diff options
-rw-r--r-- | security/snort/Makefile | 56 | ||||
-rw-r--r-- | security/snort/distinfo | 15 | ||||
-rw-r--r-- | security/snort/files/pkg-message-dynamicplugin | 12 | ||||
-rw-r--r-- | security/snort/pkg-plist | 100 |
4 files changed, 149 insertions, 34 deletions
diff --git a/security/snort/Makefile b/security/snort/Makefile index 298c115b9f64..fb025883be28 100644 --- a/security/snort/Makefile +++ b/security/snort/Makefile @@ -6,16 +6,21 @@ # PORTNAME= snort -PORTVERSION= 2.4.5 +PORTVERSION= 2.6.0 CATEGORIES= security MASTER_SITES= http://www.snort.org/dl/current/ -MAINTAINER= ports@FreeBSD.org +MAINTAINER= clsung@FreeBSD.org COMMENT= Lightweight network intrusion detection system LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre -OPTIONS= FLEXRESP "Flexible response to events" off \ +CONFLICTS?= snort-1.* snort-2.0.* snort-2.1.* snort-2.2.* snort-2.3.* \ + snort-2.4.* + +OPTIONS= DYNAMIC "Enable dynamic plugin support" on \ + FLEXRESP "Flexible response to events" off \ + FLEXRESP2 "Flexible response to events (version 2)" off \ MYSQL "Enable MySQL support" off \ ODBC "Enable ODBC support" off \ POSTGRESQL "Enable PostgreSQL support" off \ @@ -33,7 +38,7 @@ CONFIG_DIR?= ${PREFIX}/etc/snort CONFIG_FILES= classification.config gen-msg.map generators reference.config \ sid sid-msg.map snort.conf threshold.conf unicode.map RULES_DIR= ${PREFIX}/etc/snort/rules -LOGS_DIR= /var/log/snort +LOGS_DIR= ${DESTDIR}/var/log/snort MAN8= snort.8 DOCS= RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \ @@ -41,13 +46,36 @@ DOCS= RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \ .include <bsd.port.pre.mk> +.if !defined(WITHOUT_DYNAMIC) +USE_AUTOTOOLS= libtool:15 +USE_LDCONFIG= yes +CONFIGURE_ARGS+= --enable-dynamicplugin +PLIST_SUB+= DYNAMIC="" +.else +PLIST_SUB+= DYNAMIC="@comment " +.endif + .if defined(WITH_FLEXRESP) +.if defined(WITH_FLEXRESP2) +IGNORE= options FLEXRESP and FLEXRESP2 are mutually exclusive +.endif BUILD_DEPENDS+= libnet*<=1.1.0,1:${PORTSDIR}/net/libnet10 CONFIGURE_ARGS+= --enable-flexresp \ --with-libnet-includes=${LOCALBASE}/include \ --with-libnet-libraries=${LOCALBASE}/lib .endif +.if defined(WITH_FLEXRESP2) +BROKEN= FLEXRESP2 patch file does not incorporate cleanly +PATCH_SITES+= http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/ +PATCHFILES+= sp_respond2.diff.gz +BUILD_DEPENDS+= libnet*>=1.1.2.1,1:${PORTSDIR}/net/libnet \ + libdnet*>=1.10_1:${PORTSDIR}/net/libdnet +CONFIGURE_ARGS+= --enable-flexresp2 \ + --with-libnet-includes=${LOCALBASE}/include \ + --with-libnet-libraries=${LOCALBASE}/lib +.endif + .if defined(WITH_MYSQL) USE_MYSQL= yes CONFIGURE_ARGS+= --with-mysql=${LOCALBASE} @@ -83,17 +111,35 @@ PLIST_SUB+= PRELUDE="@comment " .endif post-patch: + ${FIND} ${WRKSRC} -name 'Makefile.in' | ${XARGS} ${REINPLACE_CMD} -e \ + 's|lib/snort_|lib/snort/|g' ${REINPLACE_CMD} "s,/etc/snort.conf,${CONFIG_DIR}/snort.conf," \ ${WRKSRC}/src/snort.c ${WRKSRC}/snort.8 +.if defined(WITHOUT_DYNAMIC) + ${REINPLACE_CMD} -e "s,-am: install-libLTLIBRARIES,-am:," \ + ${WRKSRC}/src/dynamic-plugins/sf_engine/Makefile.in +.endif + +pre-configure: +.if defined(WITHOUT_DYNAMIC) + @${CAT} ${PATCHDIR}/pkg-message-dynamicplugin + @sleep 5 +.endif post-install: +.if !defined(WITHOUT_DYNAMIC) + @${LIBTOOL} --finish ${LOCALBASE}/snort/dynamicpreprocessor +.endif [ -d ${CONFIG_DIR} ] || ${MKDIR} ${CONFIG_DIR} [ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR} [ -d ${RULES_DIR} ] || ${MKDIR} ${RULES_DIR} [ -d ${LOGS_DIR} ] || ${MKDIR} ${LOGS_DIR} .for f in ${CONFIG_FILES} - ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${CONFIG_DIR}/${f}.default + ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${CONFIG_DIR}/${f}-sample ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${EXAMPLESDIR}/${f}-sample + @if [ ! -f ${CONFIG_DIR}/${f} ]; then \ + ${CP} -p ${CONFIG_DIR}/${f}-sample ${CONFIG_DIR}/${f} ; \ + fi .endfor ${INSTALL_DATA} ${WRKSRC}/schemas/create* ${EXAMPLESDIR} .if !defined(NOPORTDOCS) diff --git a/security/snort/distinfo b/security/snort/distinfo index 64f6ac9638e4..8e68cce097c3 100644 --- a/security/snort/distinfo +++ b/security/snort/distinfo @@ -1,6 +1,9 @@ -MD5 (snort-2.4.5.tar.gz) = 108b3c20dcbaf3cdb17ea9203342eaaa -SHA256 (snort-2.4.5.tar.gz) = 84eb84da542d23e9f1c29b8eb319614c509fb19a745f1fa2a88d07c740645184 -SIZE (snort-2.4.5.tar.gz) = 2817837 -MD5 (snort-2.4.5.tar.gz.sig) = c2baa96bfbdfab407aa1e0dbf84414fb -SHA256 (snort-2.4.5.tar.gz.sig) = df263b8853292d2f581de044ca407a2f9e715d9c54795e6c7a00571e27f504dd -SIZE (snort-2.4.5.tar.gz.sig) = 65 +MD5 (snort-2.6.0.tar.gz) = 88bb7f628e5bf1edc6409fbb126eaed0 +SHA256 (snort-2.6.0.tar.gz) = 0acbfedf728df3d63ed075a56259b81ab5e26099051ceb5808e0c87329fe588d +SIZE (snort-2.6.0.tar.gz) = 3322826 +MD5 (snort-2.6.0.tar.gz.sig) = bc867f80d02cd31b6ffe73e74aa83e77 +SHA256 (snort-2.6.0.tar.gz.sig) = 86010b715ea3ee4a384f4e87261d9e634766306edac49a79bfcb7bbf14e55015 +SIZE (snort-2.6.0.tar.gz.sig) = 65 +MD5 (sp_respond2.diff.gz) = ebf5985b3baef3be2e99d11074f06ada +SHA256 (sp_respond2.diff.gz) = 14902da7779524801ff8130ac77bc2d95467f446e30050aba3db0ebdb17cee27 +SIZE (sp_response2.diff.gz) = 13452 diff --git a/security/snort/files/pkg-message-dynamicplugin b/security/snort/files/pkg-message-dynamicplugin new file mode 100644 index 000000000000..9647d2c34dd5 --- /dev/null +++ b/security/snort/files/pkg-message-dynamicplugin @@ -0,0 +1,12 @@ +========================================================================= +NOTE: The port has been configured without support for dynamic plugins. + It is recommended that you enable dynamic plugins by pressing + Ctrl-C now, run 'make config' and enable the DYNAMIC option. + + If you choose not to enable dynamic plugins, the default Snort + configuration file may reference some dynamic plugins and + preprocessors that may cause Snort to not work properly or throw + errors. Please read the Snort documentation for more information + regarding dynamic plugins and which configuration directives + are affected. +========================================================================= diff --git a/security/snort/pkg-plist b/security/snort/pkg-plist index b6ec9dc8f7b7..d31df9368107 100644 --- a/security/snort/pkg-plist +++ b/security/snort/pkg-plist @@ -1,23 +1,90 @@ @comment $FreeBSD$ bin/snort -etc/snort/classification.config.default -etc/snort/gen-msg.map.default -etc/snort/generators.default -etc/snort/reference.config.default -etc/snort/sid.default -etc/snort/sid-msg.map.default -etc/snort/snort.conf.default -etc/snort/threshold.conf.default -etc/snort/unicode.map.default +@unexec if cmp -s %D/etc/snort/classification.config-sample %D/etc/snort/classification.config; then rm -f %D/etc/snort/classification.config; fi +etc/snort/classification.config-sample +@exec if [ ! -f %D/etc/snort/classification.config ] ; then cp -p %D/%F %B/snort/classification.config; fi +@unexec if cmp -s %D/etc/snort/gen-msg.map-sample %D/etc/snort/gen-msg.map; then rm -f %D/etc/snort/gen-msg.map; fi +etc/snort/gen-msg.map-sample +@exec if [ ! -f %D/etc/snort/gen-msg.map ] ; then cp -p %D/%F %B/snort/gen-msg.map; fi +@unexec if cmp -s %D/etc/snort/generators-sample %D/etc/snort/generators; then rm -f %D/etc/snort/generators; fi +etc/snort/generators-sample +@exec if [ ! -f %D/etc/snort/generators ] ; then cp -p %D/%F %B/snort/generators; fi +@unexec if cmp -s %D/etc/snort/reference.config-sample %D/etc/snort/reference.config; then rm -f %D/etc/snort/reference.config; fi +etc/snort/reference.config-sample +@exec if [ ! -f %D/etc/snort/reference.config ] ; then cp -p %D/%F %B/snort/reference.config; fi +@unexec if cmp -s %D/etc/snort/sid-sample %D/etc/snort/sid; then rm -f %D/etc/snort/sid; fi +etc/snort/sid-sample +@exec if [ ! -f %D/etc/snort/sid ] ; then cp -p %D/%F %B/sid; fi +@unexec if cmp -s %D/etc/snort/sid-msg.map-sample %D/etc/snort/sid-msg.map; then rm -f %D/etc/snort/sid-msg.map; fi +etc/snort/sid-msg.map-sample +@exec if [ ! -f %D/etc/snort/sid-msg.map ] ; then cp -p %D/%F %B/sid-msg.map; fi +@unexec if cmp -s %D/etc/snort/snort.conf-sample %D/etc/snort/snort.conf; then rm -f %D/etc/snort/snort.conf; fi +etc/snort/snort.conf-sample +@exec if [ ! -f %D/etc/snort/snort.conf ] ; then cp -p %D/%F %B/snort/snort.conf; fi +@unexec if cmp -s %D/etc/snort/threshold.conf-sample %D/etc/snort/threshold.conf; then rm -f %D/etc/snort/threshold.conf; fi +etc/snort/threshold.conf-sample +@exec if [ ! -f %D/etc/snort/threshold.conf ] ; then cp -p %D/%F %B/snort/threshold.conf; fi +@unexec if cmp -s %D/etc/snort/unicode.map-sample %D/etc/snort/unicode.map; then rm -f %D/etc/snort/unicode.map; fi +etc/snort/unicode.map-sample +@exec if [ ! -f %D/etc/snort/unicode.map ] ; then cp -p %D/%F %B/snort/unicode.map; fi @dirrmtry etc/snort/rules @dirrmtry etc/snort +%%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_common.h +%%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_meta.h +%%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_preprocessor.h +%%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_preproc_lib.h +%%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_preproc_lib.c +%%DYNAMIC%%src/snort_dynamicsrc/sf_snort_packet.h +%%DYNAMIC%%src/snort_dynamicsrc/sf_snort_plugin_api.h +%%DYNAMIC%%src/snort_dynamicsrc/sfsnort_dynamic_detection_lib.h +%%DYNAMIC%%src/snort_dynamicsrc/sfsnort_dynamic_detection_lib.c +%%DYNAMIC%%src/snort_dynamicsrc/snort_packet_header.h +%%DYNAMIC%%src/snort_dynamicsrc/str_search.h +%%DYNAMIC%%src/snort_dynamicsrc/stream_api.h +%%DYNAMIC%%src/snort_dynamicsrc/debug.h +%%DYNAMIC%%src/snort_dynamicsrc/profiler.h +%%DYNAMIC%%src/snort_dynamicsrc/preprocids.h +%%DYNAMIC%%@dirrmtry src/snort_dynamicsrc +%%DYNAMIC%%@dirrmtry src +%%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.so +%%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.so.0 +%%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.la +%%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.a +%%DYNAMIC%%@dirrmtry lib/snort/dynamicengine +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.la +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.a +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so.0 +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.la +%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a +%%DYNAMIC%%@dirrmtry lib/snort/dynamicpreprocessor +%%DYNAMIC%%@dirrmtry lib/snort +%%EXAMPLESDIR%%/classification.config-sample +%%EXAMPLESDIR%%/create_mssql +%%EXAMPLESDIR%%/create_mysql +%%EXAMPLESDIR%%/create_oracle.sql +%%EXAMPLESDIR%%/create_postgresql +%%EXAMPLESDIR%%/gen-msg.map-sample +%%EXAMPLESDIR%%/generators-sample +%%EXAMPLESDIR%%/reference.config-sample +%%EXAMPLESDIR%%/sid-msg.map-sample +%%EXAMPLESDIR%%/sid-sample +%%EXAMPLESDIR%%/snort.conf-sample +%%EXAMPLESDIR%%/threshold.conf-sample +%%EXAMPLESDIR%%/unicode.map-sample +@dirrm %%EXAMPLESDIR%% %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CREDITS %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP +%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP2 %%PORTDOCS%%%%DOCSDIR%%/README.INLINE %%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS +%%PORTDOCS%%%%DOCSDIR%%/README.PerfProfiling +%%PORTDOCS%%%%DOCSDIR%%/README.SMTP %%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK %%PORTDOCS%%%%DOCSDIR%%/README.WIN32 %%PORTDOCS%%%%DOCSDIR%%/README.alert_order @@ -29,6 +96,7 @@ etc/snort/unicode.map.default %%PORTDOCS%%%%DOCSDIR%%/README.flowbits %%PORTDOCS%%%%DOCSDIR%%/README.flow-portscan %%PORTDOCS%%%%DOCSDIR%%/README.frag3 +%%PORTDOCS%%%%DOCSDIR%%/README.ftptelnet %%PORTDOCS%%%%DOCSDIR%%/README.http_inspect %%PORTDOCS%%%%DOCSDIR%%/README.sfportscan %%PORTDOCS%%%%DOCSDIR%%/README.thresholding @@ -39,17 +107,3 @@ etc/snort/unicode.map.default %%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf %%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf %%PORTDOCS%%@dirrm %%DOCSDIR%% -%%EXAMPLESDIR%%/classification.config-sample -%%EXAMPLESDIR%%/create_mssql -%%EXAMPLESDIR%%/create_mysql -%%EXAMPLESDIR%%/create_oracle.sql -%%EXAMPLESDIR%%/create_postgresql -%%EXAMPLESDIR%%/gen-msg.map-sample -%%EXAMPLESDIR%%/generators-sample -%%EXAMPLESDIR%%/reference.config-sample -%%EXAMPLESDIR%%/sid-msg.map-sample -%%EXAMPLESDIR%%/sid-sample -%%EXAMPLESDIR%%/snort.conf-sample -%%EXAMPLESDIR%%/threshold.conf-sample -%%EXAMPLESDIR%%/unicode.map-sample -@dirrm %%EXAMPLESDIR%% |