diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2015-12-16 19:17:01 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2015-12-16 19:17:01 +0000 |
| commit | 3167034399659eca8b85873ef6b490d59e02a645 (patch) | |
| tree | 763389b786e037b0f832501bc258b29fbab4a3c6 /security/pulledpork | |
| parent | 32d8993813b1a00208c66a33eaa8599ced2b3ecf (diff) | |
- use GHL instead old GOOGLE archives plus bigger local patches
- sync pkg-descr
Notes
Notes:
svn path=/head/; revision=403872
Diffstat (limited to 'security/pulledpork')
| -rw-r--r-- | security/pulledpork/Makefile | 17 | ||||
| -rw-r--r-- | security/pulledpork/distinfo | 4 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-etc__pulledpork.conf | 57 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-pulledpork.pl | 312 | ||||
| -rw-r--r-- | security/pulledpork/pkg-descr | 1 |
5 files changed, 32 insertions, 359 deletions
diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile index e9c7ee6dd6af..d277162663a3 100644 --- a/security/pulledpork/Makefile +++ b/security/pulledpork/Makefile @@ -3,10 +3,9 @@ PORTNAME= pulledpork PORTVERSION= 0.7.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security -MASTER_SITES= GOOGLE_CODE \ - LOCAL/ohauer +MASTER_SITES= GHL MAINTAINER= ohauer@FreeBSD.org COMMENT= Script to update snort-2.8+ rules @@ -21,15 +20,21 @@ RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \ NO_BUILD= yes USES= perl5 shebangfix USE_PERL5= run -SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl +SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl SUB_FILES= pkg-message +USE_GITHUB= yes +GH_ACCOUNT= shirkdog +GH_PROJECT= ${PORTNAME} +GH_TAGNAME= 8b9441a + OPTIONS_DEFINE= DOCS .include <bsd.port.options.mk> post-patch: - @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ + @${REINPLACE_CMD} -e 's|^distro=FreeBSD-8.1|distro=FreeBSD-10-0|' \ + -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ -e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \ @@ -51,7 +56,7 @@ do-install: do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}/README ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} diff --git a/security/pulledpork/distinfo b/security/pulledpork/distinfo index 6f97ecc8376c..82658c0fb72b 100644 --- a/security/pulledpork/distinfo +++ b/security/pulledpork/distinfo @@ -1,2 +1,2 @@ -SHA256 (pulledpork-0.7.0.tar.gz) = f60c005043850bb65a72582b9d6d68a7e7d51107f30f2b3fc67e607c995aa1a8 -SIZE (pulledpork-0.7.0.tar.gz) = 39294 +SHA256 (shirkdog-pulledpork-0.7.0-8b9441a_GH0.tar.gz) = 6c82d5e78239460d054f1bcab614da913490084cb624c76a50bb5cfff3fb9aaf +SIZE (shirkdog-pulledpork-0.7.0-8b9441a_GH0.tar.gz) = 40767 diff --git a/security/pulledpork/files/patch-etc__pulledpork.conf b/security/pulledpork/files/patch-etc__pulledpork.conf deleted file mode 100644 index eff5080f6b94..000000000000 --- a/security/pulledpork/files/patch-etc__pulledpork.conf +++ /dev/null @@ -1,57 +0,0 @@ ---- etc/pulledpork.conf.orig 2013-09-11 21:01:05 UTC -+++ etc/pulledpork.conf -@@ -18,13 +18,15 @@ - # i.e. url|tarball|123456789, - rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> - # NEW Community ruleset: --rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community -+rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community - # NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode> - # This format MUST be followed to let pulledpork know that this is a blacklist --rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open -+rule_url=http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open - # URL for rule documentation! (slow to process) - rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode> --#rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open -+# THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change! -+# and open-nogpl, to avoid conflicts. -+#rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl - # THE FOLLOWING URL is for etpro downloads, note the tarball name change! - # and the et oinkcode requirement! - #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode> -@@ -121,14 +123,14 @@ config_path=/usr/local/etc/snort/snort.c - - # Define your distro, this is for the precompiled shared object libs! - # Valid Distro Types: --# Debian-5-0, Debian-6-0, --# Ubuntu-8.04, Ubuntu-10-4 --# Centos-4-8, Centos-5-4 -+# Debian-6-0, Ubuntu-10-4 -+# Ubuntu-12-04, Centos-5-4 - # FC-12, FC-14, RHEL-5-5, RHEL-6-0 --# FreeBSD-7-3, FreeBSD-8-1 --# OpenBSD-4-8 -+# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 -+# OpenBSD-5-2, OpenBSD-5-3 -+# OpenSUSE-11-4, OpenSUSE-12-1 - # Slackware-13-1 --distro=FreeBSD-8.1 -+distro=FreeBSD-10-0 - - ####### This next section is optional, but probably pretty useful to you. - ####### Please read thoroughly! -@@ -187,7 +189,7 @@ snort_control=/usr/local/bin/snort_contr - # This value MUST contain all 4 minor version - # numbers. ET rules are now also dependant on this, verify supported ET versions - # prior to simply throwing rubbish in this variable kthx! --# snort_version=2.9.0.0 -+# snort_version=2.9.7.5 - - # Here you can specify what rule modification files to run automatically. - # simply uncomment and specify the apt path. -@@ -206,4 +208,4 @@ snort_control=/usr/local/bin/snort_contr - ####### need to process so_rules, simply comment out the so_rule section - ####### you can also specify -T at runtime to process only GID 1 rules. - --version=0.7.0 -+version=0.7.2 diff --git a/security/pulledpork/files/patch-pulledpork.pl b/security/pulledpork/files/patch-pulledpork.pl index 71a954413665..99e9ddfc54cd 100644 --- a/security/pulledpork/files/patch-pulledpork.pl +++ b/security/pulledpork/files/patch-pulledpork.pl @@ -1,298 +1,22 @@ ---- pulledpork.pl.orig 2013-09-11 21:01:05 UTC +--- pulledpork.pl.orig 2015-12-16 18:01:13 UTC +++ pulledpork.pl -@@ -3,7 +3,7 @@ - ## pulledpork v(whatever it says below!) - ## cummingsj@gmail.com - --# Copyright (C) 2009-2013 JJ Cummings and the PulledPork Team! -+# Copyright (C) 2009-2015 JJ Cummings, Michael Shirk and the PulledPork Team! - - # This program is free software; you can redistribute it and/or - # modify it under the terms of the GNU General Public License -@@ -41,16 +41,51 @@ use Data::Dumper; - - # we are gonna need these! - my ( $oinkcode, $temp_path, $rule_file, $Syslogging ); --my $VERSION = "PulledPork v0.7.0 - Swine Flu!"; -+my $VERSION = "PulledPork v0.7.2 - E.Coli in your water bottle!"; - my $ua = LWP::UserAgent->new; - -+# for certificate validation, check for the operating system -+# and set the path to the certificate store if required. -+my $oSystem = "$^O"; -+my $CAFile = "OS Default"; -+if ($oSystem =~ /freebsd/i) { -+ #Check to ensure the cert file exists -+ if ( -e "/etc/ssl/cert.pem" ) { -+ $CAFile = "/etc/ssl/cert.pem"; -+ if ( -r $CAFile) { -+ $ua->ssl_opts( SSL_ca_file => $CAFile ); -+ } else { -+ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n"; -+ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n") -+ if $Syslogging; -+ exit(1); -+ } -+ #Check for the other location for the cert file +@@ -61,8 +61,8 @@ if ($oSystem =~ /freebsd/i) { + exit(1); + } + #Check for the other location for the cert file +- } elsif ( -e "/usr/local/etc/ssl/cert.pem" ) { +- $CAFile = "/usr/local/etc/ssl/cert.pem"; + } elsif ( -e "/usr/local/share/certs/ca-root-nss.crt" ) { + $CAFile = "/usr/local/share/certs/ca-root-nss.crt"; -+ if ( -r $CAFile) { -+ $ua->ssl_opts( SSL_ca_file => $CAFile ); -+ } else { -+ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n"; -+ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n") -+ if $Syslogging; -+ exit(1); -+ } -+ } else { + if ( -r $CAFile) { + $ua->ssl_opts( SSL_ca_file => $CAFile ); + } else { +@@ -72,7 +72,7 @@ if ($oSystem =~ /freebsd/i) { + exit(1); + } + } else { +- carp "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/etc/ssl/cert.pem) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; + carp "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/share/certs/ca-root-nss.crt) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; -+ syslogit( 'err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n") -+ if $Syslogging; -+ exit(1); -+ } -+} -+ - my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto ); - my ( $Output, $Distro, $Snort, $sid_changelog, $ignore_files ); - my ( $Snort_config, $Snort_path, $Textonly, $grabonly, $ips_policy, ); - my ( $pid_path, $SigHup, $NoDownload, $sid_msg_map, @base_url ); - my ( $local_rules, $arch, $docs, @records, $enonly ); - my ( $rstate, $keep_rulefiles, $rule_file_path, $prefix, $black_list ); --my ( $Process, $hmatch, $bmatch , $sid_msg_version); -+my ( $Process, $hmatch, $bmatch , $sid_msg_version, $skipVerify); - my $Sostubs = 1; - - # verbose and quiet control print() -@@ -144,11 +179,11 @@ sub Help { - -D What Distro are you running on, for the so_rules - For latest supported options see http://www.snort.org/snort-rules/shared-object-rules - Valid Distro Types: -- Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 -- Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-7-3, FreeBSD-8-1 -- OpenBSD-4-8 -- Slackware-13-1 -+ Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 -+ FC-12, FC-14, RHEL-5-5, RHEL-6-0 -+ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 -+ OpenBSD-5-2, OpenBSD-5-3 -+ OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 - -e Where the enablesid config file lives. - -E Write ONLY the enabled rules to the output files. - -g grabonly (download tarball rule file(s) and do NOT process) -@@ -176,6 +211,7 @@ sub Help { - -V Print Version and exit - -v Verbose mode, you know.. for troubleshooting and such nonsense. - -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. -+ -w Skip the SSL verification (if there are issues pulling down rule files) - __EOT - - exit(0); -@@ -186,12 +222,12 @@ sub pulledpork { - - print <<__EOT; - -- http://code.google.com/p/pulledpork/ -+ https://github.com/shirkdog/pulledpork - _____ ____ - `----,\\ ) - `--==\\\\ / $VERSION - `--==\\\\/ -- .-~~~~-.Y|\\\\_ Copyright (C) 2009-2013 JJ Cummings -+ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2015 JJ Cummings - \@_/ / 66\\_ cummingsj\@gmail.com - | \\ \\ _(\") - \\ /-| ||'--' Rules give me wings! -@@ -227,7 +263,7 @@ sub rule_extract { - $tar->read( $temp_path . $rule_file ); - $tar->setcwd( cwd() ); - local $Archive::Tar::CHOWN = 0; -- my @ignores = split( /,/, $ignore ); -+ my @ignores = split( /,/, $ignore ) if (defined $ignore); - - foreach (@ignores) { - if ( $_ =~ /\.rules/ ) { -@@ -350,9 +386,27 @@ sub compare_md5 { - ## mimic LWP::Simple getstore routine - Thx pkthound! - sub getstore { - my ( $url, $file ) = @_; -- my $request = HTTP::Request->new( GET => $url ); -- my $response = $ua->request( $request, $file ); -- $response->code; -+ -+ # on the first run, the file may not exist, so check. -+ if ( -e $file) { -+ # Check to ensure the user has write access to the file -+ if ( -r $file && -w _) { -+ my $request = HTTP::Request->new( GET => $url ); -+ my $response = $ua->request( $request, $file ); -+ $response->code; -+ } else { -+ carp "ERROR: $file is not writable by ".(getpwuid($<))[0]."\n"; -+ syslogit( 'err|local0', "FATAL: $file is not writable by ".(getpwuid($<))[0]."\n" ) -+ if $Syslogging; -+ exit(1); -+ } -+ } else { -+ # The file does not exist, any errors refer to permission issues -+ my $request = HTTP::Request->new( GET => $url ); -+ my $response = $ua->request( $request, $file ); -+ $response->code; -+ } -+ - } - - ## time to grab the real 0xb33f -@@ -527,9 +581,9 @@ sub read_rules { - elsif ( $row !~ /\\$/ && $trk == 1 ) - { # last line of multiline rule here - $record .= $row; -- if ( $record =~ /sid:\s*\d+\s*;/i ) { -+ if ( $record =~ /\ssid:\s*\d+\s*;/i ) { - $sid = $&; -- $sid =~ s/sid:\s*//; -+ $sid =~ s/\ssid:\s*//; - $sid =~ s/\s*;//; - $$hashref{0}{ trim($sid) }{'rule'} = $record; - } -@@ -537,9 +591,9 @@ sub read_rules { - undef $record; - } - else { -- if ( $row =~ /sid:\s*\d+\s*;/i ) { -+ if ( $row =~ /\ssid:\s*\d+\s*;/i ) { - $sid = $&; -- $sid =~ s/sid:\s*//; -+ $sid =~ s/\ssid:\s*//; - $sid =~ s/\s*;//; - $$hashref{0}{ trim($sid) }{'rule'} = $row; - } -@@ -563,13 +617,13 @@ sub read_rules { - $rule = trim($rule); - if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) { - -- if ( $rule =~ /sid:\s*\d+\s*;/i ) { -+ if ( $rule =~ /\ssid:\s*\d+\s*;/i ) { - $sid = $&; -- $sid =~ s/sid:\s*//; -+ $sid =~ s/\ssid:\s*//; - $sid =~ s/\s*;//; -- if ( $rule =~ /gid:\s*\d+/i ) { -+ if ( $rule =~ /\sgid:\s*\d+/i ) { - $gid = $&; -- $gid =~ s/gid:\s*//; -+ $gid =~ s/\sgid:\s*//; - } - else { $gid = 1; } - if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/i ) { -@@ -616,12 +670,12 @@ sub read_rules { - - foreach my $rule (@elements) { - if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) { -- if ( $rule =~ /sid:\s*\d+/ ) { -+ if ( $rule =~ /\ssid:\s*\d+/ ) { - $sid = $&; -- $sid =~ s/sid:\s*//; -- if ( $rule =~ /gid:\s*\d+/i ) { -+ $sid =~ s/\ssid:\s*//; -+ if ( $rule =~ /\sgid:\s*\d+/i ) { - $gid = $&; -- $gid =~ s/gid:\s*//; -+ $gid =~ s/\sgid:\s*//; - } - else { $gid = 1; } - if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/ ) { -@@ -1463,6 +1517,25 @@ sub archive_wanted { - push( @records, $File::Find::name ); - } - -+## Create ignore_files from conf file -+sub get_ignore_files { -+ my ($ignore_conf_file) = @_; -+ my $ignore_list; -+ -+ print "\tReading ignore_file: $ignore_conf_file\n"; -+ -+ # Read ignore file and exclude comments/blank lines -+ open ( FH, '<', $ignore_conf_file ) || croak "Couldn't read $ignore_conf_file $!\n"; -+ while ( <FH> ) { -+ chomp; -+ s/#.*//; -+ if ( ! /^\s*$/ ) { $ignore_list .= "$_," }; -+ }; -+ close FH; -+ $ignore_list =~ s/,\s*$//g ; -+ return $ignore_list -+} -+ - ### - ### Main here, let's get on with it already - ### -@@ -1507,7 +1580,8 @@ GetOptions( - "u=s" => \@base_url, - "V!" => sub { Version() }, - "v+" => \$Verbose, -- "help|?" => sub { Help() } -+ "help|?" => sub { Help() }, -+ "w" => \$skipVerify - ); - - ## Fly piggy fly! -@@ -1533,7 +1607,7 @@ if ( $Verbose && !$Quiet ) { - if ( exists $Config_info{'version'} ) { - croak "You are not using the current version of pulledpork.conf!\n", - "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" -- if $Config_info{'version'} ne "0.7.0"; -+ if $Config_info{'version'} ne "0.7.2"; - } - else { - croak -@@ -1546,6 +1620,12 @@ else { - $pid_path = ( $Config_info{'pid_path'} ) if exists $Config_info{'pid_path'}; - $ignore_files = ( $Config_info{'ignore'} ) if exists $Config_info{'ignore'}; - -+# Allow ignores to be specified in a file, supercedes the regular ignore config option -+if ( exists $Config_info{'ignore_file'}) -+{ -+ $ignore_files = get_ignore_files($Config_info{'ignore_file'}); -+} -+ - if ($rule_file_path) { - $keep_rulefiles = 1; - } -@@ -1658,6 +1738,8 @@ if ( $Verbose && !$Quiet ) { - print "MISC (CLI and Autovar) Variable Debug:\n"; - if ($Process) { print "\tProcess flag specified!\n"; } - if ($arch) { print "\tarch Def is: $arch\n"; } -+ if ($oSystem) { print "\tOperating System is: $oSystem\n"; } -+ if ($CAFile) { print "\tCA Certificate File is: $CAFile\n"; } - if ($Config_file) { print "\tConfig Path is: $Config_file\n"; } - if ($Distro) { print "\tDistro Def is: $Distro\n"; } - if ($docs) { print "\tDocs Reference Location is: $docs\n"; } -@@ -1700,6 +1782,8 @@ if ( $Verbose && !$Quiet ) { - if ($Textonly) { print "\tText Rules only Flag is Set\n"; } - if ( $Verbose == 2 ) { print "\tExtra Verbose Flag is Set\n"; } - if ($Verbose) { print "\tVerbose Flag is Set\n"; } -+ if ($skipVerify) { print "\tSSL Hostname Verification disabled\n"; } -+ if ($ignore_files) { print "\tFile(s) to ignore = $ignore_files\n"; } - if (@base_url) { print "\tBase URL is: @base_url\n"; } - } - -@@ -1717,10 +1801,17 @@ if ( !-d $temp_path ) { - # Validate sid_msg_map version - Help("Please specify version 1 or 2 for sid_msg_version in your config file\n") unless $sid_msg_version =~ /(1|2)/; - -+ - # set some UserAgent and other connection configs - $ua->agent("$VERSION"); - $ua->show_progress(1) if ( $Verbose && !$Quiet ); - -+# check to see if SSL verfication is disabled -+if ($skipVerify) { -+ $ua->ssl_opts( verify_hostname => 0 ) -+} -+ -+ - # New Settings to allow proxy connections to use proper SSL formating - Thx pkthound! - $ua->timeout(60); - $ua->cookie_jar( {} ); + syslogit( 'err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n") + if $Syslogging; + exit(1); diff --git a/security/pulledpork/pkg-descr b/security/pulledpork/pkg-descr index 1dc84354e231..3af22d4fd062 100644 --- a/security/pulledpork/pkg-descr +++ b/security/pulledpork/pkg-descr @@ -9,6 +9,7 @@ pulledpork is a Perl script which helps to update your Snort 2.9+ rules. * Capability to include your local.rules in sid-msg.map file * Capability to pull rules tarballs from custom urls * Complete Shared Object support + * Complete IP Reputation List support * Capability to download multiple disparate rulesets at once * Maintains accurate changelog * Capability to HUP processes after rules download |