diff options
| author | Jean Milanez Melo <jmelo@FreeBSD.org> | 2010-09-01 15:31:52 +0000 |
|---|---|---|
| committer | Jean Milanez Melo <jmelo@FreeBSD.org> | 2010-09-01 15:31:52 +0000 |
| commit | a1a4b56363753796c17075dc2c9d5bc262e4b742 (patch) | |
| tree | 8306b2238ad349e0572d912e450deefbc6f0f7d5 /security/suricata | |
| parent | 95f3227edc19bda5846859444340894b2114d1b5 (diff) | |
| download | ports-a1a4b56363753796c17075dc2c9d5bc262e4b742.tar.gz ports-a1a4b56363753796c17075dc2c9d5bc262e4b742.zip | |
Notes
Diffstat (limited to 'security/suricata')
| -rw-r--r-- | security/suricata/Makefile | 71 | ||||
| -rw-r--r-- | security/suricata/distinfo | 3 | ||||
| -rw-r--r-- | security/suricata/files/patch-Makefile.in | 11 | ||||
| -rw-r--r-- | security/suricata/files/pkg-message.in | 31 | ||||
| -rw-r--r-- | security/suricata/files/suricata.in | 42 | ||||
| -rw-r--r-- | security/suricata/pkg-descr | 22 | ||||
| -rw-r--r-- | security/suricata/pkg-plist | 15 |
7 files changed, 195 insertions, 0 deletions
diff --git a/security/suricata/Makefile b/security/suricata/Makefile new file mode 100644 index 000000000000..9b83b2c79392 --- /dev/null +++ b/security/suricata/Makefile @@ -0,0 +1,71 @@ +# New ports collection makefile for: suricata +# Date created: Sun Aug 29 16:39:08 BRT 2010 +# Whom: Patrick Tracanelli <eksffa@freebsdbrasil.com.br> +# +# $FreeBSD$ +# + +PORTNAME= suricata +PORTVERSION= 1.0.1 +CATEGORIES= security +MASTER_SITES= http://openinfosecfoundation.org/download/ \ + http://www6.freebsdbrasil.com.br/~eksffa/l/dev/suricata/ + +MAINTAINER= eksffa@freebsdbrasil.com.br +COMMENT= Open Source next generation IDS/IPS engine by OISF + +LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre \ + yaml:${PORTSDIR}/textproc/libyaml \ + pcap.1:${PORTSDIR}/net/libpcap + +BUILD_DEPENDS+= ${LIBNET_CONFIG}:${PORTSDIR}/net/libnet \ + pkg-config:${PORTSDIR}/devel/pkg-config + +USE_AUTOTOOLS= automake110 autoconf:262 libtool:22 + +USE_RC_SUBR= suricata + +LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config + +OPTIONS= IPFW "Enable IPFW/IPDIVERT for IPS usage" on \ + PRELUDE "Enable Prelude NIDS integration" off + +SUB_FILES= pkg-message +HAS_CONFIGURE= yes +USE_GMAKE= yes +USE_LDCONFIG= yes + +CONFIG_DIR?= ${PREFIX}/etc/suricata +CONFIG_FILES= suricata.yaml classification.config +RULES_DIR= ${PREFIX}/etc/suricata/rules +LOGS_DIR= /var/log/suricata + +.include <bsd.port.pre.mk> + +.if defined(WITH_PRELUDE) +LIB_DEPENDS+= prelude.20:${PORTSDIR}/security/libprelude +CONFIGURE_ARGS+= --enable-prelude +PLIST_SUB+= PRELUDE="" +.endif + +.if defined(WITH_IPFW) +CONFIGURE_ARGS+= --enable-ipfw +.endif + +pre-install: + @${REINPLACE_CMD} -e 's|/etc/suricata|${PREFIX}/etc/suricata|g' ${WRKSRC}/suricata.yaml + +post-install: + [ -d ${CONFIG_DIR} ] || ${MKDIR} ${CONFIG_DIR} + [ -d ${RULES_DIR} ] || ${MKDIR} ${RULES_DIR} + [ -d ${LOGS_DIR} ] || ${MKDIR} ${LOGS_DIR} +.for f in ${CONFIG_FILES} + ${INSTALL_DATA} ${WRKSRC}/${f} ${CONFIG_DIR}/${f}-sample + @if [ ! -f ${CONFIG_DIR}/${f} ]; then \ + ${CP} -p ${CONFIG_DIR}/${f}-sample ${CONFIG_DIR}/${f} ; \ + fi +.endfor + + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/suricata/distinfo b/security/suricata/distinfo new file mode 100644 index 000000000000..088e672d441d --- /dev/null +++ b/security/suricata/distinfo @@ -0,0 +1,3 @@ +MD5 (suricata-1.0.1.tar.gz) = ad42b854ef2b44499f0f1d1531b1ca36 +SHA256 (suricata-1.0.1.tar.gz) = 7fbc8fe89a0a30171eddb8b066ab7e6ec811d14a73aa6bc9cea26fc1f36f4be4 +SIZE (suricata-1.0.1.tar.gz) = 1607941 diff --git a/security/suricata/files/patch-Makefile.in b/security/suricata/files/patch-Makefile.in new file mode 100644 index 000000000000..95b8161a7ba4 --- /dev/null +++ b/security/suricata/files/patch-Makefile.in @@ -0,0 +1,11 @@ +--- libhtp/Makefile.in.dist 2010-08-30 22:01:03.000000000 -0300 ++++ libhtp/Makefile.in 2010-08-30 22:02:08.000000000 -0300 +@@ -250,7 +250,7 @@ + ACLOCAL_AMFLAGS = -I m4 + SUBDIRS = $(GENERIC_LIBRARY_NAME) test + EXTRA_DIST = ChangeLog COPYING LICENSE LIBHTP_LICENSING_EXCEPTION docs/doxygen.conf docs/QUICK_START +-pkgconfigdir = $(libdir)/pkgconfig ++pkgconfigdir = $(libdir)/../libdata/pkgconfig + pkgconfig_DATA = htp.pc + all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/security/suricata/files/pkg-message.in b/security/suricata/files/pkg-message.in new file mode 100644 index 000000000000..7e0b205d8d02 --- /dev/null +++ b/security/suricata/files/pkg-message.in @@ -0,0 +1,31 @@ +========================================================================= +If you want to run Suricata in IDS mode, add to /etc/rc.conf: + + suricata_enable="YES" + suricata_interface="<if>" + +NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode. + +However, if you wanna run Suricata in Inline IPS Mode, add to /etc/rc.conf: + + suricata_enable="YES" + suricata_divertport="8000" + +NOTA BENE: + Suricata won't start in IDS mode without an interface configured. + Therefore if you omit suricata_interface from rc.conf, FreeBSD's + rc.d/suricata will automatically try to start Suricata in IPS Mode + (on divert port 8000, by default). + +RULES: Suricata IDS/IPS Engine comes without rules by default. You should +add rules by yourself and set an updating strategy. To do so, please visit: + + http://www.openinfosecfoundation.org/documentation/rules.html + http://www.openinfosecfoundation.org/documentation/emerging-threats.html + +You may want to try BPF in zerocopy mode to test performance improvements: + + sysctl -w net.bpf.zerocopy_enable=1 + +Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf +========================================================================= diff --git a/security/suricata/files/suricata.in b/security/suricata/files/suricata.in new file mode 100644 index 000000000000..5174657beb11 --- /dev/null +++ b/security/suricata/files/suricata.in @@ -0,0 +1,42 @@ +#!/bin/sh +# $FreeBSD$ + +# PROVIDE: suricata +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf to enable suricata: +# suricata_enable (bool): Set to YES to enable suricata +# Default: NO +# suricata_flags (str): Extra flags passed to suricata +# Default: -D -q +# suricata_interface (str): Network interface to sniff +# Default: "" +# suricata_conf (str): Suricata configuration file +# Default: ${PREFIX}/etc/suricata/suricata.yaml +# suricata_divertport (int): Port to create divert socket (Inline Mode) +# Default: 8000 + + +. /etc/rc.subr + +name="suricata" +rcvar=`set_rcvar` + +command="%%PREFIX%%/bin/suricata" + +load_rc_config $name + +[ -z "$suricata_enable" ] && suricata_enable="NO" +[ -z "$suricata_conf" ] && suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml" +[ -z "$suricata_flags" ] && suricata_flags="-D" +[ -z "$suricata_divertport" ] && suricata_divertport="8000" + +[ -n "$suricata_interface" ] && suricata_flags="$suricata_flags -i $suricata_interface --pidfile /var/run/suricata_${suricata_interface}.pid" \ + && pidfile="/var/run/suricata_${suricata_interface}.pid" +[ -z "$suricata_interface" ] && suricata_flags="$suricata_flags -d $suricata_divertport --pidfile /var/run/suricata_inline.pid" \ + && pidfile="/var/run/suricata_inline.pid" && info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)" +[ -n "$suricata_conf" ] && suricata_flags="$suricata_flags -c $suricata_conf" + +run_rc_command "$1" diff --git a/security/suricata/pkg-descr b/security/suricata/pkg-descr new file mode 100644 index 000000000000..260cad7dc2a4 --- /dev/null +++ b/security/suricata/pkg-descr @@ -0,0 +1,22 @@ +The Suricata Engine is an Open Source Next Generation Intrusion Detection and +Prevention Engine developed by the Open Information Security Foundation (OISF). + +This engine is not intended to just replace or emulate the existing tools in +the industry, but will bring new ideas and technologies to the field. + +OISF is part of and funded by the Department of Homeland Security's Directorate +for Science and Technology HOST program (Homeland Open Security Technology), +by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as +through the very generous support of the members of the OISF Consortium. + +More information about the Consortium is available, as well as a list of our +current Consortium Members. + +The Suricata Engine and the HTP Library are available to use under the GPLv2. + +The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of +Mod Security fame for the OISF. This integrates and provides very advanced +processing of HTTP streams for Suricata. The HTP library is required by the +engine but may also be used independently in a range of applications and tools. + +WWW: http://openinfosecfoundation.org diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist new file mode 100644 index 000000000000..6039f0ae70b6 --- /dev/null +++ b/security/suricata/pkg-plist @@ -0,0 +1,15 @@ +lib/libhtp.a +lib/libhtp-0.2.so +lib/libhtp-0.2.so.1 +libdata/pkgconfig/htp.pc +lib/libhtp.la +lib/libhtp.so +bin/suricata +etc/suricata/suricata.yaml +etc/suricata/suricata.yaml-sample +etc/suricata/classification.config-sample +etc/suricata/classification.config +@unexec /bin/rmdir %D/etc/suricata/rules 2>/dev/null || true +@unexec /bin/rmdir %D/etc/suricata 2>/dev/null || true +@unexec echo "completely uninstalling %D/include/htp" +@unexec /bin/rm -rf %D/include/htp 2>/dev/null || true |