Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Nov 2009 15:40:02 GMT
From:      olli hauer <ohauer@gmx.de>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/140881: [patch] port security/snortsam update to version 2.68
Message-ID:  <200911271540.nARFe2ID014351@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/140881; it has been noted by GNATS.

From: olli hauer <ohauer@gmx.de>
To: bug-followup@FreeBSD.org, ohauer@gmx.de
Cc: ohauer@gmx.de
Subject: Re: ports/140881: [patch] port security/snortsam update to version 2.68
Date: Fri, 27 Nov 2009 16:37:09 +0100 (CET)

 Snortsam was updated with my patches, so please use this
 version instead.
 
 The new patch updates snortsam to version 2.69
 
 
 --
 olli hauer
 
 --- patch_snortsam-2.69.txt begins here ---
 --- snortsam/Makefile	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/Makefile	2009-11-27 15:18:21.000000000 +0100
 @@ -6,7 +6,7 @@
  #
  
  PORTNAME=	snortsam
 -PORTVERSION=	2.60
 +PORTVERSION=	2.69
  CATEGORIES=	security
  MASTER_SITES=	http://www.snortsam.net/files/snortsam/ \
  		http://www.freebsdbrasil.com.br/~urisso/files/snortsam/
 @@ -15,53 +15,76 @@
  MAINTAINER=	urisso@bsd.com.br
  COMMENT=	SnortSam is a output plugin for Snort
  
 -WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
 +OPTIONS=	IPFW	"checks if configured tables are available" on \
 +		SAMTOOL "install samtool" on \
 +		DEBUG	"build with verbose messages" off
 +
 +.include <bsd.port.pre.mk>
  
 +USE_RC_SUBR=	snortsam.sh
 +SUB_FILES=	pkg-message
  HAS_CONFIGURE=	yes
  NO_BUILD=	yes
 +CONFIGURE_SCRIPT=	src/Makefile
 +WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
  
 -SYSCONFDIR=	${PREFIX}/etc/snortsam
 -
 -CONFIGURE_SCRIPT=	makesnortsam.sh
 -
 -USE_RC_SUBR=	snortsam.sh
 +CONFIG_DIR?=	${PREFIX}/etc/snortsam
  
  PLIST_DIRS=	etc/snortsam
 -PLIST_FILES=	etc/snortsam/rootservers.cfg etc/snortsam/snortsam.conf.sample sbin/snortsam sbin/snortsam-debug
 -PORTDOCS=	INSTALL README README.conf README.snmp_interface_down
 +PLIST_FILES=	sbin/snortsam \
 +		etc/snortsam/snortsam.conf.sample \
 +		etc/snortsam/country-rootservers.conf.sample \
 +		etc/snortsam/opsec.conf.sample \
 +		etc/snortsam/rootservers.cfg.sample
  
 -OPTIONS=	IPFW	"Enable IPFW table checking if it set deny rules" on
 +.if defined(WITH_SAMTOOL)
 +PLIST_FILES+=	sbin/samtool
 +.endif
  
 -.include <bsd.port.pre.mk>
 +PORTDOCS=	AUTHORS BUGS CREDITS FAQ INSTALL LICENSE README README.ciscoacl \
 +		README.conf README.iptables README.netscreen README.pf README.pf2 \
 +		README.rules README.slackware README.snmp_interface_down README.wgrd \
 +		README_8signs.rtf TODO
  
  .if defined(WITHOUT_IPFW)
 -PATCH_SITES+=http://www.freebsdbrasil.com.br/~urisso/files/snortsam/:ipfw
 -PATCHFILES+=ssp_ipfw2.c.diff:ipfw
 +EXTRA_PATCHES+=	${FILESDIR}/ssp_ipfw2_no_table_check.patch
  .endif
  
 -post-extract:
 -	@${CAT} ${PATCHDIR}/pkg-message-snortsam
 -	@sleep 5
 +.if defined(WITH_DEBUG)
 +DEBUG=-DDEBUG
 +.endif
  
  pre-configure:
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/conf/snortsam.conf.sample
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/docs/README.conf
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/src/snortsam.c
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/contrib/snortsam-state.c
 -	${CHMOD} +x ${WRKSRC}/makesnortsam.sh
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c
 +	@${CHMOD} +x ${WRKSRC}/makesnortsam.sh
 +
 +do-configure:
 +	@cd ${WRKSRC}/src && ${MAKE} ${DEBUG}
 +	@cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG}
  
 +# no access to snortsam.conf and samtool for non root users!
  do-install:
 -	${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
 -	${INSTALL_PROGRAM} ${WRKSRC}/snortsam-debug ${PREFIX}/sbin
 -	${MKDIR} ${SYSCONFDIR}
 -	${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${SYSCONFDIR}/snortsam.conf.sample
 -	${INSTALL_DATA} ${WRKSRC}/conf/*rootservers.cfg ${SYSCONFDIR}/
 +	@${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
 +.if defined(WITH_SAMTOOL)
 +	@${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin
 +.endif
 +	@${MKDIR} ${CONFIG_DIR}
 +	@${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/opsec.conf ${CONFIG_DIR}/opsec.conf.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample
  
  .if !defined(NOPORTDOCS)
 +	@${MKDIR} ${DOCSDIR}
  .for f in ${PORTDOCS}
 -	${MKDIR} ${DOCSDIR}
 -	${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
 +	@${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
  .endfor
  .endif
  
 +post-install:
 +	@${CAT} ${PKGMESSAGE}
 +
  .include <bsd.port.post.mk>
 --- snortsam/distinfo	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/distinfo	2009-11-27 15:19:59.000000000 +0100
 @@ -1,6 +1,3 @@
 -MD5 (snortsam-src-2.60.tar.gz) = 5fdc69b18938237ac943beeb7f6c105a
 -SHA256 (snortsam-src-2.60.tar.gz) = 65c44a91487f533f66291b1dd41f06237d21ba7c9e43a27d8784e2915c2771f4
 -SIZE (snortsam-src-2.60.tar.gz) = 1982833
 -MD5 (ssp_ipfw2.c.diff) = bcc60c6d27805db5d96c284189cefee8
 -SHA256 (ssp_ipfw2.c.diff) = 29355590da907bb4c9f3e259c460c1c29d7a0e6cb201290ffc904c246c8ef3e4
 -SIZE (ssp_ipfw2.c.diff) = 1193
 +MD5 (snortsam-src-2.69.tar.gz) = 7663ce82956a97c5f725028716d66140
 +SHA256 (snortsam-src-2.69.tar.gz) = eb0dc0ebd65b6d15e3adabd7be2720221005683eefb7ca5986b9ca0284d55f92
 +SIZE (snortsam-src-2.69.tar.gz) = 1971579
 --- snortsam/files/patch-makesnortsam.sh	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/files/patch-makesnortsam.sh	1970-01-01 01:00:00.000000000 +0100
 @@ -1,13 +0,0 @@
 ---- makesnortsam.sh.old	2008-08-03 00:04:24.000000000 -0300
 -+++ makesnortsam.sh	2008-08-03 00:04:57.000000000 -0300
 -@@ -11,8 +11,8 @@
 - #        Under Solaris, the OPSEC stuff is linked dynamically.
 - #        On other platforms, statically.
 - 
 --BSDTHREADLIB='-lc_r'
 --#BSDTHREADLIB='-lpthread'
 -+#BSDTHREADLIB='-lc_r'
 -+BSDTHREADLIB='-lpthread'
 - 
 - systype=`uname`
 - 
 --- snortsam/files/patch-snortsam.h	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/files/patch-snortsam.h	1970-01-01 01:00:00.000000000 +0100
 @@ -1,16 +0,0 @@
 ---- src/snortsam.h.old	2008-08-03 00:08:34.000000000 -0300
 -+++ src/snortsam.h	2008-08-03 00:10:58.000000000 -0300
 -@@ -178,10 +178,10 @@
 - #define safecopy(dst,src)		_safecp(dst,sizeof(dst),src)
 - 
 - #ifdef WIN32
 --#define FWSAMCONFIGFILE			"snortsam.cfg"
 --#define FWSAMHISTORYFILE			"snortsam.sta"
 -+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.cfg"
 -+#define FWSAMHISTORYFILE			"/var/db/snortsam.sta"
 - #else
 --#define FWSAMCONFIGFILE			"/etc/snortsam.conf"
 -+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.conf"
 - #define FWSAMHISTORYFILE			"/var/db/snortsam.state"  
 - #endif
 - 
 --- snortsam/files/pkg-message-snortsam	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/files/pkg-message-snortsam	1970-01-01 01:00:00.000000000 +0100
 @@ -1,10 +0,0 @@
 -
 -============================================================
 -NOTE:	Make sure that your SNORT installation it is defined
 -	output plugin SNORTSAM for don't cause errors while
 -	building SNORTSAM system. If exists some OLD SNORT
 -	installation WITHOUT supports for interaction between
 -	SNORT and SNORTSAM. PLEASE reconfigure WITH that this
 -	feature and rebuild a new installation.
 -=============================================================
 -
 --- snortsam/files/pkg-message.in	1970-01-01 01:00:00.000000000 +0100
 +++ snortsam/files/pkg-message.in	2009-11-27 15:33:53.000000000 +0100
 @@ -0,0 +1,18 @@
 +================================================================
 +NOTE:   SNORT have to be build with OPTION SNORTSAM.
 +
 +	To enable snortsam as output plugin for snort a config
 +	line like the following should be present in snort.conf
 +
 +	  output alert_fwsam: <snortsambox>:<port>/<password>
 +
 +	With samtool it is possible to send alerts to snortsam,
 +	this way you can test and adjust your FW rules.
 +
 +        For more information read the INSTALL, FAQ, README 
 +        files in %%DOCSDIR%%
 +
 +        Additional consolidate http://snortsam.net
 +
 +==============================================================
 +
 --- snortsam/files/ssp_ipfw2_no_table_check.patch	1970-01-01 01:00:00.000000000 +0100
 +++ snortsam/files/ssp_ipfw2_no_table_check.patch	2009-11-25 23:53:50.000000000 +0100
 @@ -0,0 +1,18 @@
 +--- src/ssp_ipfw2.c.orig	2008-04-26 21:53:21.000000000 +0200
 ++++ src/ssp_ipfw2.c	2009-11-14 22:03:41.000000000 +0100
 +@@ -91,6 +91,7 @@
 + 				}
 + 			}
 + 		}
 ++#if defined(ENABLE_IPFW_TABLE_CHECK)
 + 		/* Check if inbound table exists */
 + 		snprintf(chk,sizeof(chk)-1,"/sbin/ipfw show | grep -q \"deny ip from any to table(%u) via %s\"",ipfw2p->in_table,ipfw2p->interface);
 + 		if(system(chk))
 +@@ -110,6 +111,7 @@
 + 			}
 + 		}
 + 				
 ++#endif	/* ENABLE_IPFW_TABLE_CHECK */
 + #ifdef FWSAMDEBUG
 + 		if(plugindatalist->data)
 + 			printf("Debug: [ipfw2] Adding IPFW2: i/f '%s', tables %u (in) and %u (out)\n", ipfw2p->interface, ipfw2p->in_table,ipfw2p->out_table);
 --- snortsam/pkg-descr	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/pkg-descr	2009-11-25 23:53:50.000000000 +0100
 @@ -1,5 +1,6 @@
 -SnortSam is a plugin for Snort, an open-source light-weight
 -Intrusion Detection System (IDS). The plugin allows for
 -automated blocking of IP addresses on many firewalls.
 +SnortSam is an intelligent agent that allows the popular
 +open-source Intrusion Detection System called Snort to block
 +intruding connections by reconfiguration of many firewalls
 +and Cisco devices.
  
  WWW: http://www.snortsam.net
 --- patch_snortsam-2.69.txt ends here ---



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911271540.nARFe2ID014351>