Date: Sun, 2 May 2010 17:28:58 +0200 (CEST) From: olli hauer <ohauer@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: olli hauer <ohauer@gmx.de> Subject: ports/146239: [NEW PORT] security/pulledpork: Script to update snort-2.8+ rules Message-ID: <20100502152858.404A52621C@u18-124.dsl.vianetworks.de> Resent-Message-ID: <201005021530.o42FUCSI088781@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 146239
>Category: ports
>Synopsis: [NEW PORT] security/pulledpork: Script to update snort-2.8+ rules
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun May 02 15:30:11 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: olli hauer <ohauer@gmx.de>
>Release: FreeBSD 7.3-RELEASE i386
>Organization:
>Environment:
>Description:
pulledpork is a Perl script which helps to update your Snort 2.8+ rules.
The sample config file comes predefined with the new settings for
snort.org downloads, which will change in June 2010.
BE SURE to read through the master pulledpork.conf file thoroughly,
as there are many changes as of snort 2.8.6.0 that WILL affect you,
even if you are NOT yet running 2.8.6.0!
Features:
* Flowbit tracking!
* capability to specify base ruleset (see README.RULESETS) in master
pulledpork.conf file.
* Handle preprocessor and sensitive-information rulesets
* Ability to define sid ranges in any of the sid modification .conf files
* Ability to specify references in any of the sid modification .conf files
* Ability to ignore entire rule categories (i.e. not include them)
* Specify locally stored rules files that need their meta data included
in sid-msg.map
* Ability to specify your arch for so_rules
* Rules are written to only two distinct files
* Support metadata based VRT recommended rulesets
* Maintain an optional rule changelog
* Support for setting rules to Drop
* Support for multi-line rules
* Rule modification, i.e. disabling of specific rules within rule sets
* Outputs changes in rules files if any rules have been added / modified
* Compares new rules files with current rule sets
* Automated retrieval of certain variables (Distro, Snort Version.. etc)
* Downloads latest rules file
* Verifies MD5 of local rules file
* If MD5 has not changed from snort.org.. doesn't fetch files again
* handle both rules and so_rules
* Capability to generate stub files
WWW: http://code.google.com/p/pulledpork/
>How-To-Repeat:
>Fix:
--- pulledpork.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# pulledpork
# pulledpork/files
# pulledpork/files/pkg-message.in
# pulledpork/Makefile
# pulledpork/pkg-descr
# pulledpork/distinfo
#
echo c - pulledpork
mkdir -p pulledpork > /dev/null 2>&1
echo c - pulledpork/files
mkdir -p pulledpork/files > /dev/null 2>&1
echo x - pulledpork/files/pkg-message.in
sed 's/^X//' >pulledpork/files/pkg-message.in << 'abbb7ab3bc01816d210c6788717e2ad2'
X=====================================================================
X
XIn order to use pulled pork, adjust the config files located in
X%%CONFIGDIR%%/
X
X
XImportant Note:
X
XSnort change the way rules are published. In June 2010 Snort will
Xstop offering rules in the "snortrules-snapshot-CURRENT" format.
X
XInstead, rules will be released for specific Snort versions.
XYou will be responsible for downloading the correct rules release
Xfor your version of Snort.
X
XThe new versioning mechanism will require a four digit version in the
Xfile name. To get the new download naming schema visit snort.org,
Xand look at 'My Account' -> 'Subscriptions and Oinkcodes'
X
XBE SURE to read through the master pulledpork.conf file thoroughly,
Xas there are many changes as of snort 2.8.6.0 that WILL affect you,
Xeven if you are NOT yet running 2.8.6.0!
X
X=====================================================================
abbb7ab3bc01816d210c6788717e2ad2
echo x - pulledpork/Makefile
sed 's/^X//' >pulledpork/Makefile << '5c1e7aebd3f72e1a44c808485216df30'
X# New ports collection makefile for: pulledpork
X# Date created: 01 Mai 2010
X# Whom: Olli Hauer
X#
X# $FreeBSD$
X#
X
XPORTNAME= pulledpork
XPORTVERSION= 0.4.1
XCATEGORIES= security
XMASTER_SITES= ${MASTER_SITE_GOOGLE_CODE}
XDISTNAME= ${PORTNAME}-${PORTVERSION}
X
XMAINTAINER= ohauer@gmx.de
XCOMMENT= Script to update snort-2.8+ rules
X
XRUN_DEPENDS= ${SITE_PERL}/LWP/Simple.pm:${PORTSDIR}/www/p5-libwww
X
XNO_BUILD= yes
XUSE_PERL5_RUN= yes
X
XPLIST_DIRS= etc/pulledpork
XPLIST_FILES= bin/pulledpork.pl \
X ${PLIST_DIRS}/disablesid.conf.sample \
X ${PLIST_DIRS}/dropsid.conf.sample \
X ${PLIST_DIRS}/enablesid.conf.sample \
X ${PLIST_DIRS}/pulledpork.conf.sample
X
XCONFIG_DIR= ${PREFIX}/${PLIST_DIRS}
XSUB_FILES= pkg-message
XSUB_LIST= CONFIGDIR=${CONFIG_DIR}
X
X.include <bsd.port.pre.mk>
X
X.if (${PERL_LEVEL} < 501000)
XRUN_DEPENDS+= p5-Archive-Tar>=1.52:${PORTSDIR}/archivers/p5-Archive-Tar
X.endif
X
X.if !defined(NOPORTDOCS)
XPORTDOCS= LICENSE README README.CHANGES README.RULESET
X.endif
X
Xpost-patch:
X @${REINPLACE_CMD} -e "s|/usr/bin/perl|${PERL}|" ${WRKSRC}/pulledpork.pl
X @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \
X -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \
X -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \
X -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \
X ${WRKSRC}/etc/pulledpork.conf
X
Xdo-install:
X ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${PREFIX}/bin
X @${MKDIR} -m 750 ${CONFIG_DIR}
X # pulledpork.conf contains the snort user registration key, do not install world readable
X ${INSTALL_DATA} -m 440 ${WRKSRC}/etc/pulledpork.conf ${CONFIG_DIR}/pulledpork.conf.sample
X ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${CONFIG_DIR}/disablesid.conf.sample
X ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${CONFIG_DIR}/dropsid.conf.sample
X ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${CONFIG_DIR}/enablesid.conf.sample
X
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X @${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}/
X @${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/
X @${INSTALL_DATA} ${WRKSRC}/README.CHANGES ${DOCSDIR}/
X @${INSTALL_DATA} ${WRKSRC}/README.RULESET ${DOCSDIR}/
X.endif
X
Xpost-install:
X @${CAT} ${PKGMESSAGE}
X.include <bsd.port.post.mk>
5c1e7aebd3f72e1a44c808485216df30
echo x - pulledpork/pkg-descr
sed 's/^X//' >pulledpork/pkg-descr << '6063cd04a3b36c5e46958f6513662351'
Xpulledpork is a Perl script which helps to update your Snort 2.8+ rules.
X
XThe sample config file comes predefined with the new settings for
Xsnort.org downloads, which will change in June 2010.
X
XBE SURE to read through the master pulledpork.conf file thoroughly,
Xas there are many changes as of snort 2.8.6.0 that WILL affect you,
Xeven if you are NOT yet running 2.8.6.0!
X
XFeatures:
X * Flowbit tracking!
X * capability to specify base ruleset (see README.RULESETS) in master
X pulledpork.conf file.
X * Handle preprocessor and sensitive-information rulesets
X * Ability to define sid ranges in any of the sid modification .conf files
X * Ability to specify references in any of the sid modification .conf files
X * Ability to ignore entire rule categories (i.e. not include them)
X * Specify locally stored rules files that need their meta data included
X in sid-msg.map
X * Ability to specify your arch for so_rules
X * Rules are written to only two distinct files
X * Support metadata based VRT recommended rulesets
X * Maintain an optional rule changelog
X * Support for setting rules to Drop
X * Support for multi-line rules
X * Rule modification, i.e. disabling of specific rules within rule sets
X * Outputs changes in rules files if any rules have been added / modified
X * Compares new rules files with current rule sets
X * Automated retrieval of certain variables (Distro, Snort Version.. etc)
X * Downloads latest rules file
X * Verifies MD5 of local rules file
X * If MD5 has not changed from snort.org.. doesn't fetch files again
X * handle both rules and so_rules
X * Capability to generate stub files
X
X
XWWW: http://code.google.com/p/pulledpork/
6063cd04a3b36c5e46958f6513662351
echo x - pulledpork/distinfo
sed 's/^X//' >pulledpork/distinfo << 'ddab54909bef1f20eecc435eb248cf04'
XMD5 (pulledpork-0.4.1.tar.gz) = 75f39ab4c1807ef3485fbf39561fbdd8
XSHA256 (pulledpork-0.4.1.tar.gz) = f1c50aba1fcf43660d2c62025192b0e756f49911ae2bced9106e98a24cddc923
XSIZE (pulledpork-0.4.1.tar.gz) = 21805
ddab54909bef1f20eecc435eb248cf04
exit
--- pulledpork.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100502152858.404A52621C>