diff options
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/snort/ChangeLog | 8 | ||||
-rw-r--r-- | net-analyzer/snort/files/snort.reload.rc1 | 50 | ||||
-rw-r--r-- | net-analyzer/snort/metadata.xml | 2 | ||||
-rw-r--r-- | net-analyzer/snort/snort-2.8.5.1.ebuild | 316 |
4 files changed, 375 insertions, 1 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog index 661cb3e9e7ae..9f006aba154d 100644 --- a/net-analyzer/snort/ChangeLog +++ b/net-analyzer/snort/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/snort # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.153 2009/09/12 03:01:27 vostorga Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.154 2009/11/02 17:24:37 patrick Exp $ + +*snort-2.8.5.1 (02 Nov 2009) + + 02 Nov 2009; Patrick Lauer <patrick@gentoo.org> +snort-2.8.5.1.ebuild, + +files/snort.reload.rc1, metadata.xml: + Bump, thanks to Jason Wallace. Fixes #291558 #291604 #291357 12 Sep 2009; Víctor Ostorga <vostorga@gentoo.org> -files/snort-2.6.1.1-libnet.patch, -files/snort-2.6.1.2-libdir.patch, diff --git a/net-analyzer/snort/files/snort.reload.rc1 b/net-analyzer/snort/files/snort.reload.rc1 new file mode 100644 index 000000000000..b06d2d580a6b --- /dev/null +++ b/net-analyzer/snort/files/snort.reload.rc1 @@ -0,0 +1,50 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.reload.rc1,v 1.1 2009/11/02 17:24:38 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + if [ ! -f ${PIDPATH}/${PIDFILE} ]; then + eerror "Snort isn't running" + return 1 + fi + + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --stop --oknodo --signal HUP --pidfile ${PIDPATH}/${PIDFILE} + eend $? +} + + diff --git a/net-analyzer/snort/metadata.xml b/net-analyzer/snort/metadata.xml index 56776e5556bb..aa3abfdd417b 100644 --- a/net-analyzer/snort/metadata.xml +++ b/net-analyzer/snort/metadata.xml @@ -31,5 +31,7 @@ <flag name='react'>Enable interception and termination of offending HTTP accesses</flag> <flag name='targetbased'>Enable targetbased support</flag> <flag name='timestats'>Enable TimeStats functionality</flag> +<flag name='reload'>Enable reloading a configuration without restarting</flag> +<flag name='reload-error-restart'>Enable restarting on reload error</flag> </use> </pkgmetadata> diff --git a/net-analyzer/snort/snort-2.8.5.1.ebuild b/net-analyzer/snort/snort-2.8.5.1.ebuild new file mode 100644 index 000000000000..f5fd093478f9 --- /dev/null +++ b/net-analyzer/snort/snort-2.8.5.1.ebuild @@ -0,0 +1,316 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.5.1.ebuild,v 1.1 2009/11/02 17:24:37 patrick Exp $ + +inherit eutils autotools multilib + +DESCRIPTION="The de facto standard for intrusion detection/prevention" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://dl.snort.org/snort-current/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86" +IUSE="static dynamicplugin ipv6 gre mpls targetbased decoder-preprocessor-rules ppm timestats perfprofiling linux-smp-stats inline inline-init-failopen prelude threads debug reload reload-error-restart flexresp flexresp2 react aruba mysql odbc postgres selinux" + +#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a +DEPEND="virtual/libpcap + >=dev-libs/libpcre-6.0 + flexresp2? ( dev-libs/libdnet ) + flexresp? ( ~net-libs/libnet-1.0.2a ) + react? ( ~net-libs/libnet-1.0.2a ) + postgres? ( virtual/postgresql-base ) + mysql? ( virtual/mysql ) + odbc? ( dev-db/unixODBC ) + prelude? ( >=dev-libs/libprelude-0.9.0 ) + inline? ( ~net-libs/libnet-1.0.2a net-firewall/iptables )" + +RDEPEND="${DEPEND} + dev-lang/perl + selinux? ( sec-policy/selinux-snort )" + +pkg_setup() { + + if use flexresp && use flexresp2; then + eerror + eerror "You have both the 'flexresp' and 'flexresp2' USE flags set." + eerror "You can use 'flexresp' OR 'flexresp2' but not both." + eerror "flexresp2 is recommended." + die + elif use flexresp && use react; then + eerror + eerror "You have both the 'react' and 'flexresp' USE flags set." + eerror "'react' is enabled automaticly when the 'flexresp'" + eerror "USE flag is set, but ./configure will fail if both are enabled." + eerror + eerror "This is an upstream issue and not a problem with this ebuild." + eerror + eerror "To enable both 'flexresp' and 'react' set USE="flexresp -react"" + die + elif use flexresp2 && use react; then + eerror + eerror "You have both the 'react' and 'flexresp2' USE flags set." + eerror "You can use 'react' OR 'flexresp2' but not both." + die + elif use inline-init-failopen && ! use inline; then + eerror + eerror "You have enabled the 'inline-init-failopen' USE flag" + eerror "but not the 'inline' USE flag." + eerror "'inline-init-failopen' requires 'inline' be enabled." + die + elif use ipv6 && use prelude; then + eerror + eerror "You have both the 'prelude' and 'ipv6' USE flags set." + eerror "The Prelude output plugin does not currently support IPv6." + die + elif use reload-error-restart && ! use reload; then + eerror + eerror "You have enabled the 'reload-error-restart' USE flag" + eerror "but not the 'reload' USE flag." + eerror "'reload-error-restart' requires 'reload' be enabled." + die + fi + + # pre_inst() is a better place to put this + # but we need it here for the 'fowners' statements in src_install() + enewgroup snort + enewuser snort -1 -1 /dev/null snort + +} + +src_unpack() { + + unpack ${A} + cd "${S}" + + # Fix to allow parallel building. + # Thanks to Natanael Copa #291558 + einfo "Applying parallel building fix." + sed -i -e 's/^all-local:.*/all-local: $(LTLIBRARIES)/' \ + src/dynamic-preprocessors/*/Makefile.am \ + || die "parallel builds fix Failed" + + #Replaces the libnet-1.0 patch for inline, flexresp, and react + if use flexresp || use react || use inline; then + + einfo "Applying libnet-1.0 fix." + sed -i -e 's:libnet.h:libnet-1.0.h:g' \ + "${WORKDIR}/${P}/configure.in" \ + "${WORKDIR}/${P}/src/detection-plugins/sp_react.c" \ + "${WORKDIR}/${P}/src/detection-plugins/sp_respond.c" \ + "${WORKDIR}/${P}/src/inline.c" || die "sed for libnet-1.0.h failed" + + sed -i -e 's:libnet-config:libnet-1.0-config:g' \ + "${WORKDIR}/${P}/configure.in" || die "sed for libnet-1.0-config failed" + + sed -i -e 's:-lnet:-lnet-1.0:g' \ + "${WORKDIR}/${P}/configure.in" || die "sed for -lnet-1.0 failed" + + sed -i -e 's:AC_CHECK_LIB(net:AC_CHECK_LIB(net-1.0:g' \ + "${WORKDIR}/${P}/configure.in" || die "sed for net-1.0 failed" + + fi + + #Multilib fix for the sf_engine + einfo "Applying multilib fix." + sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ + || die "sed for sf_engine failed" + + #Multilib fix for the curent set of dynamic-preprocessors + for i in ftptelnet smtp ssh dcerpc dns ssl dcerpc2; do + sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ + || die "sed for $i failed." + done + + #This sed will prevent the example dynamic code from being compiled/installed + einfo "Disabling sample code." + sed -i -e 's:$(EXAMPLES_DIR)::g' "${WORKDIR}/${P}/src/Makefile.am" + + if use prelude; then + einfo "Applying prelude fix." + sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in + fi + + AT_M4DIR=m4 eautoreconf +} + +src_compile() { + + local myconf + + #targetbased and inline-init-failopen automaticly enable pthread + if use threads || use targetbased || use inline-init-failopen; then + myconf="${myconf} --enable-pthread" + fi + + #Tell flexresp, react, and inline where libipq is + if use flexresp || use react || use inline; then + myconf="${myconf} --with-libipq-includes=/usr/include/libipq" + fi + + econf \ + $(use_enable !static shared) \ + $(use_enable static) \ + $(use_enable dynamicplugin) \ + $(use_enable ipv6) \ + $(use_enable gre) \ + $(use_enable mpls) \ + $(use_enable targetbased) \ + $(use_enable decoder-preprocessor-rules) \ + $(use_enable ppm) \ + $(use_enable timestats) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + $(use_enable inline) \ + $(use_enable inline-init-failopen) \ + $(use_enable prelude) \ + $(use_enable debug) \ + $(use_enable reload) \ + $(use_enable reload-error-restart) \ + $(use_enable flexresp) \ + $(use_enable flexresp2) \ + $(use_enable react) \ + $(use_enable aruba) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_with postgres postgresql) \ + --disable-ipfw \ + --disable-profile \ + --disable-ppm-test \ + --without-oracle \ + ${myconf} + + emake || die "make failed" + +} + +src_install() { + + emake DESTDIR="${D}" install || die "make install failed" + + keepdir /var/log/snort/ + fowners snort:snort /var/log/snort + + keepdir /var/run/snort/ + fowners snort:snort /var/run/snort/ + + dodoc doc/* + dodoc ./RELEASE.NOTES + docinto schemas + dodoc schemas/* + + insinto /etc/snort + doins etc/attribute_table.dtd \ + etc/classification.config \ + etc/gen-msg.map \ + etc/reference.config \ + etc/sid-msg.map \ + etc/threshold.conf \ + etc/unicode.map \ + || die "Failed to add files in /etc/snort" + + newins etc/snort.conf snort.conf.distrib + + insinto /etc/snort/preproc_rules + doins preproc_rules/decoder.rules \ + preproc_rules/preprocessor.rules \ + || die "Failed to add files in /etc/snort/preproc_rules" + + keepdir /etc/snort/rules/ + + keepdir /usr/$(get_libdir)/snort_dynamicrule + + fowners -R snort:snort /etc/snort/ + + if use reload; then + newinitd "${FILESDIR}/snort.reload.rc1" snort \ + || die "Failed to add snort.reload.rc1" + else + newinitd "${FILESDIR}/snort.rc9" snort || die "Failed to add snort.rc9" + fi + + newconfd "${FILESDIR}/snort.confd" snort || die "Failed to add snort.confd" + + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection + sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \ + "${D}etc/snort/snort.conf.distrib" + + #Set the correct rule location in the config + sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Set the correct preprocessor/decoder rule location in the config + sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Enable the preprocessor/decoder rules + sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \ + "${D}etc/snort/snort.conf.distrib" + sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Just some clean up of trailing /'s in the config + sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \ + "${D}etc/snort/snort.conf.distrib" + sed -i -e 's:snort_dynamicrule/$:snort_dynamicrule:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Make it clear in the config where these are... + sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \ + "${D}etc/snort/snort.conf.distrib" + sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Disable all rule files by default. + #Users need to choose what they want enabled. + sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \ + "${D}etc/snort/snort.conf.distrib" + +} + +pkg_postinst() { + einfo + einfo "Snort is a libpcap based packet capture tool which can be used in" + einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion" + einfo "Detection/Prevention System Mode." + einfo + einfo "To learn more about these modes review the Snort User Manual at..." + einfo + einfo "http://www.snort.org/docs/" + einfo + einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for" + einfo "information on configuring snort." + einfo + einfo "Joining the Snort-Users and Snort-Sigs mailing list is highly" + einfo "recommended for all users..." + einfo + einfo "http://www.snort.org/community/mailing-lists/" + einfo + einfo "To download rules for use with Snort please, see the following" + einfo + einfo "Sourcefire's VRT Rules and older Community Rules:" + einfo "http://www.snort.org/pub-bin/downloads.cgi" + einfo + einfo "Emerging Threats Rules:" + einfo "http://www.emergingthreats.net/" + einfo + einfo "To manage updates to your rules please visit..." + einfo + einfo "http://oinkmaster.sourceforge.net/" + einfo + einfo "and then 'emerge oinkmaster'." + elog + elog "Snort-2.8.5.1 Notes:" + elog + elog "Ebuild Notes" + elog "The 'memory-cleanup' USE flag has been removed." + elog "Snort will now always clean memory now at exit." + elog + elog "Snort Release Notes:" + elog "http://dl.snort.org/snort-current/release_notes_285.txt" + elog "http://dl.snort.org/snort-current/release_notes_2851.txt" + elog + elog "Make sure to check snort.conf.distrib for new features/options." + elog +} |