diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2013-03-28 15:57:15 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2013-03-28 15:57:15 +0000 |
| commit | ef122bcbaa64d8db63c8e8b638f7f6febe497581 (patch) | |
| tree | b31cb9f7b31fc7c246060f895e6056afcba93447 /security/pulledpork | |
| parent | b0533230a5dc0d2805b7e7bc9d84de5193b5f32d (diff) | |
| download | ports-ef122bcbaa64d8db63c8e8b638f7f6febe497581.tar.gz ports-ef122bcbaa64d8db63c8e8b638f7f6febe497581.zip | |
- update to svn revision 262
- provide patch via MASTER_SITE_LOCAL (to big for FILESDIR)
changes: http://code.google.com/p/pulledpork/source/list
Notes
Notes:
svn path=/head/; revision=315475
Diffstat (limited to 'security/pulledpork')
| -rw-r--r-- | security/pulledpork/Makefile | 14 | ||||
| -rw-r--r-- | security/pulledpork/distinfo | 2 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-svn-r230-rHEAD | 402 | ||||
| -rw-r--r-- | security/pulledpork/pkg-descr | 2 |
4 files changed, 14 insertions, 406 deletions
diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile index 0e8620c338e1..2921a42f4f65 100644 --- a/security/pulledpork/Makefile +++ b/security/pulledpork/Makefile @@ -1,4 +1,4 @@ -# Create by: Olli Hauer +# Created by: Olli Hauer # $FreeBSD$ PORTNAME= pulledpork @@ -7,6 +7,10 @@ PORTREVISION= 3 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE} +PATCH_SITES= ${MASTER_SITE_LOCAL} +PATCH_SITE_SUBDIR= ohauer +PATCHFILES= ${PORTNAME}-${PORTVERSION}-r${PATCHREV}.diff.bz2 + MAINTAINER= ohauer@FreeBSD.org COMMENT= Script to update snort-2.8+ rules @@ -16,6 +20,8 @@ RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \ p5-LWP-Protocol-https>=6.00:${PORTSDIR}/www/p5-LWP-Protocol-https \ p5-libwww>=0:${PORTSDIR}/www/p5-libwww +# 0.6.1 -> svn rev. 230 +PATCHREV= 230-262 NO_BUILD= yes USE_PERL5_RUN= yes @@ -33,7 +39,9 @@ PLIST_FILES= bin/pulledpork.pl \ SUB_FILES= pkg-message -.if !defined(NOPORTDOCS) +.include <bsd.port.options.mk> + +.if ${PORT_OPTIONS:MDOCS} PORTDOCS= LICENSE README README.CATEGORIES README.CHANGES README.RULESET README.SHAREDOBJECTS .endif @@ -60,7 +68,7 @@ do-install: @${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${DATADIR}/ @${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${DATADIR}/ -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${DOCSDIR} @${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}/ @${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/ diff --git a/security/pulledpork/distinfo b/security/pulledpork/distinfo index 249248cfb57e..64b0e3f9d211 100644 --- a/security/pulledpork/distinfo +++ b/security/pulledpork/distinfo @@ -1,2 +1,4 @@ SHA256 (pulledpork-0.6.1.tar.gz) = 28052849ce60f034f5ba348659e611562c8fe9d572b3c177a0c23e3f92638ad1 SIZE (pulledpork-0.6.1.tar.gz) = 35444 +SHA256 (pulledpork-0.6.1-r230-262.diff.bz2) = 4e331311e71d1068851397fb880f03a5947a8b7f5dd5a860d0ff9ef5cc8f59b3 +SIZE (pulledpork-0.6.1-r230-262.diff.bz2) = 14931 diff --git a/security/pulledpork/files/patch-svn-r230-rHEAD b/security/pulledpork/files/patch-svn-r230-rHEAD deleted file mode 100644 index a0e5eb7ee3ac..000000000000 --- a/security/pulledpork/files/patch-svn-r230-rHEAD +++ /dev/null @@ -1,402 +0,0 @@ -Index: doc/README.CHANGES -=================================================================== ---- doc/README.CHANGES (revision 230) -+++ doc/README.CHANGES (revision 243) -@@ -1,5 +1,30 @@ - PulledPork Changelog - -+V0.6.2 the Cigar Pig -+ -+Bug Fixes: -+- Bug #79 - Fixed race condition that did not allow for disabled rules to be modified using modifysid -+ These rules would then be enabled by flowbit dependency check and be unmodified -+- Bug #77 - Adjusted chown property of archive::tar -+- Bug #78 - Adjusted per bug report to allow for proper ignoring of preproc.rules -+- Bug #102 - Only Enabled rules are written to sid-msg.map now when -E flag is specified -+- Bug #99 - Doc Bug, updated docs associated with snort_version variable -+- Bug #96 - Modified code to allow for same-line traling comments: "1:10011 #can haz disable!" -+ Also updated the rulestate files (enable,disable,drop) -+- Bug #82 - Modified run order to force modifysid to run before all other sid state modification routines -+ This allows for sid changes to be made prior to automatic state determination ala automatic -+ flowbit resolution. NOTE that this DOES NOT AND WILL NOT disable automatic flowbit -+ resolution, this is a critical piece. -+- Bug #81 - Updated valid SO distro pre-compiled list -+- Bug #114 - Update Regex to allow for null search/replace in modify_sid sub -+- Unlisted Bug - Allow for escaped ; "\;" in references -+- Bug #121 - Update to allow for new etpro.com url and cert! -+- Bug #119 - Fixed regex [^\\]... -+ -+New Features / changes: -+- Bug #105 - Removed Switch function as it is deprecated in > 5.12 perl -+- Unlisted Bug - Include IP Reputation capability -+ - v0.6.1 the Smoking Pig, revisited - - Bug Fixes: -Index: etc/pulledpork.conf -=================================================================== ---- etc/pulledpork.conf (revision 230) -+++ etc/pulledpork.conf (revision 243) -@@ -10,20 +10,22 @@ - ####### snort version and subscription etc...) - ####### - --# The rule_url value replaces the old base_url and rule_file configuration --# options. You can now specify one or as many rule_urls as you like, they -+# You can specify one or as many rule_urls as you like, they - # must appear as http://what.site.com/|rulesfile.tar.gz|1234567. You can specify - # each on an individual line, or you can specify them in a , separated list - # i.e. rule_url=http://x.y.z/|a.tar.gz|123,http://z.y.z/|b.tar.gz|456 - # note that the url, rule file, and oinkcode itself are separated by a pipe | - # i.e. url|tarball|123456789, - rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> -+# NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode> -+# This format MUST be followed to let pulledpork know that this is a blacklist -+rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open - # get the rule docs! - rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode> --rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open -+rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open - # THE FOLLOWING URL is for etpro downloads, note the tarball name change! - # and the et oinkcode requirement! --rule_url=https://rules.emergingthreats.net/|etpro.rules.tar.gz|<et oinkcode> -+rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode> - # NOTE above that the VRT snortrules-snapshot does not contain the version - # portion of the tarball name, this is because PP now automatically populates - # this value for you, if, however you put the version information in, PP will -@@ -50,9 +52,6 @@ - # previous ignore line and uncomment the following! - # ignore=deleted,experimental,local,decoder,preprocessor,sensitive-data - --# Define your Oinkcode - DEPRICATED, SEE RULE_URL --# oinkcode=replacethiswithyouroinkcode -- - # What is our temp path, be sure this path has a bit of space for rule - # extraction and manipulation, no trailing slash - temp_path=/tmp -@@ -116,12 +115,15 @@ - sostub_path=/usr/local/etc/snort/rules/so_rules.rules - - # Define your distro, this is for the precompiled shared object libs! --# Valid Distro Types=Debian-Lenny, Ubuntu-6.01.1, Ubuntu-8.04 --# CentOS-4.6, Centos-4-8, CentOS-5.0, Centos-5-4 --# FC-5, FC-9, FC-11, FC-12, RHEL-5.0 --# FreeBSD-6.3, FreeBSD-7-2, FreeBSD-7-3, FreeBSD-7.0, FreeBSD-8-0, FreeBSD-8-1 --# OpenSUSE-11-3 --distro=FreeBSD-8.0 -+# Valid Distro Types: -+# Debian-5-0, Debian-6-0, -+# Ubuntu-8.04, Ubuntu-10-4 -+# Centos-4-8, Centos-5-4 -+# FC-12, FC-14, RHEL-5-5, RHEL-6-0 -+# FreeBSD-7-3, FreeBSD-8-1 -+# OpenBSD-4-8 -+# Slackware-13-1 -+distro=FreeBSD-8.1 - - ####### This next section is optional, but probably pretty useful to you. - ####### Please read thoroughly! -@@ -160,8 +162,7 @@ - - # This defines the version of snort that you are using, for use ONLY if the - # proper snort binary is not on the system that you are fetching the rules with --# Defining this value will set the Textonly flag, and thus will NOT allow --# you to use shared object rules. This value MUST contain all 4 minor version -+# This value MUST contain all 4 minor version - # numbers. ET rules are now also dependant on this, verify supported ET versions - # prior to simply throwing rubbish in this variable kthx! - # snort_version=2.9.0.0 -@@ -183,4 +184,4 @@ - ####### need to process so_rules, simply comment out the so_rule section - ####### you can also specify -T at runtime to process only GID 1 rules. - --version=0.6.0 -+version=0.6.1 -Index: etc/disablesid.conf -=================================================================== ---- etc/disablesid.conf (revision 230) -+++ etc/disablesid.conf (revision 243) -@@ -6,6 +6,10 @@ - # Example of modifying state for rule ranges - # 1:220-1:3264,3:13010-3:13013 - -+# Comments are allowed in this file, and can also be on the same line -+# As the modify state syntax, as long as it is a trailing comment -+# 1:1011 # I Disabled this rule because I could! -+ - # Example of modifying state for MS and cve rules, note the use of the : - # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, - # and all MS00 and all cve 2000 related sids! These support regular expression -Index: etc/dropsid.conf -=================================================================== ---- etc/dropsid.conf (revision 230) -+++ etc/dropsid.conf (revision 243) -@@ -10,6 +10,10 @@ - # Example of modifying state for rule ranges - # 1:220-1:3264,3:13010-3:13013 - -+# Comments are allowed in this file, and can also be on the same line -+# As the modify state syntax, as long as it is a trailing comment -+# 1:1011 # I Disabled this rule because I could! -+ - # Example of modifying state for MS and cve rules, note the use of the : - # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, - # and all MS00 and all cve 2000 related sids! These support regular expression -Index: etc/enablesid.conf -=================================================================== ---- etc/enablesid.conf (revision 230) -+++ etc/enablesid.conf (revision 243) -@@ -10,6 +10,10 @@ - # Example of modifying state for rule ranges - # 1:220-1:3264,3:13010-3:13013 - -+# Comments are allowed in this file, and can also be on the same line -+# As the modify state syntax, as long as it is a trailing comment -+# 1:1011 # I Disabled this rule because I could! -+ - # Example of modifying state for MS and cve rules, note the use of the : - # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, - # and all MS00 and all cve 2000 related sids! These support regular expression -Index: pulledpork.pl -=================================================================== ---- pulledpork.pl (revision 230) -+++ pulledpork.pl (revision 243) -@@ -33,7 +33,6 @@ - use Getopt::Long qw(:config no_ignore_case bundling); - use Archive::Tar; - use POSIX qw(:errno_h); --use Switch; - use Cwd; - use Carp; - -@@ -41,7 +40,7 @@ - - # we are gonna need these! - my ( $oinkcode, $temp_path, $rule_file, $Syslogging ); --my $VERSION = "PulledPork v0.6.1 the Smoking Pig <////~"; -+my $VERSION = "PulledPork v0.6.2dev the Cigar Pig <////~"; - my $ua = LWP::UserAgent->new; - - my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto ); -@@ -139,11 +138,12 @@ - -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. - -D What Distro are you running on, for the so_rules - For latest supported options see http://www.snort.org/snort-rules/shared-object-rules -- Valid Distro Types=Debian-Lenny, Ubuntu-6.01.1, Ubuntu-8.04 -- CentOS-4.6, Centos-4-8, CentOS-5.0, Centos-5-4 -- FC-5, FC-9, FC-11, FC-12, RHEL-5.0 -- FreeBSD-6.3, FreeBSD-7-2, FreeBSD-7-3, FreeBSD-7.0, FreeBSD-8-0, FreeBSD-8-1 -- OpenSUSE-11-3 -+ Valid Distro Types: -+ Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 -+ Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 -+ FreeBSD-7-3, FreeBSD-8-1 -+ OpenBSD-4-8 -+ Slackware-13-1 - -e Where the enablesid config file lives. - -E Write ONLY the enabled rules to the output files. - -g grabonly (download tarball rule file(s) and do NOT process) -@@ -222,6 +222,7 @@ - my $tar = Archive::Tar->new(); - $tar->read( $temp_path . $rule_file ); - $tar->setcwd( cwd() ); -+ local $Archive::Tar::CHOWN = 0; - my @ignores = split( /,/, $ignore ); - - foreach (@ignores) { -@@ -233,7 +234,7 @@ - print "\tIgnoring preprocessor rules: $_\n" - if ( $Verbose && !$Quiet ); - my $preprocfile = $_; -- $preprocfile =~ s/preproc/rules/; -+ $preprocfile =~ s/\.preproc/\.rules/; - $tar->remove("preproc_rules/$preprocfile"); - } - elsif ( $_ =~ /\.so/ ) { -@@ -368,6 +369,10 @@ - getstore( "https://www.snort.org/reg-rules/$rule_file/$oinkcode", - $temp_path . $rule_file ); - } -+ elsif ($rule_file eq "IPBLACKLIST"){ -+ $getrules_rule = -+ getstore( "http://labs.snort.org/feeds/ip-filter.blf", $temp_path . "black_list.rules") -+ } - else { - $getrules_rule = - getstore( $base_url . "/" . $rule_file, $temp_path . $rule_file ); -@@ -435,7 +440,7 @@ - getstore( "https://www.snort.org/reg-rules/$rule_file.md5/$oinkcode", - $temp_path . $rule_file . ".md5" ); - } -- elsif ( $base_url =~ /emergingthreats\.net/i ) { -+ elsif ( $base_url =~ /(emergingthreats\.net|emergingthreatspro\.com)/i ) { - $getrules_md5 = getstore( - "$base_url/$rule_file" . ".md5", - $temp_path . $rule_file . ".md5" -@@ -708,17 +713,16 @@ - open( FH, "<$file" ) || carp "Unable to open $file\n"; - while (<FH>) { - next if ( ( $_ =~ /^\s*#/ ) || ( $_ eq " " ) ); -- if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.+)"/ ) { -+ if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.*)"/ ) { - my ( $sids, $from, $to ) = ( $1, $2, $3 ); - @arry = split( /,/, $sids ) if $sids !~ /\*/; - @arry = "*" if $sids =~ /\*/; - foreach my $sid (@arry) { - $sid = trim($sid); -- if ( $sid ne "*" && exists $$href{1}{$sid} ) { -+ if ( $sid ne "*" && defined $$href{1}{$sid}{'rule'} ) { - print "\tModifying SID:$sid from:$from to:$to\n" - if ( $Verbose && !$Quiet ); -- $$href{1}{$sid}{'rule'} =~ s/$from/$to/ -- if $$href{1}{$sid}{'rule'} !~ /^\s*#/; -+ $$href{1}{$sid}{'rule'} =~ s/$from/$to/; - } - elsif ( $sid eq "*" ) { - print "\tModifying ALL SIDS from:$from to:$to\n" -@@ -739,21 +743,22 @@ - # speed ftw! - sub modify_state { - my ( $function, $SID_conf, $hashref, $rstate ) = @_; -- my ( @sid_mod, $sidlist ); -+ my ( @sid_mod, $sidlist); - print "Processing $SID_conf....\n" if !$Quiet; - print "\tSetting rules specified in $SID_conf to their default state!\n" - if ( !$Quiet && $function eq 'enable' && $rstate ); - if ( -f $SID_conf ) { - open( DATA, "$SID_conf" ) or carp "unable to open $SID_conf $!"; - while (<DATA>) { -- $sidlist = $_; -+ next unless ($_ !~ /^\s*#/ && $_ ne ""); -+ $sidlist = (split '#',$_)[0]; - chomp($sidlist); - $sidlist = trim($sidlist); -- if ( ( $sidlist !~ /^\s*#/ ) && ( $sidlist ne "" ) && !(@sid_mod) ) -+ if (!@sid_mod ) - { - @sid_mod = split( /,/, $sidlist ); - } -- elsif ( ( $sidlist !~ /^\s*#/ ) && ( $sidlist ne "" && @sid_mod ) ) -+ elsif (@sid_mod) - { - push( @sid_mod, split( /,/, $sidlist ) ); - } -@@ -861,8 +866,8 @@ - if ( $gid && $sid ) { - $gid =~ s/:\d+//; - $sid =~ s/\d+://; -- switch ($function) { -- case "enable" { -+ if ($function) { -+ if ($function eq "enable") { - if ( exists $$hashref{$gid}{$sid} - && $$hashref{$gid}{$sid}{'rule'} =~ - /^\s*#\s*(alert|drop|pass)/i -@@ -904,7 +909,7 @@ - } - } - } -- case "drop" { -+ elsif ($function eq "drop") { - if ( exists $$hashref{$gid}{$sid} - && $$hashref{$gid}{$sid}{'rule'} =~ - /^\s*#*\s*alert/i ) -@@ -919,7 +924,7 @@ - $sidcount++; - } - } -- case "disable" { -+ elsif ($function eq "disable") { - if ( exists $$hashref{$gid}{$sid} - && $$hashref{$gid}{$sid}{'rule'} =~ - /^\s*(alert|drop|pass)/i ) -@@ -974,15 +979,16 @@ - - ## make the sid-msg.map - sub sid_msg { -- my ( $ruleshash, $sidhash ) = @_; -+ my ( $ruleshash, $sidhash, $enonly ) = @_; - my ( $gid, $arg, $msg ); - print "Generating sid-msg.map....\n" if !$Quiet; - foreach my $k ( sort keys %$ruleshash ) { - foreach my $k2 ( sort keys %{ $$ruleshash{$k} } ) { -+ next if ((defined $enonly) && $$ruleshash{$k}{$k2}{'rule'} !~ /^\s*(alert|drop|pass)/); - ( my $header, my $options ) = - split( /^[^"]* \(\s*/, $$ruleshash{$k}{$k2}{'rule'} ) - if defined $$ruleshash{$k}{$k2}{'rule'}; -- my @optarray = split( /;(\t|\s)?/, $options ) if $options; -+ my @optarray = split( /[^\\];(\t|\s)?/, $options ) if $options; - foreach my $option ( reverse(@optarray) ) { - my ( $kw, $arg ) = split( /:/, $option ) if $option; - if ( $kw && $arg ) { -@@ -1460,8 +1466,8 @@ - - if ( exists $Config_info{'version'} ) { - croak "You are not using the current version of pulledpork.conf!\n", -- "Please use the version that shipped with $VERSION!\n\n" -- if $Config_info{'version'} ne "0.6.0"; -+ "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" -+ if $Config_info{'version'} ne "0.6.1"; - } - else { - croak -@@ -1674,6 +1680,7 @@ - } - else { - $ENV{HTTPS_PROXY} = $proxy; -+ $ENV{HTTP_PROXY} = $proxy; - } - } - undef $proxy; -@@ -1742,7 +1749,7 @@ - $rule_file = "snortrules-snapshot-$Snortv.tar.gz"; - } - } -- elsif ( $base_url =~ /emergingthreats.net/ ) { -+ elsif ( $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/ ) { - $prefix = "ET-"; - my $Snortv = $Snort; - $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//; -@@ -1794,7 +1801,7 @@ - $rule_file = "snortrules-snapshot-$Snortv.tar.gz"; - } - } -- $prefix = "ET-" if $base_url =~ /emergingthreats.net/; -+ $prefix = "ET-" if $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/; - croak "file $temp_path/$rule_file does not exist!\n" - unless -f "$temp_path/$rule_file"; - rule_extract( -@@ -1843,6 +1850,10 @@ - policy_set( $ips_policy, \%rules_hash ); - } - -+ if ( $sidmod{modify} && -f $sidmod{modify} ) { -+ modify_sid( \%rules_hash, $sidmod{modify} ); -+ } -+ - foreach (@sidact) { - if ( $sidmod{$_} && -f $sidmod{$_} ) { - modify_state( $_, $sidmod{$_}, \%rules_hash, $rstate ); -@@ -1852,11 +1863,7 @@ - } - } - -- if ( $sidmod{modify} && -f $sidmod{modify} ) { -- modify_sid( \%rules_hash, $sidmod{modify} ); -- } -- -- print "Setting Flowbit State....\n" -+ print "Setting Flowbit State....\n" - if ( !$Quiet ); - - my $fbits = 1; -@@ -1878,8 +1885,7 @@ - } - - if ($sid_msg_map) { -- -- sid_msg( \%rules_hash, \%sid_msg_map ); -+ sid_msg( \%rules_hash, \%sid_msg_map, $enonly ); - sid_write( \%sid_msg_map, $sid_msg_map ); - } - diff --git a/security/pulledpork/pkg-descr b/security/pulledpork/pkg-descr index 5ecd224cba21..0233924b1ca9 100644 --- a/security/pulledpork/pkg-descr +++ b/security/pulledpork/pkg-descr @@ -1,4 +1,4 @@ -pulledpork is a Perl script which helps to update your Snort 2.8+ rules. +pulledpork is a Perl script which helps to update your Snort 2.9+ rules. -= Features and Capabilities =- |