diff options
| author | Gluzskiy Alexandr <sss123next@list.ru> | 2012-09-11 18:20:59 +0300 |
|---|---|---|
| committer | Gluzskiy Alexandr <sss123next@list.ru> | 2012-09-11 18:20:59 +0300 |
| commit | 2d7d250662cb735cc2c22c78f6b8cec1b3c282ce (patch) | |
| tree | aaffc96336c51b98357f3234d2f386e75fc6b0ff /net-analyzer/snort | |
| parent | e543b01583b453ed3df227c351d88ad31db5d6b2 (diff) | |
modified: media-video/ffmpeg/ffmpeg-9999.ebuild
new file: net-analyzer/barnyard2/barnyard2-9999.ebuild
new file: net-analyzer/barnyard2/files/barnyard2.confd
new file: net-analyzer/barnyard2/files/barnyard2.initd
new file: net-analyzer/barnyard2/files/makefile.patch
deleted: net-analyzer/snort/files
deleted: net-analyzer/snort/snort-2.8.3.1.ebuild
new file: net-analyzer/snort/snort/files/disabledynamic.patch
new file: net-analyzer/snort/snort/files/snort.confd
new file: net-analyzer/snort/snort/files/snort.confd.2
new file: net-analyzer/snort/snort/files/snort.rc10
new file: net-analyzer/snort/snort/files/snort.rc11
new file: net-analyzer/snort/snort/snort-2.9.3.1.ebuild
new file: net-libs/daq/daq-1.1.1.ebuild
Diffstat (limited to 'net-analyzer/snort')
| l--------- | net-analyzer/snort/files | 1 | ||||
| -rw-r--r-- | net-analyzer/snort/snort-2.8.3.1.ebuild | 169 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/disabledynamic.patch | 110 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.confd | 17 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.confd.2 | 16 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.rc10 | 50 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.rc11 | 57 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/snort-2.9.3.1.ebuild | 264 |
8 files changed, 514 insertions, 170 deletions
diff --git a/net-analyzer/snort/files b/net-analyzer/snort/files deleted file mode 120000 index 08a3202..0000000 --- a/net-analyzer/snort/files +++ /dev/null @@ -1 +0,0 @@ -/usr/portage/net-analyzer/snort/files
\ No newline at end of file diff --git a/net-analyzer/snort/snort-2.8.3.1.ebuild b/net-analyzer/snort/snort-2.8.3.1.ebuild deleted file mode 100644 index f95c047..0000000 --- a/net-analyzer/snort/snort-2.8.3.1.ebuild +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -WANT_AUTOCONF="latest" -WANT_AUTOMAKE="latest" -AT_M4DIR=m4 - -inherit eutils autotools - -DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS" -HOMEPAGE="http://www.snort.org/" -SRC_URI="http://www.snort.org/dl/snort-2.8.3.1.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86" -IUSE="postgres mysql selinux odbc prelude inline dynamicplugin timestats perfprofiling linux-smp-stats flexresp2 sguil gre" - -DEPEND="virtual/libc - >=dev-libs/libpcre-4.2-r1 - virtual/libpcap - flexresp2? ( dev-libs/libdnet ) - react? ( ~net-libs/libnet-1.0.2a ) - postgres? ( || ( dev-db/postgresql dev-db/libpq ) ) - mysql? ( virtual/mysql ) - prelude? ( >=dev-libs/libprelude-0.9.0 ) - odbc? ( dev-db/unixODBC ) - >=sys-devel/libtool-1.4 - inline? ( - ~net-libs/libnet-1.0.2a - net-firewall/iptables - )" - -RDEPEND="${DEPEND} - dev-lang/perl - selinux? ( sec-policy/selinux-snort )" - -pkg_setup() { - enewgroup snort - enewuser snort -1 -1 /dev/null snort - - if use flexresp && use flexresp2 ; then - ewarn - ewarn "You have both the 'flexresp' and 'flexresp2' USE" - ewarn "flags set. You can use 'flexresp' or 'flexresp2'" - ewarn "but not both." - ewarn - ewarn "Defaulting to flexresp2..." - fi -} - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}/${PN}-2.6.1.2-libdir.patch" - epatch "${FILESDIR}/${PN}-2.8.2-libnet.patch" - sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \ - etc/snort.conf - - if use prelude ; then - sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in - fi - - einfo "Regenerating autoconf/automake files" - eautoreconf -} - -src_compile() { - local myconf - - if use flexresp2; then - myconf="${myconf} --enable-flexresp2" - elif use flexresp; then - myconf="${myconf} --enable-flexresp" - fi - - if use react && ! use flexresp; then - myconf="${myconf} --enable-react" - fi - - use gre && myconf="${myconf} --enable-gre" - - myconf="${myconf} --with-libipq-includes=/usr/include/libipq" - - econf \ - --without-oracle \ - $(use_with postgres postgresql) \ - $(use_with mysql) \ - $(use_with odbc) \ - $(use_enable prelude) \ - $(use_enable inline) \ - $(use_enable dynamicplugin) \ - $(use_enable timestats) \ - $(use_enable perfprofiling) \ - $(use_enable linux-smp-stats) \ - ${myconf} || die "econf failed" - - # limit to single as reported by jforman on irc - emake -j1 || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "make install failed" - - keepdir /var/log/snort/ - - dodoc doc/* - dodoc ./RELEASE.NOTES - docinto schemas ; dodoc schemas/* - - insinto /etc/snort - doins etc/reference.config etc/classification.config \ - etc/*.map etc/threshold.conf - use dynamicplugin || sed -i -e 's:^dynamic:# dynamic:g' etc/snort.conf - sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" -e 's:/usr/local/:/usr/:g' \ - etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib - - newinitd "${FILESDIR}/snort.rc8" snort - newconfd "${FILESDIR}/snort.confd" snort - - fowners snort:snort /var/log/snort - fperms 0770 /var/log/snort - - # install rules - insinto /etc/snort/rules - doins -r "${WORKDIR}"/rules/* -} - -pkg_postinst() { - ewarn - ewarn "If you find that snort is using too much memory, your system" - ewarn "freezes, or snort crashes after a few minutes try adding the" - ewarn "following to your snort.conf..." - ewarn - ewarn "'config detection: search-method ac-sparsebands'" - ewarn - ewarn "This will provide high pattern matching performance at a much" - ewarn "lower cost to memory. For more information on the new features" - ewarn "in snort 2.7, please take a look at the release notes located in..." - ewarn - ewarn " /usr/share/doc/${PF}/RELEASE.NOTES.bz2" - ewarn - elog "To use a database as a backend for snort you will have to" - elog "import the correct tables to the database." - elog "You will have to setup a database called snort before doing the" - elog "following..." - elog - elog " MySQL: bzcat /usr/share/doc/${PF}/schemas/create_mysql.bz2 | mysql -p snort" - elog - elog " PostgreSQL: import /usr/share/doc/${PF}/schemas/create_postgresql.bz2" - elog - elog " ODBC: look at /usr/share/doc/${PF}/schemas/" - elog - elog "Users using the unified output plugin and barnyard do not need to" - elog "compile database support into snort, but still need to set up their" - elog "database as shown above." - elog - ewarn "Only a basic set of rules was installed." - ewarn "Please add your other sets of rules to /etc/snort/rules." - ewarn "For more information on rules, visit ${HOMEPAGE}." - if use sguil ; then - elog "SGUIL needs to catch up with recent snort. If you plan on using SGUIL" - elog "you should unmerge ${P} and emerge snort-2.4.x" - fi -} - diff --git a/net-analyzer/snort/snort/files/disabledynamic.patch b/net-analyzer/snort/snort/files/disabledynamic.patch new file mode 100644 index 0000000..d1ace23 --- /dev/null +++ b/net-analyzer/snort/snort/files/disabledynamic.patch @@ -0,0 +1,110 @@ +? cflags.out +? cppflags.out +? cscope.out +? disabledynamic.patch +? http.patch +? log +? make.out +? rules.work +? snort-build.sh +? snort.pc +? ylwrap +? etc/snort.conf.work +? src/dynamic-preprocessors/rzb_saac/Makefile +? tools/u2boat/u2boat +? tools/u2spewfoo/u2spewfoo +Index: src/fpcreate.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v +retrieving revision 1.107.2.2 +diff -u -p -r1.107.2.2 fpcreate.c +--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 ++++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 +@@ -70,6 +70,8 @@ + #include "dynamic-plugins/sp_preprocopt.h" + #endif + ++#include "dynamic-plugins/sf_dynamic_define.h" ++ + + /* + * Content flag values +@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP + fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp); + #endif + ++#ifdef DYNAMIC_PLUGIN + /* No content added */ + if (pmd == preproc_opt_pmds) + FreePmdList(pmd); ++#endif + + if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0) + return -1; +Index: src/dynamic-plugins/sf_dynamic_define.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v +retrieving revision 1.15.4.1 +diff -u -p -r1.15.4.1 sf_dynamic_define.h +--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 ++++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 +@@ -96,5 +96,15 @@ typedef enum { + #endif + #endif + ++/* Parameters are rule info pointer, int to indicate URI or NORM, ++ * and list pointer */ ++#define CONTENT_NORMAL 0x01 ++#define CONTENT_HTTP_URI 0x02 ++#define CONTENT_HTTP_HEADER 0x04 ++#define CONTENT_HTTP_CLIENT_BODY 0x08 ++#define CONTENT_HTTP_METHOD 0x10 ++#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ ++ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) ++ + #endif /* _SF_DYNAMIC_DEFINE_H_ */ + +Index: src/dynamic-plugins/sf_dynamic_engine.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v +retrieving revision 1.54.2.1 +diff -u -p -r1.54.2.1 sf_dynamic_engine.h +--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 ++++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 +@@ -77,15 +77,6 @@ typedef struct _FPContentInfo + + } FPContentInfo; + +-/* Parameters are rule info pointer, int to indicate URI or NORM, +- * and list pointer */ +-#define CONTENT_NORMAL 0x01 +-#define CONTENT_HTTP_URI 0x02 +-#define CONTENT_HTTP_HEADER 0x04 +-#define CONTENT_HTTP_CLIENT_BODY 0x08 +-#define CONTENT_HTTP_METHOD 0x10 +-#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ +- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) + typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **); + typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **); + typedef void (*RuleFreeFunc)(void *); +Index: src/preprocessors/Stream5/snort_stream5_tcp.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v +retrieving revision 1.296.2.5 +diff -u -p -r1.296.2.5 snort_stream5_tcp.c +--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 ++++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 +@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void) + RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit, + &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup, + NULL, NULL, NULL, NULL); +-#endif + + #ifdef PERF_PROFILING + RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats); + RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats); + #endif ++#endif + + } + diff --git a/net-analyzer/snort/snort/files/snort.confd b/net-analyzer/snort/snort/files/snort.confd new file mode 100644 index 0000000..c429ca6 --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.confd @@ -0,0 +1,17 @@ +# Config file for /etc/init.d/snort + +# This tell snort which interface to listen on (any for every interface) +IFACE="eth1" + +# You do NOT want to change this +PIDPATH="/var/run/snort" +PIDFILE="snort_$IFACE.pid" + +# You probably don't want to change this, but in case you do +LOGDIR="/var/log/snort" + +# Probably not this either +CONF="/etc/snort/snort.conf" + +# This pulls in the options above +SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF" diff --git a/net-analyzer/snort/snort/files/snort.confd.2 b/net-analyzer/snort/snort/files/snort.confd.2 new file mode 100644 index 0000000..780c910 --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.confd.2 @@ -0,0 +1,16 @@ +# Config file for /etc/init.d/snort + +# The following options are now set in your snort.conf file: +# config set_gid: +# config set_uid: +# config snaplen: +# config bpf_file: +# config logdir: + +# The only options that should be set here are SNORT_IFACE and SNORT_CONF. + +# This tell snort which interface to listen on (any for every interface) +SNORT_IFACE="eth1" + +# Probably not this either +SNORT_CONF="/etc/snort/snort.conf" diff --git a/net-analyzer/snort/snort/files/snort.rc10 b/net-analyzer/snort/snort/files/snort.rc10 new file mode 100644 index 0000000..fa88cbd --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.rc10 @@ -0,0 +1,50 @@ +#!/sbin/runscript +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc10,v 1.1 2010/11/02 18:22:10 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + if [ ! -f ${PIDPATH}/${PIDFILE} ]; then + eerror "Snort isn't running" + return 1 + fi + + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --stop --oknodo --signal HUP --pidfile ${PIDPATH}/${PIDFILE} + eend $? +} + + diff --git a/net-analyzer/snort/snort/files/snort.rc11 b/net-analyzer/snort/snort/files/snort.rc11 new file mode 100644 index 0000000..8277575 --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.rc11 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc11,v 1.1 2011/09/22 17:39:51 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e ${SNORT_CONF} ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path /var/run/snort -D -i ${SNORT_IFACE} \ + -c ${SNORT_CONF} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + + local SNORT_PID="`cat /var/run/snort/snort_${SNORT_IFACE}.pid`" + local SNORT_USER="`ps -p ${SNORT_PID} --no-headers -o user`" + + if [ ! -f /var/run/snort/snort_${SNORT_IFACE}.pid ]; then + eerror "Snort isn't running" + return 1 + elif [ ${SNORT_USER} != root ]; then + eerror "Snort must be running as root for reload to work!" + return 1 + else + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --signal HUP --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + fi +} + + diff --git a/net-analyzer/snort/snort/snort-2.9.3.1.ebuild b/net-analyzer/snort/snort/snort-2.9.3.1.ebuild new file mode 100644 index 0000000..35a2583 --- /dev/null +++ b/net-analyzer/snort/snort/snort-2.9.3.1.ebuild @@ -0,0 +1,264 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.3.ebuild,v 1.4 2012/06/27 18:18:52 maekke Exp $ + +EAPI="2" +inherit autotools multilib user + +DESCRIPTION="The de facto standard for intrusion detection/prevention" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" +IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules ++ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response ++normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit +aruba mysql odbc postgres selinux" + +DEPEND=">=net-libs/libpcap-1.0.0 + >=net-libs/daq-0.6 + >=dev-libs/libpcre-6.0 + dev-libs/libdnet + postgres? ( dev-db/postgresql-base ) + mysql? ( virtual/mysql ) + odbc? ( dev-db/unixODBC ) + zlib? ( sys-libs/zlib )" + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-snort )" + +pkg_setup() { + + if use zlib && ! use dynamicplugin; then + eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag." + eerror "'zlib' requires 'dynamicplugin' be enabled." + die + fi + + # pre_inst() is a better place to put this + # but we need it here for the 'fowners' statements in src_install() + enewgroup snort + enewuser snort -1 -1 /dev/null snort + +} + +src_prepare() { + + #Multilib fix for the sf_engine + einfo "Applying multilib fix." + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ + || die "sed for sf_engine failed" + + #Multilib fix for the curent set of dynamic-preprocessors + for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ + || die "sed for $i failed." + done + + AT_M4DIR=m4 eautoreconf +} + +src_configure() { + + econf \ + $(use_enable !static shared) \ + $(use_enable static) \ + $(use_enable static so-with-static-lib) \ + $(use_enable dynamicplugin) \ + $(use_enable zlib) \ + $(use_enable gre) \ + $(use_enable mpls) \ + $(use_enable targetbased) \ + $(use_enable decoder-preprocessor-rules) \ + $(use_enable ppm) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + $(use_enable inline-init-failopen) \ + $(use_enable threads pthread) \ + $(use_enable debug) \ + $(use_enable debug debug-msgs) \ + $(use_enable debug corefiles) \ + $(use_enable !debug dlclose) \ + $(use_enable active-response) \ + $(use_enable normalizer) \ + $(use_enable reload-error-restart) \ + $(use_enable react) \ + $(use_enable flexresp3) \ + $(use_enable paf) \ + $(use_enable large-pcap-64bit large-pcap) \ + $(use_enable aruba) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_with postgres postgresql) \ + --enable-ipv6 \ + --enable-reload \ + --disable-prelude \ + --disable-build-dynamic-examples \ + --disable-profile \ + --disable-ppm-test \ + --disable-intel-soft-cpm \ + --disable-static-daq \ + --disable-rzb-saac \ + --without-oracle +} + +src_install() { + + emake DESTDIR="${D}" install || die "emake failed" + + dodir /var/log/snort \ + /var/run/snort \ + /etc/snort/rules \ + /etc/snort/so_rules \ + /usr/$(get_libdir)/snort_dynamicrules \ + || die "Failed to create core directories" + + # config.log and build.log are needed by Sourcefire + # to trouble shoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + dodoc RELEASE.NOTES ChangeLog \ + doc/* \ + tools/u2boat/README.u2boat \ + || die "Failed to install snort docs" + + insinto /etc/snort + doins etc/attribute_table.dtd \ + etc/classification.config \ + etc/gen-msg.map \ + etc/reference.config \ + etc/threshold.conf \ + etc/unicode.map || die "Failed to install docs in etc" + + # We use snort.conf.distrib because the config file is complicated + # and the one shipped with snort can change drastically between versions. + # Users should migrate setting by hand and not with etc-update. + newins etc/snort.conf snort.conf.distrib \ + || die "Failed to add snort.conf.distrib" + + # config.log and build.log are needed by Sourcefire + # to troubleshoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + # 'die' was intentionally not added here. + if [ -f "${WORKDIR}/${PF}/config.log" ]; then + dodoc "${WORKDIR}/${PF}/config.log" + fi + if [ -f "${T}/build.log" ]; then + dodoc "${T}/build.log" + fi + + insinto /etc/snort/preproc_rules + doins preproc_rules/decoder.rules \ + preproc_rules/preprocessor.rules \ + preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files" + + fowners -R snort:snort \ + /var/log/snort \ + /var/run/snort \ + /etc/snort || die + + newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script" + newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file" + + # Sourcefire uses Makefiles to install docs causing Bug #297190. + # This removes the unwanted doc directory and rogue Makefiles. + rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories" + rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files" + + #Remove unneeded .la files (Bug #382863) + rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die + rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la" + + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection + sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct rule location in the config + sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct preprocessor/decoder rule location in the config + sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Enable the preprocessor/decoder rules + sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Just some clean up of trailing /'s in the config + sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Make it clear in the config where these are... + sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable all rule files by default. + sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable normalizer preprocessor config if normalizer USE flag not set. + if ! use normalizer; then + sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \ + "${D}etc/snort/snort.conf.distrib" || die + fi + + # Set the configured DAQ to afpacket + sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the location of the DAQ modules + sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the DAQ mode to passive + sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set snort to run as snort:snort + sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the default log dir + sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct so_rule location in the config + sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die +} + +pkg_postinst() { + + einfo "There have been a number of improvements and new features" + einfo "added to ${P}. Please review the RELEASE.NOTES and" + einfo "ChangLog located in /usr/share/doc/${PF}." + einfo + elog "The Sourcefire Vulnerability Research Team (VRT) recommends that" + elog "users migrate their snort.conf customizations to the latest config" + elog "file released by the VRT. You can find the latest version of the" + elog "Snort config file in /etc/snort/snort.conf.distrib." + elog + elog "!! It is important that you migrate to this new snort.conf file !!" + elog + elog "This version of the ebuild includes an updated init.d file and" + elog "conf.d file that rely on options found in the latest Snort" + elog "config file provided by the VRT." + + if use debug; then + elog "You have the 'debug' USE flag enabled. If this has been done to" + elog "troubleshoot an issue by producing a core dump or a back trace," + elog "then you need to also ensure the FEATURES variable in make.conf" + elog "contains the 'nostrip' option." + fi +} |