Date: Tue, 30 Aug 2016 23:37:48 +0000 (UTC) From: Ben Woods <woodsb02@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r421135 - in head/security: . snort2pfcd snort2pfcd/files Message-ID: <201608302337.u7UNbmcT015704@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: woodsb02 Date: Tue Aug 30 23:37:47 2016 New Revision: 421135 URL: https://svnweb.freebsd.org/changeset/ports/421135 Log: Add new port security/snort2pfcd, which analyzes snort alert output and blocks ip addresses using pf for a specified period of time. PR: 211813 Submitted by: onestsam@gmail.com Reviewed by: adamw, mat (mentors) Approved by: koobs (mentor) Differential Revision: https://reviews.freebsd.org/D7712 Added: head/security/snort2pfcd/ head/security/snort2pfcd/Makefile (contents, props changed) head/security/snort2pfcd/distinfo (contents, props changed) head/security/snort2pfcd/files/ head/security/snort2pfcd/files/patch-Makefile (contents, props changed) head/security/snort2pfcd/files/snort2pfcd.in (contents, props changed) head/security/snort2pfcd/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Tue Aug 30 21:04:31 2016 (r421134) +++ head/security/Makefile Tue Aug 30 23:37:47 2016 (r421135) @@ -1066,6 +1066,7 @@ SUBDIR += snoopy SUBDIR += snort SUBDIR += snort-rep + SUBDIR += snort2pfcd SUBDIR += snortreport SUBDIR += snortsam SUBDIR += snortsnarf Added: head/security/snort2pfcd/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/Makefile Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,22 @@ +# $FreeBSD$ + +PORTNAME= snort2pfcd +PORTVERSION= 0.5 +CATEGORIES= security +MASTER_SITES= http://www.tworoutes.com/oss/ + +MAINTAINER= onestsam@gmail.com +COMMENT= Snort alert to pf blocker + +LIB_DEPENDS= libcidr.so:devel/libcidr +RUN_DEPENDS= snort:security/snort + +USE_RC_SUBR= snort2pfcd +PLIST_FILES= man/man8/snort2pfcd.8.gz \ + sbin/snort2pfcd + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/snort2pfcd ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_MAN} ${WRKSRC}/snort2pfcd.8.gz ${STAGEDIR}${MAN8PREFIX}/man/man8 + +.include <bsd.port.mk> Added: head/security/snort2pfcd/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/distinfo Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,3 @@ +TIMESTAMP = 1472559141 +SHA256 (snort2pfcd-0.5.tar.gz) = ea2f3df7bfbad5ecce7a266df89c4102cf5e92fa72869615925ca15631064dfe +SIZE (snort2pfcd-0.5.tar.gz) = 9321 Added: head/security/snort2pfcd/files/patch-Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/files/patch-Makefile Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,11 @@ +--- Makefile.orig 2016-08-30 14:07:38 UTC ++++ Makefile +@@ -1,7 +1,7 @@ + PROG= snort2pfcd + SRCS= main.c parser.c kevent.c spfc.c ioctl_helpers.c + MAN= ${PROG}.8 +-CFLAGS+=-Wall -Werror -pedantic ++CFLAGS+=-Wall -pedantic -I${LOCALBASE}/include + LDFLAGS+=-lutil -L${LOCALBASE}/lib -lcidr + + .include <bsd.prog.mk> Added: head/security/snort2pfcd/files/snort2pfcd.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/files/snort2pfcd.in Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,47 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: snort2pfcd +# REQUIRE: DAEMON pf snort +# KEYWORD: shutdown + +. /etc/rc.subr + +name="snort2pfcd" +rcvar=${name}_enable +pidfile="/var/run/${name}.pid" +command="%%PREFIX%%/sbin/${name}" +start_cmd="${name}_start" +stop_cmd="${name}_stop" +required_modules="pf" + +snort2pfcd_start() +{ + echo "Starting ${name}..." + if [ $(sysctl -n kern.securelevel) != "3" ]; then + ${command} ${snort2pfcd_flags} + else + echo "${name} cannot operate on pf at securelevel 3" + fi + + if [ -f ${pidfile} ]; then + echo "${name} successfully started" + else + echo "${name} statup failed" + fi +} + +snort2pfcd_stop() +{ + if [ -f ${pidfile} ]; then + echo "Stopping ${name}..." + kill $(cat ${pidfile}) + rm ${pidfile} + else + echo "${name} is not running?" + fi +} + +load_rc_config ${name} +run_rc_command "$1" Added: head/security/snort2pfcd/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/pkg-descr Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,3 @@ +Analyzes snort alert output and blocks ip addresses using pf for a specified +period of time. A whitelist is specified in CIDR format to exclude local and +trusted ip address from being blocked.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608302337.u7UNbmcT015704>