pulledpork is a Perl script which helps to update your Snort 2.8+ rules.

The sample config file comes predefined with the new settings for
snort.org downloads, which will change in June 2010.

BE SURE to read through the master pulledpork.conf file thoroughly,
as there are many changes as of snort 2.8.6.0 that WILL affect you,
even if you are NOT yet running 2.8.6.0!

Features:
    * Flowbit tracking!
    * capability to specify base ruleset (see README.RULESETS) in master
      pulledpork.conf file.
    * Handle preprocessor and sensitive-information rulesets
    * Ability to define sid ranges in any of the sid modification .conf files
    * Ability to specify references in any of the sid modification .conf files
    * Ability to ignore entire rule categories (i.e. not include them)
    * Specify locally stored rules files that need their meta data included
      in sid-msg.map
    * Ability to specify your arch for so_rules
    * Rules are written to only two distinct files
    * Support metadata based VRT recommended rulesets
    * Maintain an optional rule changelog
    * Support for setting rules to Drop
    * Support for multi-line rules
    * Rule modification, i.e. disabling of specific rules within rule sets
    * Outputs changes in rules files if any rules have been added / modified
    * Compares new rules files with current rule sets
    * Automated retrieval of certain variables (Distro, Snort Version.. etc)
    * Downloads latest rules file
    * Verifies MD5 of local rules file
    * If MD5 has not changed from snort.org.. doesn't fetch files again
    * handle both rules and so_rules
    * Capability to generate stub files

WWW: http://code.google.com/p/pulledpork/

PR:		ports/146239
Submitted by:	Olli Hauer

4 files changed, 134 insertions, 0 deletions

diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile
new file mode 100644
index 000000000000..51bd8450ab35
--- /dev/null
+++ b/security/pulledpork/Makefile
@@ -0,0 +1,70 @@
+# New ports collection makefile for:	pulledpork
+# Date created:				01 Mai 2010
+# Whom:					Olli Hauer
+#
+# $FreeBSD$
+#
+
+PORTNAME=	pulledpork
+PORTVERSION=	0.4.1
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_GOOGLE_CODE}
+DISTNAME=	${PORTNAME}-${PORTVERSION}
+
+MAINTAINER=	ohauer@gmx.de
+COMMENT=	Script to update snort-2.8+ rules
+
+RUN_DEPENDS=	${SITE_PERL}/LWP/Simple.pm:${PORTSDIR}/www/p5-libwww
+
+NO_BUILD=	yes
+USE_PERL5_RUN=	yes
+
+PLIST_DIRS=	etc/pulledpork
+PLIST_FILES=	bin/pulledpork.pl \
+		${PLIST_DIRS}/disablesid.conf.sample \
+		${PLIST_DIRS}/dropsid.conf.sample \
+		${PLIST_DIRS}/enablesid.conf.sample \
+		${PLIST_DIRS}/pulledpork.conf.sample
+
+CONFIG_DIR=	${PREFIX}/${PLIST_DIRS}
+SUB_FILES=	pkg-message
+SUB_LIST=	CONFIGDIR=${CONFIG_DIR}
+
+.include <bsd.port.pre.mk>
+
+.if (${PERL_LEVEL} < 501000)
+RUN_DEPENDS+=	p5-Archive-Tar>=1.52:${PORTSDIR}/archivers/p5-Archive-Tar
+.endif
+
+.if !defined(NOPORTDOCS)
+PORTDOCS=	LICENSE README README.CHANGES README.RULESET
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} -e "s|/usr/bin/perl|${PERL}|" ${WRKSRC}/pulledpork.pl
+	@${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \
+		-e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \
+		-e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \
+		-e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \
+		${WRKSRC}/etc/pulledpork.conf
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${PREFIX}/bin
+	@${MKDIR} -m 750 ${CONFIG_DIR}
+	# pulledpork.conf contains the snort user registration key, do not install world readable
+	${INSTALL_DATA} -m 440 ${WRKSRC}/etc/pulledpork.conf ${CONFIG_DIR}/pulledpork.conf.sample
+	${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${CONFIG_DIR}/disablesid.conf.sample
+	${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf    ${CONFIG_DIR}/dropsid.conf.sample
+	${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf  ${CONFIG_DIR}/enablesid.conf.sample
+
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}/
+	@${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/
+	@${INSTALL_DATA} ${WRKSRC}/README.CHANGES ${DOCSDIR}/
+	@${INSTALL_DATA} ${WRKSRC}/README.RULESET ${DOCSDIR}/
+.endif
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+.include <bsd.port.post.mk>
diff --git a/security/pulledpork/distinfo b/security/pulledpork/distinfo
new file mode 100644
index 000000000000..8f4a10ef64b2
--- /dev/null
+++ b/security/pulledpork/distinfo
@@ -0,0 +1,3 @@
+MD5 (pulledpork-0.4.1.tar.gz) = 75f39ab4c1807ef3485fbf39561fbdd8
+SHA256 (pulledpork-0.4.1.tar.gz) = f1c50aba1fcf43660d2c62025192b0e756f49911ae2bced9106e98a24cddc923
+SIZE (pulledpork-0.4.1.tar.gz) = 21805
diff --git a/security/pulledpork/files/pkg-message.in b/security/pulledpork/files/pkg-message.in
new file mode 100644
index 000000000000..9049be80925b
--- /dev/null
+++ b/security/pulledpork/files/pkg-message.in
@@ -0,0 +1,24 @@
+=====================================================================
+
+In order to use pulled pork, adjust the config files located in
+%%CONFIGDIR%%/
+
+
+Important Note:
+
+Snort change the way rules are published. In June 2010 Snort will
+stop offering rules in the "snortrules-snapshot-CURRENT" format.
+
+Instead, rules will be released for specific Snort versions.
+You will be responsible for downloading the correct rules release
+for your version of Snort.
+
+The new versioning mechanism will require a four digit version in the
+file name. To get the new download naming schema visit snort.org,
+and look at 'My Account' -> 'Subscriptions and Oinkcodes'
+
+BE SURE to read through the master pulledpork.conf file thoroughly,
+as there are many changes as of snort 2.8.6.0 that WILL affect you,
+even if you are NOT yet running 2.8.6.0!
+
+=====================================================================
diff --git a/security/pulledpork/pkg-descr b/security/pulledpork/pkg-descr
new file mode 100644
index 000000000000..fed727c880c2
--- /dev/null
+++ b/security/pulledpork/pkg-descr
@@ -0,0 +1,37 @@
+pulledpork is a Perl script which helps to update your Snort 2.8+ rules.
+
+The sample config file comes predefined with the new settings for
+snort.org downloads, which will change in June 2010.
+
+BE SURE to read through the master pulledpork.conf file thoroughly,
+as there are many changes as of snort 2.8.6.0 that WILL affect you,
+even if you are NOT yet running 2.8.6.0!
+
+Features:
+    * Flowbit tracking!
+    * capability to specify base ruleset (see README.RULESETS) in master
+      pulledpork.conf file.
+    * Handle preprocessor and sensitive-information rulesets
+    * Ability to define sid ranges in any of the sid modification .conf files
+    * Ability to specify references in any of the sid modification .conf files
+    * Ability to ignore entire rule categories (i.e. not include them)
+    * Specify locally stored rules files that need their meta data included
+      in sid-msg.map
+    * Ability to specify your arch for so_rules
+    * Rules are written to only two distinct files
+    * Support metadata based VRT recommended rulesets
+    * Maintain an optional rule changelog
+    * Support for setting rules to Drop
+    * Support for multi-line rules
+    * Rule modification, i.e. disabling of specific rules within rule sets
+    * Outputs changes in rules files if any rules have been added / modified
+    * Compares new rules files with current rule sets
+    * Automated retrieval of certain variables (Distro, Snort Version.. etc)
+    * Downloads latest rules file
+    * Verifies MD5 of local rules file
+    * If MD5 has not changed from snort.org.. doesn't fetch files again
+    * handle both rules and so_rules
+    * Capability to generate stub files
+
+
+WWW: http://code.google.com/p/pulledpork/