summaryrefslogtreecommitdiff
blob: d1a0add0a97b32ef50b8d68f91993f23ab65319f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort_inline/snort_inline-2.1.1.ebuild,v 1.8 2005/01/29 05:12:51 dragonheart Exp $

inherit eutils

DESCRIPTION="Intrusion Prevention System (IPS) based on Snort"
HOMEPAGE="http://snort-inline.sf.net/"
SRC_URI="mirror://sourceforge/snort-inline/${P}.tgz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~ppc"
IUSE="ssl postgres mysql"
DEPEND="virtual/libc
	>=dev-libs/libpcre-4.2-r1
	virtual/libpcap
	>=net-firewall/iptables-1.2.7a-r4
	<net-libs/libnet-1.1
	>=net-libs/libnet-1.0.2a-r3
	postgres? ( >=dev-db/postgresql-7.2 )
	mysql? ( >=dev-db/mysql-3.23.26 )
	ssl? ( >=dev-libs/openssl-0.9.6b )"

RDEPEND="virtual/libc
	>=dev-libs/libpcre-4.2-r1
	dev-lang/perl
	net-firewall/iptables
	net-firewall/ebtables
	virtual/libpcap
	<net-libs/libnet-1.1
	>=net-libs/libnet-1.0.2a-r3
	postgres? ( >=dev-db/postgresql-7.2 )
	mysql? ( >=dev-db/mysql-3.23.26 )
	ssl? ( >=dev-libs/openssl-0.9.6b )"

src_unpack() {
	unpack ${A}
	cd ${S}

	epatch ${FILESDIR}/${PV}-libnet-1.0.patch
	epatch ${FILESDIR}/${P}-gcc3.patch
	epatch ${FILESDIR}/snort-drop-calculation.diff

	sed -i -e "s:^var RULE_PATH.*:var RULE_PATH /etc/snort_inline/rules:" \
		-e "s:\$RULE_PATH/classification.config:classification.config:" \
		-e "s:\$RULE_PATH/reference.config:reference.config:" \
		etc/snort_inline.conf
}

src_compile() {
	local myconf

	if [ -r /usr/include/libipq/libipq.h ]; then
		myconf="${myconf} --with-libipq-includes=/usr/include/libipq/"
	fi

	econf 	${myconf} \
		`use_with postgres postgresql` \
		`use_with mysql` \
		`use_with ssl openssl` \
		--without-odbc \
		--without-oracle || die "configure failed"

	emake || die "make failed"
}

src_install() {
	make DESTDIR=${D} install || die

	dodir /var/log/snort_inline
	keepdir /var/log/snort_inline/

	insinto /usr/lib/snort_inline/bin
	doins contrib/{create_mysql,snortlog,*.pl}

	dodoc COPYING LICENSE doc/*
	docinto contrib ; dodoc contrib/*

	newman snort.8 snort_inline.8
	rm ${D}/usr/share/man/man8/snort.8

	insinto /etc/snort_inline
	doins etc/reference.config etc/classification.config etc/*.map etc/threshold.conf
	newins etc/snort_inline.conf snort_inline.conf.distrib

	insinto /etc/snort_inline/rules
	doins rules/*.rules

	exeinto /etc/init.d ; newexe ${FILESDIR}/snort_inline.initd snort_inline
	insinto /etc/conf.d ; newins ${FILESDIR}/snort_inline.confd snort_inline
}

pkg_postinst() {
	enewgroup snort_inline
	enewuser snort_inline -1 /dev/null /var/log/snort_inline snort_inline
	usermod -d "/var/log/snort_inline" snort_inline || die "usermod problem"
	usermod -g "snort_inline" snort_inline || die "usermod problem"
	usermod -s "/dev/null" snort_inline || die "usermod problem"
	echo "ignore any message about CREATE_HOME above..."

	chown snort_inline:snort_inline /var/log/snort_inline
	chmod 0770 /var/log/snort_inline

	einfo "snort_inline requires a kernel with ebtables support. 2.6.x"
	einfo "kernels have this built-in, while 2.4.x kernels needs to be"
	einfo "patched. ebtables can be found at http://ebtables.sf.net"
}