blob: 3a891715ebb32f33080211296e73fc76bf5c87cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.4.1-r1.ebuild,v 1.1 2005/10/08 13:55:12 strerror Exp $
inherit eutils flag-o-matic autotools
DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS"
HOMEPAGE="http://www.snort.org/"
SRC_URI="http://www.snort.org/dl/current/${P}.tar.gz
mirror://gentoo/snort-2.4.0-genpatches.tar.bz2
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
snortsam? ( mirror://gentoo/snortsam-20050110.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="-alpha ~amd64 ~ppc ~ppc64 -sparc ~x86"
IUSE="ssl postgres mysql flexresp selinux snortsam odbc prelude inline sguil"
DEPEND="virtual/libc
>=dev-libs/libpcre-4.2-r1
virtual/libpcap
flexresp? ( ~net-libs/libnet-1.0.2a )
postgres? ( >=dev-db/postgresql-7.2 )
mysql? ( >=dev-db/mysql-3.23.26 )
ssl? ( >=dev-libs/openssl-0.9.6b )
prelude? ( >=dev-libs/libprelude-0.9.0 )
odbc? ( dev-db/unixODBC )
inline? (
~net-libs/libnet-1.0.2a
net-firewall/iptables
)"
RDEPEND="${DEPEND}
dev-lang/perl
selinux? ( sec-policy/selinux-snort )
snortsam? ( net-analyzer/snortsam )"
pkg_setup() {
enewgroup snort
enewuser snort -1 -1 /dev/null snort
}
src_unpack() {
unpack ${A}
cd "${S}"
if use flexresp || use inline ; then
epatch "${WORKDIR}/2.4.0-libnet-1.0.patch"
fi
sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \
etc/snort.conf || die "sed snort.conf failed"
if use prelude ; then
sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in \
|| die "sed configure.in failed"
fi
if use sguil ; then
epatch "${WORKDIR}/2.4.0-spp_portscan_sguil.patch"
epatch "${WORKDIR}/2.4.0-spp_stream4_sguil.patch"
fi
if use snortsam ; then
cd ..
einfo "Applying snortsam patch"
./patchsnort.sh "${S}" || die "snortsam patch failed"
cd "${S}"
fi
einfo "Regenerating autoconf/automake files"
AT_M4DIR=m4 eautoreconf
}
src_compile() {
local myconf
# There is no --disable-flexresp, cannot use use_enable
use flexresp && myconf="${myconf} --enable-flexresp"
use inline && append-flags -I/usr/include/libipq
econf \
$(use_with postgres postgresql) \
$(use_with mysql) \
$(use_with ssl openssl) \
$(use_with odbc) \
--without-oracle \
$(use_enable prelude) \
$(use_with sguil) \
$(use_enable inline) \
${myconf} || die "bad ./configure"
emake || die "compile problem"
}
src_install() {
make DESTDIR="${D}" install || die "make install failed"
keepdir /var/log/snort/
dodoc doc/*
docinto schemas ; dodoc schemas/*
insinto /etc/snort
doins etc/reference.config etc/classification.config \
etc/*.map etc/threshold.conf
newins etc/snort.conf snort.conf
if use sguil ; then
sed -i -e "/^# output log_unified/s:# ::" \
-e "s:snort.log:snort_unified.log:" \
"${D}/etc/snort/snort.conf" || die "sed failed"
fi
# init script is known to be broken in 2.4.x; bug 101157
newinitd "${FILESDIR}/snort.rc6" snort
newconfd "${FILESDIR}/snort.confd" snort
if use sguil ; then
sed -i -e "s:/var/log/snort:/var/lib/sguil/$(hostname):" \
-e "/^SNORT_OPTS/s%-u snort%-m 122 -u sguil -g sguil -A none%" \
"${D}/etc/conf.d/snort" || die "sed failed"
fi
fowners snort:snort /var/log/snort
fperms 0770 /var/log/snort
# install community rules
dodir /etc/snort/rules
mv ${WORKDIR}/rules/* "${D}/etc/snort/rules/"
}
pkg_postinst() {
if use mysql || use postgres || use odbc ; then
einfo "To use a database as a backend for snort you will have to"
einfo "import the correct tables to the database."
einfo "You will have to setup a database called snort first."
einfo
use mysql && \
einfo " MySQL: zcat /usr/share/doc/${PF}/schemas/create_mysql.gz | mysql -p snort"
use postgres && \
einfo " PostgreSQL: import /usr/share/doc/${PF}/schemas/create_postgresql.gz"
use odbc && einfo "SQL tables need to be created - look at /usr/share/doc/${PF}/schemas/"
einfo
einfo "Also, read the following Gentoo forums article:"
einfo ' http://forums.gentoo.org/viewtopic.php?t=78718'
fi
einfo
ewarn "Only a basic set of rules was installed."
ewarn "Please add your other sets of rules to /etc/snort/rules."
ewarn "For more information on rules, visit ${HOMEPAGE}."
}
|