From owner-freebsd-ports-bugs@FreeBSD.ORG Sun May 2 15:30:12 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C76901065673 for ; Sun, 2 May 2010 15:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 8B5628FC1E for ; Sun, 2 May 2010 15:30:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o42FUCnE088782 for ; Sun, 2 May 2010 15:30:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o42FUCSI088781; Sun, 2 May 2010 15:30:12 GMT (envelope-from gnats) Resent-Date: Sun, 2 May 2010 15:30:12 GMT Resent-Message-Id: <201005021530.o42FUCSI088781@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, olli hauer Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4B9B1106564A for ; Sun, 2 May 2010 15:29:04 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id B9E818FC0C for ; Sun, 2 May 2010 15:29:03 +0000 (UTC) Received: (qmail invoked by alias); 02 May 2010 15:29:02 -0000 Received: from u18-124.dsl.vianetworks.de (EHLO u18-124.dsl.vianetworks.de) [194.231.39.124] by mail.gmx.net (mp072) with SMTP; 02 May 2010 17:29:02 +0200 Received: by u18-124.dsl.vianetworks.de (Postfix, from userid 1100) id 404A52621C; Sun, 2 May 2010 17:28:58 +0200 (CEST) Message-Id: <20100502152858.404A52621C@u18-124.dsl.vianetworks.de> Date: Sun, 2 May 2010 17:28:58 +0200 (CEST) From: olli hauer To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: olli hauer Subject: ports/146239: [NEW PORT] security/pulledpork: Script to update snort-2.8+ rules X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: olli hauer List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 May 2010 15:30:12 -0000 >Number: 146239 >Category: ports >Synopsis: [NEW PORT] security/pulledpork: Script to update snort-2.8+ rules >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun May 02 15:30:11 UTC 2010 >Closed-Date: >Last-Modified: >Originator: olli hauer >Release: FreeBSD 7.3-RELEASE i386 >Organization: >Environment: >Description: pulledpork is a Perl script which helps to update your Snort 2.8+ rules. The sample config file comes predefined with the new settings for snort.org downloads, which will change in June 2010. BE SURE to read through the master pulledpork.conf file thoroughly, as there are many changes as of snort 2.8.6.0 that WILL affect you, even if you are NOT yet running 2.8.6.0! Features: * Flowbit tracking! * capability to specify base ruleset (see README.RULESETS) in master pulledpork.conf file. * Handle preprocessor and sensitive-information rulesets * Ability to define sid ranges in any of the sid modification .conf files * Ability to specify references in any of the sid modification .conf files * Ability to ignore entire rule categories (i.e. not include them) * Specify locally stored rules files that need their meta data included in sid-msg.map * Ability to specify your arch for so_rules * Rules are written to only two distinct files * Support metadata based VRT recommended rulesets * Maintain an optional rule changelog * Support for setting rules to Drop * Support for multi-line rules * Rule modification, i.e. disabling of specific rules within rule sets * Outputs changes in rules files if any rules have been added / modified * Compares new rules files with current rule sets * Automated retrieval of certain variables (Distro, Snort Version.. etc) * Downloads latest rules file * Verifies MD5 of local rules file * If MD5 has not changed from snort.org.. doesn't fetch files again * handle both rules and so_rules * Capability to generate stub files WWW: http://code.google.com/p/pulledpork/ >How-To-Repeat: >Fix: --- pulledpork.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # pulledpork # pulledpork/files # pulledpork/files/pkg-message.in # pulledpork/Makefile # pulledpork/pkg-descr # pulledpork/distinfo # echo c - pulledpork mkdir -p pulledpork > /dev/null 2>&1 echo c - pulledpork/files mkdir -p pulledpork/files > /dev/null 2>&1 echo x - pulledpork/files/pkg-message.in sed 's/^X//' >pulledpork/files/pkg-message.in << 'abbb7ab3bc01816d210c6788717e2ad2' X===================================================================== X XIn order to use pulled pork, adjust the config files located in X%%CONFIGDIR%%/ X X XImportant Note: X XSnort change the way rules are published. In June 2010 Snort will Xstop offering rules in the "snortrules-snapshot-CURRENT" format. X XInstead, rules will be released for specific Snort versions. XYou will be responsible for downloading the correct rules release Xfor your version of Snort. X XThe new versioning mechanism will require a four digit version in the Xfile name. To get the new download naming schema visit snort.org, Xand look at 'My Account' -> 'Subscriptions and Oinkcodes' X XBE SURE to read through the master pulledpork.conf file thoroughly, Xas there are many changes as of snort 2.8.6.0 that WILL affect you, Xeven if you are NOT yet running 2.8.6.0! X X===================================================================== abbb7ab3bc01816d210c6788717e2ad2 echo x - pulledpork/Makefile sed 's/^X//' >pulledpork/Makefile << '5c1e7aebd3f72e1a44c808485216df30' X# New ports collection makefile for: pulledpork X# Date created: 01 Mai 2010 X# Whom: Olli Hauer X# X# $FreeBSD$ X# X XPORTNAME= pulledpork XPORTVERSION= 0.4.1 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_GOOGLE_CODE} XDISTNAME= ${PORTNAME}-${PORTVERSION} X XMAINTAINER= ohauer@gmx.de XCOMMENT= Script to update snort-2.8+ rules X XRUN_DEPENDS= ${SITE_PERL}/LWP/Simple.pm:${PORTSDIR}/www/p5-libwww X XNO_BUILD= yes XUSE_PERL5_RUN= yes X XPLIST_DIRS= etc/pulledpork XPLIST_FILES= bin/pulledpork.pl \ X ${PLIST_DIRS}/disablesid.conf.sample \ X ${PLIST_DIRS}/dropsid.conf.sample \ X ${PLIST_DIRS}/enablesid.conf.sample \ X ${PLIST_DIRS}/pulledpork.conf.sample X XCONFIG_DIR= ${PREFIX}/${PLIST_DIRS} XSUB_FILES= pkg-message XSUB_LIST= CONFIGDIR=${CONFIG_DIR} X X.include X X.if (${PERL_LEVEL} < 501000) XRUN_DEPENDS+= p5-Archive-Tar>=1.52:${PORTSDIR}/archivers/p5-Archive-Tar X.endif X X.if !defined(NOPORTDOCS) XPORTDOCS= LICENSE README README.CHANGES README.RULESET X.endif X Xpost-patch: X @${REINPLACE_CMD} -e "s|/usr/bin/perl|${PERL}|" ${WRKSRC}/pulledpork.pl X @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ X -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ X -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ X -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ X ${WRKSRC}/etc/pulledpork.conf X Xdo-install: X ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${PREFIX}/bin X @${MKDIR} -m 750 ${CONFIG_DIR} X # pulledpork.conf contains the snort user registration key, do not install world readable X ${INSTALL_DATA} -m 440 ${WRKSRC}/etc/pulledpork.conf ${CONFIG_DIR}/pulledpork.conf.sample X ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${CONFIG_DIR}/disablesid.conf.sample X ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${CONFIG_DIR}/dropsid.conf.sample X ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${CONFIG_DIR}/enablesid.conf.sample X X.if !defined(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X @${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}/ X @${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/ X @${INSTALL_DATA} ${WRKSRC}/README.CHANGES ${DOCSDIR}/ X @${INSTALL_DATA} ${WRKSRC}/README.RULESET ${DOCSDIR}/ X.endif X Xpost-install: X @${CAT} ${PKGMESSAGE} X.include 5c1e7aebd3f72e1a44c808485216df30 echo x - pulledpork/pkg-descr sed 's/^X//' >pulledpork/pkg-descr << '6063cd04a3b36c5e46958f6513662351' Xpulledpork is a Perl script which helps to update your Snort 2.8+ rules. X XThe sample config file comes predefined with the new settings for Xsnort.org downloads, which will change in June 2010. X XBE SURE to read through the master pulledpork.conf file thoroughly, Xas there are many changes as of snort 2.8.6.0 that WILL affect you, Xeven if you are NOT yet running 2.8.6.0! X XFeatures: X * Flowbit tracking! X * capability to specify base ruleset (see README.RULESETS) in master X pulledpork.conf file. X * Handle preprocessor and sensitive-information rulesets X * Ability to define sid ranges in any of the sid modification .conf files X * Ability to specify references in any of the sid modification .conf files X * Ability to ignore entire rule categories (i.e. not include them) X * Specify locally stored rules files that need their meta data included X in sid-msg.map X * Ability to specify your arch for so_rules X * Rules are written to only two distinct files X * Support metadata based VRT recommended rulesets X * Maintain an optional rule changelog X * Support for setting rules to Drop X * Support for multi-line rules X * Rule modification, i.e. disabling of specific rules within rule sets X * Outputs changes in rules files if any rules have been added / modified X * Compares new rules files with current rule sets X * Automated retrieval of certain variables (Distro, Snort Version.. etc) X * Downloads latest rules file X * Verifies MD5 of local rules file X * If MD5 has not changed from snort.org.. doesn't fetch files again X * handle both rules and so_rules X * Capability to generate stub files X X XWWW: http://code.google.com/p/pulledpork/ 6063cd04a3b36c5e46958f6513662351 echo x - pulledpork/distinfo sed 's/^X//' >pulledpork/distinfo << 'ddab54909bef1f20eecc435eb248cf04' XMD5 (pulledpork-0.4.1.tar.gz) = 75f39ab4c1807ef3485fbf39561fbdd8 XSHA256 (pulledpork-0.4.1.tar.gz) = f1c50aba1fcf43660d2c62025192b0e756f49911ae2bced9106e98a24cddc923 XSIZE (pulledpork-0.4.1.tar.gz) = 21805 ddab54909bef1f20eecc435eb248cf04 exit --- pulledpork.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: