Date: Wed, 1 Sep 2010 11:14:26 -0300 (BRT) From: Patrick Tracanelli <eksffa@freebsdbrasil.com.br> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/150191: [NEW PORT] security/suricata: Open Source next generation IDS/IPS engine by OISF Message-ID: <201009011414.o81EEQ6U027683@main.bh.freebsdbrasil.com.br> Resent-Message-ID: <201009011500.o81F09DV037782@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 150191 >Category: ports >Synopsis: [NEW PORT] security/suricata: Open Source next generation IDS/IPS engine by OISF >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Sep 01 15:00:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Patrick Tracanelli >Release: FreeBSD 8.1-STABLE i386 >Organization: FreeBSD Brasil LTDA >Environment: System: FreeBSD main.bh.freebsdbrasil.com.br 8.1-STABLE FreeBSD 8.1-STABLE #7: Tue Jul 27 18:35:59 BRT 2010 >Description: QA: This port passed cleanly on "port test", portlint and Tinderbox: http://freebsd2.asmallorange.com/index.php?action=describe_port&id=1016 The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine developed by the Open Information Security Foundation (OISF). This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members. The Suricata Engine and the HTP Library are available to use under the GPLv2. The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine but may also be used independently in a range of applications and tools. WWW: http://openinfosecfoundation.org Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- suricata-1.0.1.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # suricata # suricata/files # suricata/files/suricata.in # suricata/files/pkg-message.in # suricata/files/patch-Makefile.in # suricata/Makefile # suricata/pkg-plist # suricata/pkg-descr # suricata/distinfo # echo c - suricata mkdir -p suricata > /dev/null 2>&1 echo c - suricata/files mkdir -p suricata/files > /dev/null 2>&1 echo x - suricata/files/suricata.in sed 's/^X//' >suricata/files/suricata.in << 'b2123a8c3836f83670083b660eeca21b' X#!/bin/sh X# $FreeBSD: $ X X# PROVIDE: suricata X# REQUIRE: DAEMON X# BEFORE: LOGIN X# KEYWORD: shutdown X X# Add the following lines to /etc/rc.conf to enable suricata: X# suricata_enable (bool): Set to YES to enable suricata X# Default: NO X# suricata_flags (str): Extra flags passed to suricata X# Default: -D -q X# suricata_interface (str): Network interface to sniff X# Default: "" X# suricata_conf (str): Suricata configuration file X# Default: ${PREFIX}/etc/suricata/suricata.yaml X# suricata_divertport (int): Port to create divert socket (Inline Mode) X# Default: 8000 X X X. /etc/rc.subr X Xname="suricata" Xrcvar=`set_rcvar` X Xcommand="%%PREFIX%%/bin/suricata" X Xload_rc_config $name X X[ -z "$suricata_enable" ] && suricata_enable="NO" X[ -z "$suricata_conf" ] && suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml" X[ -z "$suricata_flags" ] && suricata_flags="-D" X[ -z "$suricata_divertport" ] && suricata_divertport="8000" X X[ -n "$suricata_interface" ] && suricata_flags="$suricata_flags -i $suricata_interface --pidfile /var/run/suricata_${suricata_interface}.pid" \ X && pidfile="/var/run/suricata_${suricata_interface}.pid" X[ -z "$suricata_interface" ] && suricata_flags="$suricata_flags -d $suricata_divertport --pidfile /var/run/suricata_inline.pid" \ X && pidfile="/var/run/suricata_inline.pid" && info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)" X[ -n "$suricata_conf" ] && suricata_flags="$suricata_flags -c $suricata_conf" X Xrun_rc_command "$1" b2123a8c3836f83670083b660eeca21b echo x - suricata/files/pkg-message.in sed 's/^X//' >suricata/files/pkg-message.in << '2c322f9563bcc950c558dbd1040e9da2' X========================================================================= XIf you want to run Suricata in IDS mode, add to /etc/rc.conf: X X suricata_enable="YES" X suricata_interface="<if>" X XNOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode. X XHowever, if you wanna run Suricata in Inline IPS Mode, add to /etc/rc.conf: X X suricata_enable="YES" X suricata_divertport="8000" X XNOTA BENE: X Suricata won't start in IDS mode without an interface configured. X Therefore if you omit suricata_interface from rc.conf, FreeBSD's X rc.d/suricata will automatically try to start Suricata in IPS Mode X (on divert port 8000, by default). X XRULES: Suricata IDS/IPS Engine comes without rules by default. You should Xadd rules by yourself and set an updating strategy. To do so, please visit: X X http://www.openinfosecfoundation.org/documentation/rules.html X http://www.openinfosecfoundation.org/documentation/emerging-threats.html X XYou may want to try BPF in zerocopy mode to test performance improvements: X X sysctl -w net.bpf.zerocopy_enable=1 X XDon't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf X========================================================================= 2c322f9563bcc950c558dbd1040e9da2 echo x - suricata/files/patch-Makefile.in sed 's/^X//' >suricata/files/patch-Makefile.in << '7ea3965132c288d74b0c186070633ba9' X--- libhtp/Makefile.in.dist 2010-08-30 22:01:03.000000000 -0300 X+++ libhtp/Makefile.in 2010-08-30 22:02:08.000000000 -0300 X@@ -250,7 +250,7 @@ X ACLOCAL_AMFLAGS = -I m4 X SUBDIRS = $(GENERIC_LIBRARY_NAME) test X EXTRA_DIST = ChangeLog COPYING LICENSE LIBHTP_LICENSING_EXCEPTION docs/doxygen.conf docs/QUICK_START X-pkgconfigdir = $(libdir)/pkgconfig X+pkgconfigdir = $(libdir)/../libdata/pkgconfig X pkgconfig_DATA = htp.pc X all: config.h X $(MAKE) $(AM_MAKEFLAGS) all-recursive 7ea3965132c288d74b0c186070633ba9 echo x - suricata/Makefile sed 's/^X//' >suricata/Makefile << 'bcd8ba72d45dac5e7d3082172d00104c' X# New ports collection makefile for: suricata X# Date created: Sun Aug 29 16:39:08 BRT 2010 X# Whom: Patrick Tracanelli <eksffa@freebsdbrasil.com.br> X# X# $FreeBSD$ X# X XPORTNAME= suricata XPORTVERSION= 1.0.1 XCATEGORIES= security XMASTER_SITES= http://openinfosecfoundation.org/download/ \ X http://www6.freebsdbrasil.com.br/~eksffa/l/dev/suricata/ X XMAINTAINER= eksffa@freebsdbrasil.com.br XCOMMENT= Open Source next generation IDS/IPS engine by OISF X XLIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre \ X yaml:${PORTSDIR}/textproc/libyaml \ X pcap.1:${PORTSDIR}/net/libpcap X XBUILD_DEPENDS+= ${LIBNET_CONFIG}:${PORTSDIR}/net/libnet \ X pkg-config:${PORTSDIR}/devel/pkg-config X XUSE_AUTOTOOLS= automake110 autoconf:262 libtool:22 X XUSE_RC_SUBR= suricata X XLIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config X XOPTIONS= IPFW "Enable IPFW/IPDIVERT for IPS usage" on \ X PRELUDE "Enable Prelude NIDS integration" off X XSUB_FILES= pkg-message XHAS_CONFIGURE= yes XUSE_GMAKE= yes XUSE_LDCONFIG= yes X XCONFIG_DIR?= ${PREFIX}/etc/suricata XCONFIG_FILES= suricata.yaml classification.config XRULES_DIR= ${PREFIX}/etc/suricata/rules XLOGS_DIR= /var/log/suricata X X.include <bsd.port.pre.mk> X X.if defined(WITH_PRELUDE) XLIB_DEPENDS+= prelude.20:${PORTSDIR}/security/libprelude XCONFIGURE_ARGS+= --enable-prelude XPLIST_SUB+= PRELUDE="" X.endif X X.if defined(WITH_IPFW) XCONFIGURE_ARGS+= --enable-ipfw X.endif X Xpre-install: X @${REINPLACE_CMD} -e 's|/etc/suricata|${PREFIX}/etc/suricata|g' ${WRKSRC}/suricata.yaml X Xpost-install: X [ -d ${CONFIG_DIR} ] || ${MKDIR} ${CONFIG_DIR} X [ -d ${RULES_DIR} ] || ${MKDIR} ${RULES_DIR} X [ -d ${LOGS_DIR} ] || ${MKDIR} ${LOGS_DIR} X.for f in ${CONFIG_FILES} X ${INSTALL_DATA} ${WRKSRC}/${f} ${CONFIG_DIR}/${f}-sample X @if [ ! -f ${CONFIG_DIR}/${f} ]; then \ X ${CP} -p ${CONFIG_DIR}/${f}-sample ${CONFIG_DIR}/${f} ; \ X fi X.endfor X X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.post.mk> bcd8ba72d45dac5e7d3082172d00104c echo x - suricata/pkg-plist sed 's/^X//' >suricata/pkg-plist << 'ea8a01d2a8768415a1be40974ec221e6' Xlib/libhtp.a Xlib/libhtp-0.2.so Xlib/libhtp-0.2.so.1 Xlibdata/pkgconfig/htp.pc Xlib/libhtp.la Xlib/libhtp.so Xbin/suricata Xetc/suricata/suricata.yaml Xetc/suricata/suricata.yaml-sample Xetc/suricata/classification.config-sample Xetc/suricata/classification.config X@unexec /bin/rmdir %D/etc/suricata/rules 2>/dev/null || true X@unexec /bin/rmdir %D/etc/suricata 2>/dev/null || true X@unexec echo "completely uninstalling %D/include/htp" X@unexec /bin/rm -rf %D/include/htp 2>/dev/null || true ea8a01d2a8768415a1be40974ec221e6 echo x - suricata/pkg-descr sed 's/^X//' >suricata/pkg-descr << '0ac6103cad4e2318d456d6253815eb6c' XThe Suricata Engine is an Open Source Next Generation Intrusion Detection and XPrevention Engine developed by the Open Information Security Foundation (OISF). X XThis engine is not intended to just replace or emulate the existing tools in Xthe industry, but will bring new ideas and technologies to the field. X XOISF is part of and funded by the Department of Homeland Security's Directorate Xfor Science and Technology HOST program (Homeland Open Security Technology), Xby the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as Xthrough the very generous support of the members of the OISF Consortium. X XMore information about the Consortium is available, as well as a list of our Xcurrent Consortium Members. X XThe Suricata Engine and the HTP Library are available to use under the GPLv2. X XThe HTP Library is an HTTP normalizer and parser written by Ivan Ristic of XMod Security fame for the OISF. This integrates and provides very advanced Xprocessing of HTTP streams for Suricata. The HTP library is required by the Xengine but may also be used independently in a range of applications and tools. X XWWW: http://openinfosecfoundation.org 0ac6103cad4e2318d456d6253815eb6c echo x - suricata/distinfo sed 's/^X//' >suricata/distinfo << 'bfd54e74d99ac18e7619370dff3c98ce' XMD5 (suricata-1.0.1.tar.gz) = ad42b854ef2b44499f0f1d1531b1ca36 XSHA256 (suricata-1.0.1.tar.gz) = 7fbc8fe89a0a30171eddb8b066ab7e6ec811d14a73aa6bc9cea26fc1f36f4be4 XSIZE (suricata-1.0.1.tar.gz) = 1607941 bfd54e74d99ac18e7619370dff3c98ce exit --- suricata-1.0.1.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009011414.o81EEQ6U027683>