6 files changed, 264 insertions, 0 deletions

diff --git a/security/snort_inline/Makefile b/security/snort_inline/Makefile
new file mode 100644
index 000000000000..f09c2b4c35dc
--- /dev/null
+++ b/security/snort_inline/Makefile
@@ -0,0 +1,97 @@
+# New ports collection makefile for:	snort_inline
+# Date created:        4 March 2005
+# Whom:                nick@rogness.net
+#
+# $FreeBSD$
+#
+
+PORTNAME=	snort_inline
+PORTVERSION=	2.3.0
+CATEGORIES=	security
+MASTER_SITES=	http://freebsd.rogness.net/ports/snort_inline/
+DISTNAME=	snort_inline-2.3.0-RC1
+
+MAINTAINER=	nick@rogness.net
+COMMENT=	An inline IPS system based on snort using ipfw
+
+LIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre
+
+WRKSRC=		${WRKDIR}/snort_inline-2.3.0-RC1
+
+USE_GPG=	yes
+SIG_SUFFIX=	.asc
+USE_REINPLACE=	yes
+GNU_CONFIGURE=	yes
+CONFIGURE_ENV=	LDFLAGS="${LDFLAGS}"
+CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+CONFIGURE_ARGS+=	--enable-inline --enable-ipfw
+
+BUILD_DEPENDS+=		${LOCALBASE}/lib/libnet.a:${PORTSDIR}/net/libnet
+CONFIGURE_ARGS+=	--with-libnet-includes=${LOCALBASE}/include \
+			--with-libnet-libraries=${LOCALBASE}/lib
+
+.if defined(WITH_MYSQL)
+USE_MYSQL=		yes
+CONFIGURE_ARGS+=	--with-mysql=${LOCALBASE}
+.else
+CONFIGURE_ARGS+=	--with-mysql=no
+.endif
+
+.if defined(WITH_ODBC)
+LIB_DEPENDS+=		odbc.1:${PORTSDIR}/databases/unixODBC
+CONFIGURE_ARGS+=	--with-odbc=${LOCALBASE}
+LDFLAGS+=		${PTHREAD_LIBS}
+.else
+CONFIGURE_ARGS+=	--with-odbc=no
+.endif
+
+.if defined(WITH_POSTGRESQL)
+POSTGRESQL_PORT?=	databases/postgresql7
+LIB_DEPENDS+=		pq.3:${PORTSDIR}/${POSTGRESQL_PORT}
+CONFIGURE_ARGS+=	--with-postgresql=${LOCALBASE}
+.if exists(/usr/lib/libssl.a) && exists(/usr/lib/libcrypto.a)
+LDFLAGS+=		-lssl -lcrypto
+.endif
+.else
+CONFIGURE_ARGS+=	--with-postgresql=no
+.endif
+
+MAN8=		snort.8
+DOCS=		ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \
+		doc/README* doc/TODO doc/USAGE doc/*.pdf
+
+USE_RC_SUBR=	snort.sh
+
+post-patch:
+	${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c
+
+pre-configure:
+	@${ECHO} ""
+	@${ECHO} "Set WITH_MYSQL, WITH_ODBC or WITH_POSTGRESQL"
+	@${ECHO} "to get additional support."
+	@${ECHO} ""
+
+post-install:
+	@${MKDIR} ${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/etc/classification.config \
+		${DATADIR}/classification.config-sample
+	[ -f ${DATADIR}/classification.config ] || \
+		${CP} ${DATADIR}/classification.config-sample \
+		${DATADIR}/classification.config
+	${INSTALL_DATA} ${WRKSRC}/etc/reference.config \
+		${DATADIR}/reference.config-sample
+	[ -f ${DATADIR}/reference.config ] ||  \
+		${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config
+.for f in snort.conf snort_inline.conf unicode.map threshold.conf
+	${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
+	[ -f ${PREFIX}/etc/${f} ] || \
+		${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
+.endfor
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+.endif
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/snort_inline/distinfo b/security/snort_inline/distinfo
new file mode 100644
index 000000000000..074f4a3518e1
--- /dev/null
+++ b/security/snort_inline/distinfo
@@ -0,0 +1 @@
+MD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419
diff --git a/security/snort_inline/files/snort.sh.in b/security/snort_inline/files/snort.sh.in
new file mode 100644
index 000000000000..f4611981fe3e
--- /dev/null
+++ b/security/snort_inline/files/snort.sh.in
@@ -0,0 +1,36 @@
+#!/bin/sh
+# $Id$
+
+# PROVIDE: snort
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: FreeBSD shutdown
+
+# Add the following lines to /etc/rc.conf to enable snort:
+# snort_enable (bool):		Set to YES to enable snort
+# 				Default: NO
+# snort_flags (str):		Extra flags passed to snort
+#				Default: -Dq -J 8000
+# snort_interface (str):	Network interface to sniff
+#				Default: "" 
+# snort_conf (str):		Snort configuration file
+#				Default: ${PREFIX}/etc/snort_inline.conf
+#
+
+. %%RC_SUBR%%
+
+name="snort"
+rcvar=`set_rcvar`
+
+command="%%PREFIX%%/bin/snort"
+
+load_rc_config $name
+
+[ -z "$snort_enable" ]    && snort_enable="NO"
+[ -z "$snort_conf" ]      && snort_conf="%%PREFIX%%/etc/snort_inline.conf"
+[ -z "$snort_flags" ]     && snort_flags="-Dq -J 8000"
+
+[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface"
+[ -n "$snort_conf" ]      && snort_flags="$snort_flags -c $snort_conf"
+
+run_rc_command "$1"
diff --git a/security/snort_inline/pkg-descr b/security/snort_inline/pkg-descr
new file mode 100644
index 000000000000..7ead26910606
--- /dev/null
+++ b/security/snort_inline/pkg-descr
@@ -0,0 +1,8 @@
+snort-inline is a variation of snort that interfaces with the
+IPFW firewall and divert sockets to provide a simple IPS system
+using snort signatures.
+
+WWW: http://freebsd.rogness.net/snort_inline
+
+- Nick Rogness
+nick@rogness.net
diff --git a/security/snort_inline/pkg-message b/security/snort_inline/pkg-message
new file mode 100644
index 000000000000..17bd6382d2ba
--- /dev/null
+++ b/security/snort_inline/pkg-message
@@ -0,0 +1,24 @@
+         ***********************************
+         * !!!!!!!!!!! WARNING !!!!!!!!!!! *
+         ***********************************
+
+snort_inline uses rcNG startup scripts and must be enabled via /etc/rc.conf
+
+Available variables:
+
+  snort_enable (bool):		Set to YES to enable snort
+  				Default: NO
+  snort_flags (str):		Extra flags passed to snort
+ 				Default: -Dq -J 8000
+  snort_interface (str):	Network interface to sniff
+ 				Default: ""
+  snort_conf (str):		Snort configuration file
+ 				Default: ${PREFIX}/etc/snort_inline.conf
+
+Also, make sure that your kernel is compiled with:
+
+  options  IPFIREWALL
+  options  IPDIVERT
+
+The default divert port is 8000.  See http://freebsd.rogness.net/snort_inline
+for more information.
diff --git a/security/snort_inline/pkg-plist b/security/snort_inline/pkg-plist
new file mode 100644
index 000000000000..d9a148b677bf
--- /dev/null
+++ b/security/snort_inline/pkg-plist
@@ -0,0 +1,98 @@
+bin/snort_inline
+@unexec if [ -f %D/etc/snort.conf ] && cmp -s %D/etc/snort.conf %D/etc/snort.conf-sample; then rm -f %D/etc/snort.conf; fi
+etc/snort.conf-sample
+@exec [ -f %B/snort.conf ] || cp %B/%f %B/snort.conf
+@unexec if [ -f %D/etc/snort_inline.conf ] && cmp -s %D/etc/snort_inline.conf %D/etc/snort_inline.conf-sample; then rm -f %D/etc/snort_inline.conf; fi
+etc/snort_inline.conf-sample
+@exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf
+@unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi
+etc/unicode.map-sample
+@exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map
+@unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi
+etc/threshold.conf-sample
+@exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf
+%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
+%%PORTDOCS%%%%DOCSDIR%%/BUGS
+%%PORTDOCS%%%%DOCSDIR%%/CREDITS
+%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
+%%PORTDOCS%%%%DOCSDIR%%/faq.pdf
+%%PORTDOCS%%%%DOCSDIR%%/faq.tex
+%%PORTDOCS%%%%DOCSDIR%%/NEWS
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.INLINE
+%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP
+%%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS
+%%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK
+%%PORTDOCS%%%%DOCSDIR%%/README.WIN32
+%%PORTDOCS%%%%DOCSDIR%%/README.alert_order
+%%PORTDOCS%%%%DOCSDIR%%/README.csv
+%%PORTDOCS%%%%DOCSDIR%%/README.database
+%%PORTDOCS%%%%DOCSDIR%%/README.event_queue
+%%PORTDOCS%%%%DOCSDIR%%/README.flow
+%%PORTDOCS%%%%DOCSDIR%%/README.flowbits
+%%PORTDOCS%%%%DOCSDIR%%/README.flow-portscan
+%%PORTDOCS%%%%DOCSDIR%%/README.sfportscan
+%%PORTDOCS%%%%DOCSDIR%%/README.asn1
+%%PORTDOCS%%%%DOCSDIR%%/README.http_inspect
+%%PORTDOCS%%%%DOCSDIR%%/README.thresholding
+%%PORTDOCS%%%%DOCSDIR%%/README.wireless
+%%PORTDOCS%%%%DOCSDIR%%/TODO
+%%PORTDOCS%%%%DOCSDIR%%/USAGE
+%%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf
+%%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+%%DATADIR%%/attack-responses.rules
+%%DATADIR%%/backdoor.rules
+%%DATADIR%%/bad-traffic.rules
+%%DATADIR%%/chat.rules
+@unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi
+%%DATADIR%%/classification.config-sample
+@exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config
+%%DATADIR%%/ddos.rules
+%%DATADIR%%/deleted.rules
+%%DATADIR%%/dns.rules
+%%DATADIR%%/dos.rules
+%%DATADIR%%/experimental.rules
+%%DATADIR%%/exploit.rules
+%%DATADIR%%/finger.rules
+%%DATADIR%%/ftp.rules
+%%DATADIR%%/icmp-info.rules
+%%DATADIR%%/icmp.rules
+%%DATADIR%%/imap.rules
+%%DATADIR%%/info.rules
+%%DATADIR%%/local.rules
+%%DATADIR%%/misc.rules
+%%DATADIR%%/multimedia.rules
+%%DATADIR%%/mysql.rules
+%%DATADIR%%/netbios.rules
+%%DATADIR%%/nntp.rules
+%%DATADIR%%/oracle.rules
+%%DATADIR%%/other-ids.rules
+%%DATADIR%%/p2p.rules
+%%DATADIR%%/policy.rules
+%%DATADIR%%/pop2.rules
+%%DATADIR%%/pop3.rules
+%%DATADIR%%/porn.rules
+@unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi
+%%DATADIR%%/reference.config-sample
+@exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config
+%%DATADIR%%/rpc.rules
+%%DATADIR%%/rservices.rules
+%%DATADIR%%/scan.rules
+%%DATADIR%%/shellcode.rules
+%%DATADIR%%/smtp.rules
+%%DATADIR%%/snmp.rules
+%%DATADIR%%/sql.rules
+%%DATADIR%%/telnet.rules
+%%DATADIR%%/tftp.rules
+%%DATADIR%%/virus.rules
+%%DATADIR%%/web-attacks.rules
+%%DATADIR%%/web-cgi.rules
+%%DATADIR%%/web-client.rules
+%%DATADIR%%/web-coldfusion.rules
+%%DATADIR%%/web-frontpage.rules
+%%DATADIR%%/web-iis.rules
+%%DATADIR%%/web-misc.rules
+%%DATADIR%%/web-php.rules
+%%DATADIR%%/x11.rules
+@dirrm %%DATADIR%%