diff options
author | Martin Wilke <miwi@FreeBSD.org> | 2009-12-31 20:18:29 +0000 |
---|---|---|
committer | Martin Wilke <miwi@FreeBSD.org> | 2009-12-31 20:18:29 +0000 |
commit | b09f7cb232faacdf8b4c1db2ab8378e468d634ab (patch) | |
tree | 8a3e2187a1fad4cc7191a2e6c3288c894339b1f8 /security/snortsam | |
parent | e2a378f830126fc43063e118dd7cee8e5d59a9e9 (diff) | |
download | ports-b09f7cb232faacdf8b4c1db2ab8378e468d634ab.tar.gz ports-b09f7cb232faacdf8b4c1db2ab8378e468d634ab.zip |
Notes
Diffstat (limited to 'security/snortsam')
-rw-r--r-- | security/snortsam/Makefile | 83 | ||||
-rw-r--r-- | security/snortsam/distinfo | 6 | ||||
-rw-r--r-- | security/snortsam/files/patch-snortsam.h | 16 | ||||
-rw-r--r-- | security/snortsam/files/pkg-install.in | 17 | ||||
-rw-r--r-- | security/snortsam/files/pkg-message-snortsam | 10 | ||||
-rw-r--r-- | security/snortsam/files/pkg-message.in | 18 | ||||
-rw-r--r-- | security/snortsam/files/snortsam.sh.in | 31 | ||||
-rw-r--r-- | security/snortsam/files/ssp_ipfw2_no_table_check.patch | 18 | ||||
-rw-r--r-- | security/snortsam/pkg-descr | 7 |
9 files changed, 128 insertions, 78 deletions
diff --git a/security/snortsam/Makefile b/security/snortsam/Makefile index 7f4561d740df..89d7712436a2 100644 --- a/security/snortsam/Makefile +++ b/security/snortsam/Makefile @@ -6,62 +6,85 @@ # PORTNAME= snortsam -PORTVERSION= 2.63 +PORTVERSION= 2.69 CATEGORIES= security -MASTER_SITES= http://www.snortsam.net/files/snortsam/ \ - http://www.freebsdbrasil.com.br/~urisso/files/snortsam/ +MASTER_SITES= http://www.snortsam.net/files/snortsam/ DISTNAME= ${PORTNAME}-src-${PORTVERSION} MAINTAINER= urisso@bsd.com.br COMMENT= SnortSam is a output plugin for Snort -WRKSRC= ${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME} +OPTIONS= IPFW "checks if configured tables are available" on \ + SAMTOOL "install samtool" on \ + DEBUG "build with verbose messages" off + +.include <bsd.port.pre.mk> + +USE_RC_SUBR= snortsam.sh +SUB_FILES= pkg-message \ + pkg-install HAS_CONFIGURE= yes NO_BUILD= yes +CONFIGURE_SCRIPT= src/Makefile +WRKSRC= ${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME} -SYSCONFDIR= ${PREFIX}/etc/snortsam - -CONFIGURE_SCRIPT= makesnortsam.sh - -USE_RC_SUBR= snortsam.sh +CONFIG_DIR?= ${PREFIX}/etc/snortsam PLIST_DIRS= etc/snortsam -PLIST_FILES= etc/snortsam/rootservers.cfg etc/snortsam/snortsam.conf.sample sbin/snortsam sbin/snortsam-debug -PORTDOCS= INSTALL README README.conf README.snmp_interface_down +PLIST_FILES= sbin/snortsam \ + etc/snortsam/snortsam.conf.sample \ + etc/snortsam/country-rootservers.conf.sample \ + etc/snortsam/rootservers.cfg.sample -OPTIONS= IPFW "Enable IPFW table checking if it set deny rules" on +.if defined(WITH_SAMTOOL) +PLIST_FILES+= sbin/samtool +.endif -.include <bsd.port.pre.mk> +PORTDOCS= AUTHORS BUGS CREDITS FAQ INSTALL LICENSE README README.ciscoacl \ + README.conf README.iptables README.netscreen README.pf README.pf2 \ + README.rules README.slackware README.snmp_interface_down README.wgrd \ + README_8signs.rtf TODO .if defined(WITHOUT_IPFW) -PATCH_SITES+=http://www.freebsdbrasil.com.br/~urisso/files/snortsam/:ipfw -PATCHFILES+=ssp_ipfw2.c.diff:ipfw +EXTRA_PATCHES+= ${FILESDIR}/ssp_ipfw2_no_table_check.patch .endif -post-extract: - @${CAT} ${PATCHDIR}/pkg-message-snortsam - @sleep 5 +.if defined(WITH_DEBUG) +DEBUG=-DDEBUG +.endif pre-configure: - ${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/conf/snortsam.conf.sample - ${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/docs/README.conf - ${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/src/snortsam.c - ${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/contrib/snortsam-state.c - ${CHMOD} +x ${WRKSRC}/makesnortsam.sh + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c + @${CHMOD} +x ${WRKSRC}/makesnortsam.sh +do-configure: + @cd ${WRKSRC}/src && ${MAKE} ${DEBUG} + @cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG} + +# no access to snortsam.conf and samtool for non root users! do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin - ${INSTALL_PROGRAM} ${WRKSRC}/snortsam-debug ${PREFIX}/sbin - ${MKDIR} ${SYSCONFDIR} - ${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${SYSCONFDIR}/snortsam.conf.sample - ${INSTALL_DATA} ${WRKSRC}/conf/*rootservers.cfg ${SYSCONFDIR}/ + @${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin +.if defined(WITH_SAMTOOL) + @${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin +.endif + @${MKDIR} -m 700 ${CONFIG_DIR} + @${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample + @${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample + @${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample .if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} .for f in ${PORTDOCS} - ${MKDIR} ${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR} + @${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR} .endfor .endif +post-install: + @${SH} ${PKGINSTALL} ${DISTNAME} POST-INSTALL + @${CAT} ${PKGMESSAGE} + .include <bsd.port.post.mk> diff --git a/security/snortsam/distinfo b/security/snortsam/distinfo index b2b4d778fde4..faf27d5eaddb 100644 --- a/security/snortsam/distinfo +++ b/security/snortsam/distinfo @@ -1,3 +1,3 @@ -MD5 (snortsam-src-2.63.tar.gz) = d74f5e744358bc9da85ad9d4fb393f76 -SHA256 (snortsam-src-2.63.tar.gz) = f56208e2cba56c55bb97c09582b71e3d9c1c05c551df2cc59f493910e9f403a3 -SIZE (snortsam-src-2.63.tar.gz) = 1967776 +MD5 (snortsam-src-2.69.tar.gz) = 7663ce82956a97c5f725028716d66140 +SHA256 (snortsam-src-2.69.tar.gz) = eb0dc0ebd65b6d15e3adabd7be2720221005683eefb7ca5986b9ca0284d55f92 +SIZE (snortsam-src-2.69.tar.gz) = 1971579 diff --git a/security/snortsam/files/patch-snortsam.h b/security/snortsam/files/patch-snortsam.h deleted file mode 100644 index ab32bb001eaf..000000000000 --- a/security/snortsam/files/patch-snortsam.h +++ /dev/null @@ -1,16 +0,0 @@ ---- src/snortsam.h.old 2008-08-03 00:08:34.000000000 -0300 -+++ src/snortsam.h 2008-08-03 00:10:58.000000000 -0300 -@@ -178,10 +178,10 @@ - #define safecopy(dst,src) _safecp(dst,sizeof(dst),src) - - #ifdef WIN32 --#define FWSAMCONFIGFILE "snortsam.cfg" --#define FWSAMHISTORYFILE "snortsam.sta" -+#define FWSAMCONFIGFILE "/usr/local/etc/snortsam.cfg" -+#define FWSAMHISTORYFILE "/var/db/snortsam.sta" - #else --#define FWSAMCONFIGFILE "/etc/snortsam.conf" -+#define FWSAMCONFIGFILE "/usr/local/etc/snortsam.conf" - #define FWSAMHISTORYFILE "/var/db/snortsam.state" - #endif - diff --git a/security/snortsam/files/pkg-install.in b/security/snortsam/files/pkg-install.in new file mode 100644 index 000000000000..dfafcc7ef509 --- /dev/null +++ b/security/snortsam/files/pkg-install.in @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ + +ETCDIR=${ETCDIR:=%%ETCDIR%%} + +# snortsam config file contain sensitive data like +# passwords needed to block IP's on the firewalls. +# Set permission of the config dir to 700 so only +# root:wheel can access this directory. +if [ "$2" = "POST-INSTALL" ]; then + if [ -d ${ETCDIR} ]; then + /usr/sbin/chown root:wheel ${ETCDIR} + /bin/chmod 700 ${ETCDIR} + fi +fi + diff --git a/security/snortsam/files/pkg-message-snortsam b/security/snortsam/files/pkg-message-snortsam deleted file mode 100644 index 504ed78649d7..000000000000 --- a/security/snortsam/files/pkg-message-snortsam +++ /dev/null @@ -1,10 +0,0 @@ - -============================================================ -NOTE: Make sure that your SNORT installation it is defined - output plugin SNORTSAM for don't cause errors while - building SNORTSAM system. If exists some OLD SNORT - installation WITHOUT supports for interaction between - SNORT and SNORTSAM. PLEASE reconfigure WITH that this - feature and rebuild a new installation. -============================================================= - diff --git a/security/snortsam/files/pkg-message.in b/security/snortsam/files/pkg-message.in new file mode 100644 index 000000000000..461458e0a8fc --- /dev/null +++ b/security/snortsam/files/pkg-message.in @@ -0,0 +1,18 @@ +================================================================ +NOTE: SNORT have to be build with OPTION SNORTSAM. + + To enable snortsam as output plugin for snort a config + line like the following should be present in snort.conf + + output alert_fwsam: <snortsambox>:<port>/<password> + + With samtool it is possible to send alerts to snortsam, + this way you can test and adjust your FW rules. + + For more information read the INSTALL, FAQ, README + files in %%DOCSDIR%% + + Additional consolidate http://snortsam.net + +============================================================== + diff --git a/security/snortsam/files/snortsam.sh.in b/security/snortsam/files/snortsam.sh.in index 946e951f153a..f53bb8f29c00 100644 --- a/security/snortsam/files/snortsam.sh.in +++ b/security/snortsam/files/snortsam.sh.in @@ -1,31 +1,30 @@ #!/bin/sh -# $FreeBSD: +# $FreeBSD$ # PROVIDE: snortsam # REQUIRE: DAEMON -# BEFORE: LOGIN +# BEFORE: LOGIN # KEYWORD: shutdown -# Add the following lines to /etc/rc.conf to enable snortsam: -# snortsam_enable (bool): Set to YES to enable snortsam -# Default: NO -# snortsam_flags (str): Extra flags passed to snortsam -# Default: "" -# snortsam_conf (str): Snortsam configuration file -# Default: ${PREFIX}/etc/snortsam/snortsam.conf # - +# Add the following line to /etc/rc.conf to enable snortsam: +# +# snortsam_enable="YES" +# +# # optional Snortsam configuration file: +# snortsam_conf="%%ETCDIR%%/snortsam.conf" +# +# DO NOT CHANGE THE DEFAULT VALUES HERE +# . %%RC_SUBR%% name="snortsam" rcvar=`set_rcvar` +load_rc_config snortsam +# defaults command="%%PREFIX%%/sbin/snortsam" - -load_rc_config $name - -[ -z "$snortsam_enable" ] && snortsam_enable="NO" -[ -z "$snortsam_conf" ] && snortsam_conf="%%PREFIX%%/etc/snortsam/snortsam.conf" -[ -n "$snortsam_conf" ] && snortsam_flags="$snortsam_flags $snortsam_conf" +snortsam_enable=${snortsam_enable:-"NO"} +snortsam_flags=${snortsam_conf:-"%%ETCDIR%%/snortsam.conf"} run_rc_command "$1" diff --git a/security/snortsam/files/ssp_ipfw2_no_table_check.patch b/security/snortsam/files/ssp_ipfw2_no_table_check.patch new file mode 100644 index 000000000000..1e20b9e5992f --- /dev/null +++ b/security/snortsam/files/ssp_ipfw2_no_table_check.patch @@ -0,0 +1,18 @@ +--- src/ssp_ipfw2.c.orig 2008-04-26 21:53:21.000000000 +0200 ++++ src/ssp_ipfw2.c 2009-11-14 22:03:41.000000000 +0100 +@@ -91,6 +91,7 @@ + } + } + } ++#if defined(ENABLE_IPFW_TABLE_CHECK) + /* Check if inbound table exists */ + snprintf(chk,sizeof(chk)-1,"/sbin/ipfw show | grep -q \"deny ip from any to table(%u) via %s\"",ipfw2p->in_table,ipfw2p->interface); + if(system(chk)) +@@ -110,6 +111,7 @@ + } + } + ++#endif /* ENABLE_IPFW_TABLE_CHECK */ + #ifdef FWSAMDEBUG + if(plugindatalist->data) + printf("Debug: [ipfw2] Adding IPFW2: i/f '%s', tables %u (in) and %u (out)\n", ipfw2p->interface, ipfw2p->in_table,ipfw2p->out_table); diff --git a/security/snortsam/pkg-descr b/security/snortsam/pkg-descr index 978766d40228..5b2a0ec24e63 100644 --- a/security/snortsam/pkg-descr +++ b/security/snortsam/pkg-descr @@ -1,5 +1,6 @@ -SnortSam is a plugin for Snort, an open-source light-weight -Intrusion Detection System (IDS). The plugin allows for -automated blocking of IP addresses on many firewalls. +SnortSam is an intelligent agent that allows the popular +open-source Intrusion Detection System called Snort to block +intruding connections by reconfiguration of many firewalls +and Cisco devices. WWW: http://www.snortsam.net |