+@@ -1507,7 +1580,8 @@ GetOptions(
"u=s" => \@base_url,
"V!" => sub { Version() },
"v+" => \$Verbose,
@@ -104,24 +238,47 @@
);
## Fly piggy fly!
-@@ -1533,7 +1554,7 @@ if ( $Verbose && !$Quiet ) {
+@@ -1533,7 +1607,7 @@ if ( $Verbose && !$Quiet ) {
if ( exists $Config_info{'version'} ) {
croak "You are not using the current version of pulledpork.conf!\n",
"Please use the version of pulledpork.conf that shipped with $VERSION!\n\n"
- if $Config_info{'version'} ne "0.7.0";
-+ if $Config_info{'version'} ne "0.7.1";
++ if $Config_info{'version'} ne "0.7.2";
}
else {
croak
-@@ -1700,6 +1721,7 @@ if ( $Verbose && !$Quiet ) {
+@@ -1546,6 +1620,12 @@ else {
+ $pid_path = ( $Config_info{'pid_path'} ) if exists $Config_info{'pid_path'};
+ $ignore_files = ( $Config_info{'ignore'} ) if exists $Config_info{'ignore'};
+
++# Allow ignores to be specified in a file, supercedes the regular ignore config option
++if ( exists $Config_info{'ignore_file'})
++{
++ $ignore_files = get_ignore_files($Config_info{'ignore_file'});
++}
++
+ if ($rule_file_path) {
+ $keep_rulefiles = 1;
+ }
+@@ -1658,6 +1738,8 @@ if ( $Verbose && !$Quiet ) {
+ print "MISC (CLI and Autovar) Variable Debug:\n";
+ if ($Process) { print "\tProcess flag specified!\n"; }
+ if ($arch) { print "\tarch Def is: $arch\n"; }
++ if ($oSystem) { print "\tOperating System is: $oSystem\n"; }
++ if ($CAFile) { print "\tCA Certificate File is: $CAFile\n"; }
+ if ($Config_file) { print "\tConfig Path is: $Config_file\n"; }
+ if ($Distro) { print "\tDistro Def is: $Distro\n"; }
+ if ($docs) { print "\tDocs Reference Location is: $docs\n"; }
+@@ -1700,6 +1782,8 @@ if ( $Verbose && !$Quiet ) {
if ($Textonly) { print "\tText Rules only Flag is Set\n"; }
if ( $Verbose == 2 ) { print "\tExtra Verbose Flag is Set\n"; }
if ($Verbose) { print "\tVerbose Flag is Set\n"; }
+ if ($skipVerify) { print "\tSSL Hostname Verification disabled\n"; }
++ if ($ignore_files) { print "\tFile(s) to ignore = $ignore_files\n"; }
if (@base_url) { print "\tBase URL is: @base_url\n"; }
}
-@@ -1717,10 +1739,17 @@ if ( !-d $temp_path ) {
+@@ -1717,10 +1801,17 @@ if ( !-d $temp_path ) {
# Validate sid_msg_map version
Help("Please specify version 1 or 2 for sid_msg_version in your config file\n") unless $sid_msg_version =~ /(1|2)/;
Modified: head/security/pulledpork/pkg-descr
==============================================================================
--- head/security/pulledpork/pkg-descr Sat Oct 31 12:29:19 2015 (r400576)
+++ head/security/pulledpork/pkg-descr Sat Oct 31 13:08:49 2015 (r400577)
@@ -18,4 +18,4 @@ pulledpork is a Perl script which helps
* A sweet smokey flavor throughout the pork!
-WWW: http://code.google.com/p/pulledpork/
+WWW: https://github.com/shirkdog/pulledpork/
More information about the svn-ports-all
mailing list