diff options
| author | Mathieu Arnold <mat@FreeBSD.org> | 2014-01-20 18:29:50 +0000 |
|---|---|---|
| committer | Mathieu Arnold <mat@FreeBSD.org> | 2014-01-20 18:29:50 +0000 |
| commit | 3b8aed72db4012e2e6312823190d4e8172048dac (patch) | |
| tree | 7945897ff0a387b017d3eb25dab4e5ab4c49c6a8 /security/snortsam | |
| parent | 1d2db93eed3004132e98135f7a49fa800125ec67 (diff) | |
| download | ports-3b8aed72db4012e2e6312823190d4e8172048dac.tar.gz ports-3b8aed72db4012e2e6312823190d4e8172048dac.zip | |
Notes
Diffstat (limited to 'security/snortsam')
| -rw-r--r-- | security/snortsam/Makefile | 55 | ||||
| -rw-r--r-- | security/snortsam/files/pkg-install.in | 7 |
2 files changed, 28 insertions, 34 deletions
diff --git a/security/snortsam/Makefile b/security/snortsam/Makefile index a1601c82daff..0a2d621503f2 100644 --- a/security/snortsam/Makefile +++ b/security/snortsam/Makefile @@ -16,24 +16,17 @@ OPTIONS_DEFAULT= IPFW SAMTOOL IPFW_DESC= checks if configured tables are available SAMTOOL_DESC= install samtool -NO_STAGE= yes .include <bsd.port.pre.mk> USE_RC_SUBR= snortsam SUB_FILES= pkg-message \ pkg-install -HAS_CONFIGURE= yes -NO_BUILD= yes -CONFIGURE_SCRIPT= src/Makefile - -CONFIG_DIR?= ${PREFIX}/etc/snortsam - PLIST_DIRS= etc/snortsam PLIST_FILES= sbin/snortsam \ - etc/snortsam/snortsam.conf.sample \ - etc/snortsam/country-rootservers.conf.sample \ - etc/snortsam/rootservers.cfg.sample + %%ETCDIR%%/snortsam.conf.sample \ + %%ETCDIR%%/country-rootservers.conf.sample \ + %%ETCDIR%%/rootservers.cfg.sample .if ${PORT_OPTIONS:MSAMTOOL} PLIST_FILES+= sbin/samtool @@ -52,40 +45,34 @@ EXTRA_PATCHES+= ${FILESDIR}/ssp_ipfw2_no_table_check.patch DEBUG=-DDEBUG .endif +# This seems silly, but the RC file gets into ${WRKDIR}/${PORTNAME} which +# without this, would exist and be a directory. post-extract: @${MV} ${WRKDIR}/${PORTNAME} ${WRKSRC} -pre-configure: - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c +post-patch: + @${REINPLACE_CMD} -e '/^CC/d' ${WRKSRC}/src/Makefile + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c @${CHMOD} +x ${WRKSRC}/makesnortsam.sh -do-configure: +do-build: @cd ${WRKSRC}/src && ${MAKE} ${DEBUG} @cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG} -# no access to snortsam.conf and samtool for non root users! do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin -.if ${PORT_OPTIONS:MSAMTOOL} - @${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin -.endif - @${MKDIR} -m 700 ${CONFIG_DIR} - @${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample - @${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample - @${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample - -.if ${PORT_OPTIONS:MDOCS} - @${MKDIR} ${DOCSDIR} + ${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_PROGRAM} ${WRKSRC}/samtool ${STAGEDIR}${PREFIX}/sbin + @${MKDIR} ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${STAGEDIR}${ETCDIR}/snortsam.conf.sample + ${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${STAGEDIR}${ETCDIR}/rootservers.cfg.sample + ${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${STAGEDIR}${ETCDIR}/country-rootservers.conf.sample + + @${MKDIR} ${STAGEDIR}${DOCSDIR} .for f in ${PORTDOCS} - @${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${STAGEDIR}${DOCSDIR} .endfor -.endif - -post-install: - @${SH} ${PKGINSTALL} ${DISTNAME} POST-INSTALL - @${CAT} ${PKGMESSAGE} .include <bsd.port.post.mk> diff --git a/security/snortsam/files/pkg-install.in b/security/snortsam/files/pkg-install.in index dfafcc7ef509..67d4fe6ab69e 100644 --- a/security/snortsam/files/pkg-install.in +++ b/security/snortsam/files/pkg-install.in @@ -3,15 +3,22 @@ # $FreeBSD$ ETCDIR=${ETCDIR:=%%ETCDIR%%} +PREFIX=${PREFIX:=%%PREFIX%%} # snortsam config file contain sensitive data like # passwords needed to block IP's on the firewalls. # Set permission of the config dir to 700 so only # root:wheel can access this directory. +# Also, samtool shouldn't be run by non root. if [ "$2" = "POST-INSTALL" ]; then if [ -d ${ETCDIR} ]; then /usr/sbin/chown root:wheel ${ETCDIR} /bin/chmod 700 ${ETCDIR} + /bin/chmod 600 ${ETCDIR}/snortsam.conf.sample + fi + if [ -x ${PREFIX}/sbin/samtool ] + then + /bin/chmod 500 ${PREFIX}/sbin/samtool fi fi |