Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Aug 2016 23:37:48 +0000 (UTC)
From:      Ben Woods <woodsb02@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r421135 - in head/security: . snort2pfcd snort2pfcd/files
Message-ID:  <201608302337.u7UNbmcT015704@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: woodsb02
Date: Tue Aug 30 23:37:47 2016
New Revision: 421135
URL: https://svnweb.freebsd.org/changeset/ports/421135

Log:
  Add new port security/snort2pfcd, which analyzes snort alert output and
  blocks ip addresses using pf for a specified period of time.
  
  PR:		211813
  Submitted by:	onestsam@gmail.com
  Reviewed by:	adamw, mat (mentors)
  Approved by:	koobs (mentor)
  Differential Revision:	https://reviews.freebsd.org/D7712

Added:
  head/security/snort2pfcd/
  head/security/snort2pfcd/Makefile   (contents, props changed)
  head/security/snort2pfcd/distinfo   (contents, props changed)
  head/security/snort2pfcd/files/
  head/security/snort2pfcd/files/patch-Makefile   (contents, props changed)
  head/security/snort2pfcd/files/snort2pfcd.in   (contents, props changed)
  head/security/snort2pfcd/pkg-descr   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Tue Aug 30 21:04:31 2016	(r421134)
+++ head/security/Makefile	Tue Aug 30 23:37:47 2016	(r421135)
@@ -1066,6 +1066,7 @@
     SUBDIR += snoopy
     SUBDIR += snort
     SUBDIR += snort-rep
+    SUBDIR += snort2pfcd
     SUBDIR += snortreport
     SUBDIR += snortsam
     SUBDIR += snortsnarf

Added: head/security/snort2pfcd/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/snort2pfcd/Makefile	Tue Aug 30 23:37:47 2016	(r421135)
@@ -0,0 +1,22 @@
+# $FreeBSD$
+
+PORTNAME=	snort2pfcd
+PORTVERSION=	0.5
+CATEGORIES=	security
+MASTER_SITES=	http://www.tworoutes.com/oss/
+
+MAINTAINER=	onestsam@gmail.com
+COMMENT=	Snort alert to pf blocker
+
+LIB_DEPENDS=	libcidr.so:devel/libcidr
+RUN_DEPENDS=	snort:security/snort
+
+USE_RC_SUBR=	snort2pfcd
+PLIST_FILES=	man/man8/snort2pfcd.8.gz \
+		sbin/snort2pfcd
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/snort2pfcd ${STAGEDIR}${PREFIX}/sbin
+	${INSTALL_MAN} ${WRKSRC}/snort2pfcd.8.gz ${STAGEDIR}${MAN8PREFIX}/man/man8
+
+.include <bsd.port.mk>

Added: head/security/snort2pfcd/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/snort2pfcd/distinfo	Tue Aug 30 23:37:47 2016	(r421135)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1472559141
+SHA256 (snort2pfcd-0.5.tar.gz) = ea2f3df7bfbad5ecce7a266df89c4102cf5e92fa72869615925ca15631064dfe
+SIZE (snort2pfcd-0.5.tar.gz) = 9321

Added: head/security/snort2pfcd/files/patch-Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/snort2pfcd/files/patch-Makefile	Tue Aug 30 23:37:47 2016	(r421135)
@@ -0,0 +1,11 @@
+--- Makefile.orig	2016-08-30 14:07:38 UTC
++++ Makefile
+@@ -1,7 +1,7 @@
+ PROG= snort2pfcd
+ SRCS= main.c parser.c kevent.c spfc.c ioctl_helpers.c
+ MAN= ${PROG}.8
+-CFLAGS+=-Wall -Werror -pedantic
++CFLAGS+=-Wall -pedantic -I${LOCALBASE}/include
+ LDFLAGS+=-lutil -L${LOCALBASE}/lib -lcidr
+ 
+ .include <bsd.prog.mk>

Added: head/security/snort2pfcd/files/snort2pfcd.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/snort2pfcd/files/snort2pfcd.in	Tue Aug 30 23:37:47 2016	(r421135)
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: snort2pfcd
+# REQUIRE: DAEMON pf snort
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="snort2pfcd"
+rcvar=${name}_enable
+pidfile="/var/run/${name}.pid"
+command="%%PREFIX%%/sbin/${name}"
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+required_modules="pf"
+
+snort2pfcd_start()
+{
+	echo "Starting ${name}..."
+	if [ $(sysctl -n kern.securelevel) != "3" ]; then
+		${command} ${snort2pfcd_flags}
+	else
+		echo "${name} cannot operate on pf at securelevel 3"
+	fi
+
+	if [ -f ${pidfile} ]; then
+		echo "${name} successfully started"
+	else
+		echo "${name} statup failed"
+	fi
+}
+
+snort2pfcd_stop()
+{
+	if [ -f ${pidfile} ]; then
+		echo "Stopping ${name}..."
+		kill $(cat ${pidfile})
+		rm ${pidfile}
+	else
+		echo "${name} is not running?"
+	fi
+}
+
+load_rc_config ${name}
+run_rc_command "$1"

Added: head/security/snort2pfcd/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/snort2pfcd/pkg-descr	Tue Aug 30 23:37:47 2016	(r421135)
@@ -0,0 +1,3 @@
+Analyzes snort alert output and blocks ip addresses using pf for a specified
+period of time. A whitelist is specified in CIDR format to exclude local and 
+trusted ip address from being blocked.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608302337.u7UNbmcT015704>