From owner-freebsd-ports Wed Aug 2 13:20: 9 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 364D137BB0F for ; Wed, 2 Aug 2000 13:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id NAA34288; Wed, 2 Aug 2000 13:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id C9E1C37BD1D; Wed, 2 Aug 2000 13:17:48 -0700 (PDT) Message-Id: <20000802201748.C9E1C37BD1D@hub.freebsd.org> Date: Wed, 2 Aug 2000 13:17:48 -0700 (PDT) From: gabriel_ambuehl@root.li To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: ports/20365: Update for port of Snort Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20365 >Category: ports >Synopsis: Update for port of Snort >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 02 13:20:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Gabriel Ambuehl >Release: 4-STABLE >Organization: BUZ Internet Services >Environment: >Description: Here's an update to Snort 1.6.3 which should solve various problems (1.6.2.2 once killed my machine). >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # /usr/ports/security/snort_work # /usr/ports/security/snort_work/files # /usr/ports/security/snort_work/files/md5 # /usr/ports/security/snort_work/pkg # /usr/ports/security/snort_work/pkg/COMMENT # /usr/ports/security/snort_work/pkg/DESCR # /usr/ports/security/snort_work/pkg/PLIST # /usr/ports/security/snort_work/Makefile # echo c - /usr/ports/security/snort_work mkdir -p /usr/ports/security/snort_work > /dev/null 2>&1 echo c - /usr/ports/security/snort_work/files mkdir -p /usr/ports/security/snort_work/files > /dev/null 2>&1 echo x - /usr/ports/security/snort_work/files/md5 sed 's/^X//' >/usr/ports/security/snort_work/files/md5 sed 's/^X//' ><< 'END-of-/usr/ports/security/snort_work/files/md5' XMD5 (snort-1.6.3.tar.gz) = 5d628b08c0bf42af3affc9fcfca7ea69 END-of-/usr/ports/security/snort_work/files/md5 echo c - /usr/ports/security/snort_work/pkg mkdir -p /usr/ports/security/snort_work/pkg > /dev/null 2>&1 echo x - /usr/ports/security/snort_work/pkg/COMMENT sed 's/^X//' >/usr/ports/security/snort_work/pkg/COMMENT sed 's/^X//' ><< 'END-of-/usr/ports/security/snort_work/pkg/COMMENT' XLightweight network intrusion detection system END-of-/usr/ports/security/snort_work/pkg/COMMENT echo x - /usr/ports/security/snort_work/pkg/DESCR sed 's/^X//' >/usr/ports/security/snort_work/pkg/DESCR sed 's/^X//' ><< 'END-of-/usr/ports/security/snort_work/pkg/DESCR' XSnort is a libpcap-based packet sniffer/logger which can be used as a Xlightweight network intrusion detection system. It features rules based logging Xand can perform content searching/matching in addition to being used to detect Xa variety of other attacks and probes, such as buffer overflows, stealth port Xscans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting Xcapabilty, with alerts being sent to syslog, a seperate "alert" file, or even Xto a Windows computer via Samba. X XPackets are logged in their decoded form to directories which are generated Xbased upon the IP address of the remote peer. This allows Snort to be used as Xa sort of "poor man's intrusion detection system" if you specify what traffic Xyou want to record and what to let through. X XFor instance, I use it to record traffic of interest to the six computers in Xmy office at work while I'm away on travel or gone for the weekend. It's Xalso nice for debugging network code since it shows you most of the Important XStuff(TM) about your packets (as I see it anyway). The code is pretty easy Xto modify to provide more complete packet decoding, so feel free to make Xsuggestions. X XWWW: http://www.snort.org/ END-of-/usr/ports/security/snort_work/pkg/DESCR echo x - /usr/ports/security/snort_work/pkg/PLIST sed 's/^X//' >/usr/ports/security/snort_work/pkg/PLIST sed 's/^X//' ><< 'END-of-/usr/ports/security/snort_work/pkg/PLIST' Xbin/snort Xshare/snort/CREDITS Xshare/snort/RULES.SAMPLE Xshare/snort/USAGE Xshare/snort/backdoor-lib Xshare/snort/ddos-lib Xshare/snort/finger-lib Xshare/snort/ftp-lib Xshare/snort/misc-lib Xshare/snort/netbios-lib Xshare/snort/overflow-lib Xshare/snort/ping-lib Xshare/snort/rpc-lib Xshare/snort/scan-lib Xshare/snort/smtp-lib Xshare/snort/snort-lib Xshare/snort/telnet-lib Xshare/snort/webcf-lib Xshare/snort/webcgi-lib Xshare/snort/webfp-lib Xshare/snort/webiis-lib Xshare/snort/webmisc-lib X@dirrm share/snort END-of-/usr/ports/security/snort_work/pkg/PLIST echo x - /usr/ports/security/snort_work/Makefile sed 's/^X//' >/usr/ports/security/snort_work/Makefile sed 's/^X//' ><< 'END-of-/usr/ports/security/snort_work/Makefile' X# New ports collection makefile for: snort X# Date created: Mon Aug 2 12:04:08 CEST 1999 X# Whom: Dirk Froemberg X# X# $FreeBSD: ports/security/snort/Makefile,v 1.12 2000/07/10 13:35:51 dirk Exp $ X# X XPORTNAME= snort XPORTVERSION= 1.6.3 XCATEGORIES= security XMASTER_SITES= http://www.snort.org/Files/ \ X http://www.physik.TU-Berlin.DE/~ibex/ports/distfiles/ X XMAINTAINER= dirk@FreeBSD.org X XGNU_CONFIGURE= yes XMAN8= snort.8 X Xpost-install: X ${MKDIR} ${PREFIX}/share/snort X.for i in CREDITS RULES.SAMPLE USAGE backdoor-lib ddos-lib finger-lib ftp-lib \ X misc-lib netbios-lib overflow-lib ping-lib rpc-lib scan-lib smtp-lib \ X snort-lib telnet-lib webcf-lib webcgi-lib webfp-lib webiis-lib webmisc-lib X ${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/snort X.endfor X X.include END-of-/usr/ports/security/snort_work/Makefile exit >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message