Date: Sun, 22 May 2005 20:33:51 -0600 (MDT) From: Nick Rogness <nick@rogness.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/81378: New port: security/snort_inline Message-ID: <200505230233.j4N2Xpsw044632@skywalker.rogness.net> Resent-Message-ID: <200505230240.j4N2e2C9094833@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 81378 >Category: ports >Synopsis: New port: security/snort_inline >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon May 23 02:40:01 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Nick Rogness >Release: FreeBSD 5.2.1-RC i386 >Organization: >Environment: System: FreeBSD skywalker.rogness.net 5.2.1-RC FreeBSD 5.2.1-RC #0: Sat Jan 31 05:36:22 GMT 2004 root@cypress.btc.adpatec.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: New port: security/snort_inline, An inline IPS system based on snort using ipfw. >How-To-Repeat: N/A >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # snort_inline # snort_inline/Makefile # snort_inline/pkg-descr # snort_inline/pkg-plist # snort_inline/distinfo # snort_inline/files # snort_inline/files/snort.sh # snort_inline/pkg-message # echo c - snort_inline mkdir -p snort_inline > /dev/null 2>&1 echo x - snort_inline/Makefile sed 's/^X//' >snort_inline/Makefile << 'END-of-snort_inline/Makefile' X# New ports collection makefile for: snort_inline X# Date created: 4 March 2005 X# Whom: nick@rogness.net X# X# $FreeBSD$ X# X XPORTNAME= snort_inline XPORTVERSION= 2.3.0 XCATEGORIES= security XMASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/ XDISTNAME= snort_inline-2.3.0-RC1 X XMAINTAINER= nick@rogness.net XCOMMENT= An inline IPS system based on snort using ipfw X XLIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre X XWRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1 X XUSE_GPG= yes XSIG_SUFFIX= .asc XUSE_REINPLACE= yes XGNU_CONFIGURE= yes XCONFIGURE_ENV= LDFLAGS="${LDFLAGS}" XCONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} XCONFIGURE_ARGS+= --enable-inline --enable-ipfw X XBUILD_DEPENDS+= ${LOCALBASE}/lib/libnet.a:${PORTSDIR}/net/libnet XCONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \ X --with-libnet-libraries=${LOCALBASE}/lib X X.if defined(WITH_MYSQL) XUSE_MYSQL= yes XCONFIGURE_ARGS+= --with-mysql=${LOCALBASE} X.else XCONFIGURE_ARGS+= --with-mysql=no X.endif X X.if defined(WITH_ODBC) XLIB_DEPENDS+= odbc.1:${PORTSDIR}/databases/unixODBC XCONFIGURE_ARGS+= --with-odbc=${LOCALBASE} XLDFLAGS+= ${PTHREAD_LIBS} X.else XCONFIGURE_ARGS+= --with-odbc=no X.endif X X.if defined(WITH_POSTGRESQL) XPOSTGRESQL_PORT?= databases/postgresql7 XLIB_DEPENDS+= pq.3:${PORTSDIR}/${POSTGRESQL_PORT} XCONFIGURE_ARGS+= --with-postgresql=${LOCALBASE} X.if exists(/usr/lib/libssl.a) && exists(/usr/lib/libcrypto.a) XLDFLAGS+= -lssl -lcrypto X.endif X.else XCONFIGURE_ARGS+= --with-postgresql=no X.endif X XMAN8= snort.8 XDOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \ X doc/README* doc/TODO doc/USAGE doc/*.pdf X XUSE_RC_SUBR= yes XRC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR} X Xpost-patch: X ${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c X @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ X ${FILESDIR}/snort.sh > ${WRKDIR}/snort.sh X Xpre-configure: X @${ECHO} "" X @${ECHO} "Set WITH_MYSQL, WITH_ODBC or WITH_POSTGRESQL" X @${ECHO} "to get additional support." X @${ECHO} "" X Xpost-install: X @${MKDIR} ${DATADIR} X ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR} X ${INSTALL_DATA} ${WRKSRC}/etc/classification.config \ X ${DATADIR}/classification.config-sample X [ -f ${DATADIR}/classification.config ] || \ X ${CP} ${DATADIR}/classification.config-sample \ X ${DATADIR}/classification.config X ${INSTALL_DATA} ${WRKSRC}/etc/reference.config \ X ${DATADIR}/reference.config-sample X [ -f ${DATADIR}/reference.config ] || \ X ${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config X ${INSTALL_SCRIPT} -m 751 ${WRKDIR}/snort.sh ${PREFIX}/etc/rc.d/snort.sh X.for f in snort.conf snort_inline.conf unicode.map threshold.conf X ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample X [ -f ${PREFIX}/etc/${f} ] || \ X ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f} X.endfor X.if !defined(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR} X.endif X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.mk> END-of-snort_inline/Makefile echo x - snort_inline/pkg-descr sed 's/^X//' >snort_inline/pkg-descr << 'END-of-snort_inline/pkg-descr' Xsnort-inline is a variation of snort that interfaces with the XIPFW firewall and divert sockets to provide a simple IPS system Xusing snort signatures. X XWWW: http://freebsd.rogness.net/snort_inline X X- Nick Rogness Xnick@rogness.net END-of-snort_inline/pkg-descr echo x - snort_inline/pkg-plist sed 's/^X//' >snort_inline/pkg-plist << 'END-of-snort_inline/pkg-plist' Xbin/snort_inline X@unexec if [ -f %D/etc/snort.conf ] && cmp -s %D/etc/snort.conf %D/etc/snort.conf-sample; then rm -f %D/etc/snort.conf; fi Xetc/snort.conf-sample X@exec [ -f %B/snort.conf ] || cp %B/%f %B/snort.conf X@exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf X@unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi Xetc/unicode.map-sample X@exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map X@unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi Xetc/threshold.conf-sample X@exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf Xetc/rc.d/snort.sh X%%PORTDOCS%%%%DOCSDIR%%/AUTHORS X%%PORTDOCS%%%%DOCSDIR%%/BUGS X%%PORTDOCS%%%%DOCSDIR%%/CREDITS X%%PORTDOCS%%%%DOCSDIR%%/ChangeLog X%%PORTDOCS%%%%DOCSDIR%%/faq.pdf X%%PORTDOCS%%%%DOCSDIR%%/faq.tex X%%PORTDOCS%%%%DOCSDIR%%/NEWS X%%PORTDOCS%%%%DOCSDIR%%/README X%%PORTDOCS%%%%DOCSDIR%%/README.INLINE X%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP X%%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS X%%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK X%%PORTDOCS%%%%DOCSDIR%%/README.WIN32 X%%PORTDOCS%%%%DOCSDIR%%/README.alert_order X%%PORTDOCS%%%%DOCSDIR%%/README.csv X%%PORTDOCS%%%%DOCSDIR%%/README.database X%%PORTDOCS%%%%DOCSDIR%%/README.event_queue X%%PORTDOCS%%%%DOCSDIR%%/README.flow X%%PORTDOCS%%%%DOCSDIR%%/README.flowbits X%%PORTDOCS%%%%DOCSDIR%%/README.flow-portscan X%%PORTDOCS%%%%DOCSDIR%%/README.sfportscan X%%PORTDOCS%%%%DOCSDIR%%/README.asn1 X%%PORTDOCS%%%%DOCSDIR%%/README.http_inspect X%%PORTDOCS%%%%DOCSDIR%%/README.thresholding X%%PORTDOCS%%%%DOCSDIR%%/README.wireless X%%PORTDOCS%%%%DOCSDIR%%/TODO X%%PORTDOCS%%%%DOCSDIR%%/USAGE X%%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf X%%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf X%%PORTDOCS%%@dirrm %%DOCSDIR%% X%%DATADIR%%/attack-responses.rules X%%DATADIR%%/backdoor.rules X%%DATADIR%%/bad-traffic.rules X%%DATADIR%%/chat.rules X@unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi X%%DATADIR%%/classification.config-sample X@exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config X%%DATADIR%%/ddos.rules X%%DATADIR%%/deleted.rules X%%DATADIR%%/dns.rules X%%DATADIR%%/dos.rules X%%DATADIR%%/experimental.rules X%%DATADIR%%/exploit.rules X%%DATADIR%%/finger.rules X%%DATADIR%%/ftp.rules X%%DATADIR%%/icmp-info.rules X%%DATADIR%%/icmp.rules X%%DATADIR%%/imap.rules X%%DATADIR%%/info.rules X%%DATADIR%%/local.rules X%%DATADIR%%/misc.rules X%%DATADIR%%/multimedia.rules X%%DATADIR%%/mysql.rules X%%DATADIR%%/netbios.rules X%%DATADIR%%/nntp.rules X%%DATADIR%%/oracle.rules X%%DATADIR%%/other-ids.rules X%%DATADIR%%/p2p.rules X%%DATADIR%%/policy.rules X%%DATADIR%%/pop2.rules X%%DATADIR%%/pop3.rules X%%DATADIR%%/porn.rules X@unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi X%%DATADIR%%/reference.config-sample X@exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config X%%DATADIR%%/rpc.rules X%%DATADIR%%/rservices.rules X%%DATADIR%%/scan.rules X%%DATADIR%%/shellcode.rules X%%DATADIR%%/smtp.rules X%%DATADIR%%/snmp.rules X%%DATADIR%%/sql.rules X%%DATADIR%%/telnet.rules X%%DATADIR%%/tftp.rules X%%DATADIR%%/virus.rules X%%DATADIR%%/web-attacks.rules X%%DATADIR%%/web-cgi.rules X%%DATADIR%%/web-client.rules X%%DATADIR%%/web-coldfusion.rules X%%DATADIR%%/web-frontpage.rules X%%DATADIR%%/web-iis.rules X%%DATADIR%%/web-misc.rules X%%DATADIR%%/web-php.rules X%%DATADIR%%/x11.rules X@dirrm %%DATADIR%% END-of-snort_inline/pkg-plist echo x - snort_inline/distinfo sed 's/^X//' >snort_inline/distinfo << 'END-of-snort_inline/distinfo' XMD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419 END-of-snort_inline/distinfo echo c - snort_inline/files mkdir -p snort_inline/files > /dev/null 2>&1 echo x - snort_inline/files/snort.sh sed 's/^X//' >snort_inline/files/snort.sh << 'END-of-snort_inline/files/snort.sh' X#!/bin/sh X# $Id$ X X# PROVIDE: snort X# REQUIRE: DAEMON X# BEFORE: LOGIN X# KEYWORD: FreeBSD shutdown X X# Add the following lines to /etc/rc.conf to enable snort: X# snort_enable (bool): Set to YES to enable snort X# Default: NO X# snort_flags (str): Extra flags passed to snort X# Default: -Dq -J 8000 X# snort_interface (str): Network interface to sniff X# Default: "" X# snort_conf (str): Snort configuration file X# Default: ${PREFIX}/etc/snort_inline.conf X# X X. %%RC_SUBR%% X Xname="snort" Xrcvar=`set_rcvar` X Xcommand="%%PREFIX%%/bin/snort" X Xload_rc_config $name X X[ -z "$snort_enable" ] && snort_enable="NO" X[ -z "$snort_conf" ] && snort_conf="%%PREFIX%%/etc/snort_inline.conf" X[ -z "$snort_flags" ] && snort_flags="-Dq -J 8000" X X[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface" X[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf" X Xrun_rc_command "$1" END-of-snort_inline/files/snort.sh echo x - snort_inline/pkg-message sed 's/^X//' >snort_inline/pkg-message << 'END-of-snort_inline/pkg-message' X *********************************** X * !!!!!!!!!!! WARNING !!!!!!!!!!! * X *********************************** X Xsnort_inline uses rcNG startup scripts and must be enabled via /etc/rc.conf X XAvailable variables: X X snort_enable (bool): Set to YES to enable snort X Default: NO X snort_flags (str): Extra flags passed to snort X Default: -Dq -J 8000 X snort_interface (str): Network interface to sniff X Default: "" X snort_conf (str): Snort configuration file X Default: ${PREFIX}/etc/snort_inline.conf X XAlso, make sure that your kernel is compiled with: X X options IPFIREWALL X options IPDIVERT X XThe default divert port is 8000. See http://freebsd.rogness.net/snort_inline Xfor more information. END-of-snort_inline/pkg-message exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505230233.j4N2Xpsw044632>