From a855ea61e7c420a05a8664e7aa9cf8c054f5de07 Mon Sep 17 00:00:00 2001 From: Gluzskiy Alexandr Date: Thu, 13 Sep 2012 17:45:10 +0300 Subject: renamed: net-analyzer/snort/snort/files/disabledynamic.patch -> net-analyzer/snort/files/disabledynamic.patch renamed: net-analyzer/snort/snort/files/snort.confd -> net-analyzer/snort/files/snort.confd renamed: net-analyzer/snort/snort/files/snort.confd.2 -> net-analyzer/snort/files/snort.confd.2 renamed: net-analyzer/snort/snort/files/snort.rc10 -> net-analyzer/snort/files/snort.rc10 renamed: net-analyzer/snort/snort/files/snort.rc11 -> net-analyzer/snort/files/snort.rc11 renamed: net-analyzer/snort/snort/snort-2.9.3.1.ebuild -> net-analyzer/snort/snort-2.9.3.1.ebuild --- net-analyzer/snort/files/disabledynamic.patch | 110 +++++++++ net-analyzer/snort/files/snort.confd | 17 ++ net-analyzer/snort/files/snort.confd.2 | 16 ++ net-analyzer/snort/files/snort.rc10 | 50 ++++ net-analyzer/snort/files/snort.rc11 | 57 +++++ net-analyzer/snort/snort-2.9.3.1.ebuild | 264 +++++++++++++++++++++ .../snort/snort/files/disabledynamic.patch | 110 --------- net-analyzer/snort/snort/files/snort.confd | 17 -- net-analyzer/snort/snort/files/snort.confd.2 | 16 -- net-analyzer/snort/snort/files/snort.rc10 | 50 ---- net-analyzer/snort/snort/files/snort.rc11 | 57 ----- net-analyzer/snort/snort/snort-2.9.3.1.ebuild | 264 --------------------- 12 files changed, 514 insertions(+), 514 deletions(-) create mode 100644 net-analyzer/snort/files/disabledynamic.patch create mode 100644 net-analyzer/snort/files/snort.confd create mode 100644 net-analyzer/snort/files/snort.confd.2 create mode 100644 net-analyzer/snort/files/snort.rc10 create mode 100644 net-analyzer/snort/files/snort.rc11 create mode 100644 net-analyzer/snort/snort-2.9.3.1.ebuild delete mode 100644 net-analyzer/snort/snort/files/disabledynamic.patch delete mode 100644 net-analyzer/snort/snort/files/snort.confd delete mode 100644 net-analyzer/snort/snort/files/snort.confd.2 delete mode 100644 net-analyzer/snort/snort/files/snort.rc10 delete mode 100644 net-analyzer/snort/snort/files/snort.rc11 delete mode 100644 net-analyzer/snort/snort/snort-2.9.3.1.ebuild (limited to 'net-analyzer/snort') diff --git a/net-analyzer/snort/files/disabledynamic.patch b/net-analyzer/snort/files/disabledynamic.patch new file mode 100644 index 0000000..d1ace23 --- /dev/null +++ b/net-analyzer/snort/files/disabledynamic.patch @@ -0,0 +1,110 @@ +? cflags.out +? cppflags.out +? cscope.out +? disabledynamic.patch +? http.patch +? log +? make.out +? rules.work +? snort-build.sh +? snort.pc +? ylwrap +? etc/snort.conf.work +? src/dynamic-preprocessors/rzb_saac/Makefile +? tools/u2boat/u2boat +? tools/u2spewfoo/u2spewfoo +Index: src/fpcreate.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v +retrieving revision 1.107.2.2 +diff -u -p -r1.107.2.2 fpcreate.c +--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 ++++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 +@@ -70,6 +70,8 @@ + #include "dynamic-plugins/sp_preprocopt.h" + #endif + ++#include "dynamic-plugins/sf_dynamic_define.h" ++ + + /* + * Content flag values +@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP + fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp); + #endif + ++#ifdef DYNAMIC_PLUGIN + /* No content added */ + if (pmd == preproc_opt_pmds) + FreePmdList(pmd); ++#endif + + if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0) + return -1; +Index: src/dynamic-plugins/sf_dynamic_define.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v +retrieving revision 1.15.4.1 +diff -u -p -r1.15.4.1 sf_dynamic_define.h +--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 ++++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 +@@ -96,5 +96,15 @@ typedef enum { + #endif + #endif + ++/* Parameters are rule info pointer, int to indicate URI or NORM, ++ * and list pointer */ ++#define CONTENT_NORMAL 0x01 ++#define CONTENT_HTTP_URI 0x02 ++#define CONTENT_HTTP_HEADER 0x04 ++#define CONTENT_HTTP_CLIENT_BODY 0x08 ++#define CONTENT_HTTP_METHOD 0x10 ++#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ ++ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) ++ + #endif /* _SF_DYNAMIC_DEFINE_H_ */ + +Index: src/dynamic-plugins/sf_dynamic_engine.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v +retrieving revision 1.54.2.1 +diff -u -p -r1.54.2.1 sf_dynamic_engine.h +--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 ++++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 +@@ -77,15 +77,6 @@ typedef struct _FPContentInfo + + } FPContentInfo; + +-/* Parameters are rule info pointer, int to indicate URI or NORM, +- * and list pointer */ +-#define CONTENT_NORMAL 0x01 +-#define CONTENT_HTTP_URI 0x02 +-#define CONTENT_HTTP_HEADER 0x04 +-#define CONTENT_HTTP_CLIENT_BODY 0x08 +-#define CONTENT_HTTP_METHOD 0x10 +-#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ +- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) + typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **); + typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **); + typedef void (*RuleFreeFunc)(void *); +Index: src/preprocessors/Stream5/snort_stream5_tcp.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v +retrieving revision 1.296.2.5 +diff -u -p -r1.296.2.5 snort_stream5_tcp.c +--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 ++++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 +@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void) + RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit, + &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup, + NULL, NULL, NULL, NULL); +-#endif + + #ifdef PERF_PROFILING + RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats); + RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats); + #endif ++#endif + + } + diff --git a/net-analyzer/snort/files/snort.confd b/net-analyzer/snort/files/snort.confd new file mode 100644 index 0000000..c429ca6 --- /dev/null +++ b/net-analyzer/snort/files/snort.confd @@ -0,0 +1,17 @@ +# Config file for /etc/init.d/snort + +# This tell snort which interface to listen on (any for every interface) +IFACE="eth1" + +# You do NOT want to change this +PIDPATH="/var/run/snort" +PIDFILE="snort_$IFACE.pid" + +# You probably don't want to change this, but in case you do +LOGDIR="/var/log/snort" + +# Probably not this either +CONF="/etc/snort/snort.conf" + +# This pulls in the options above +SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF" diff --git a/net-analyzer/snort/files/snort.confd.2 b/net-analyzer/snort/files/snort.confd.2 new file mode 100644 index 0000000..780c910 --- /dev/null +++ b/net-analyzer/snort/files/snort.confd.2 @@ -0,0 +1,16 @@ +# Config file for /etc/init.d/snort + +# The following options are now set in your snort.conf file: +# config set_gid: +# config set_uid: +# config snaplen: +# config bpf_file: +# config logdir: + +# The only options that should be set here are SNORT_IFACE and SNORT_CONF. + +# This tell snort which interface to listen on (any for every interface) +SNORT_IFACE="eth1" + +# Probably not this either +SNORT_CONF="/etc/snort/snort.conf" diff --git a/net-analyzer/snort/files/snort.rc10 b/net-analyzer/snort/files/snort.rc10 new file mode 100644 index 0000000..fa88cbd --- /dev/null +++ b/net-analyzer/snort/files/snort.rc10 @@ -0,0 +1,50 @@ +#!/sbin/runscript +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc10,v 1.1 2010/11/02 18:22:10 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + if [ ! -f ${PIDPATH}/${PIDFILE} ]; then + eerror "Snort isn't running" + return 1 + fi + + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --stop --oknodo --signal HUP --pidfile ${PIDPATH}/${PIDFILE} + eend $? +} + + diff --git a/net-analyzer/snort/files/snort.rc11 b/net-analyzer/snort/files/snort.rc11 new file mode 100644 index 0000000..8277575 --- /dev/null +++ b/net-analyzer/snort/files/snort.rc11 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc11,v 1.1 2011/09/22 17:39:51 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e ${SNORT_CONF} ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path /var/run/snort -D -i ${SNORT_IFACE} \ + -c ${SNORT_CONF} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + + local SNORT_PID="`cat /var/run/snort/snort_${SNORT_IFACE}.pid`" + local SNORT_USER="`ps -p ${SNORT_PID} --no-headers -o user`" + + if [ ! -f /var/run/snort/snort_${SNORT_IFACE}.pid ]; then + eerror "Snort isn't running" + return 1 + elif [ ${SNORT_USER} != root ]; then + eerror "Snort must be running as root for reload to work!" + return 1 + else + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --signal HUP --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + fi +} + + diff --git a/net-analyzer/snort/snort-2.9.3.1.ebuild b/net-analyzer/snort/snort-2.9.3.1.ebuild new file mode 100644 index 0000000..35a2583 --- /dev/null +++ b/net-analyzer/snort/snort-2.9.3.1.ebuild @@ -0,0 +1,264 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.3.ebuild,v 1.4 2012/06/27 18:18:52 maekke Exp $ + +EAPI="2" +inherit autotools multilib user + +DESCRIPTION="The de facto standard for intrusion detection/prevention" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" +IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules ++ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response ++normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit +aruba mysql odbc postgres selinux" + +DEPEND=">=net-libs/libpcap-1.0.0 + >=net-libs/daq-0.6 + >=dev-libs/libpcre-6.0 + dev-libs/libdnet + postgres? ( dev-db/postgresql-base ) + mysql? ( virtual/mysql ) + odbc? ( dev-db/unixODBC ) + zlib? ( sys-libs/zlib )" + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-snort )" + +pkg_setup() { + + if use zlib && ! use dynamicplugin; then + eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag." + eerror "'zlib' requires 'dynamicplugin' be enabled." + die + fi + + # pre_inst() is a better place to put this + # but we need it here for the 'fowners' statements in src_install() + enewgroup snort + enewuser snort -1 -1 /dev/null snort + +} + +src_prepare() { + + #Multilib fix for the sf_engine + einfo "Applying multilib fix." + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ + || die "sed for sf_engine failed" + + #Multilib fix for the curent set of dynamic-preprocessors + for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ + || die "sed for $i failed." + done + + AT_M4DIR=m4 eautoreconf +} + +src_configure() { + + econf \ + $(use_enable !static shared) \ + $(use_enable static) \ + $(use_enable static so-with-static-lib) \ + $(use_enable dynamicplugin) \ + $(use_enable zlib) \ + $(use_enable gre) \ + $(use_enable mpls) \ + $(use_enable targetbased) \ + $(use_enable decoder-preprocessor-rules) \ + $(use_enable ppm) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + $(use_enable inline-init-failopen) \ + $(use_enable threads pthread) \ + $(use_enable debug) \ + $(use_enable debug debug-msgs) \ + $(use_enable debug corefiles) \ + $(use_enable !debug dlclose) \ + $(use_enable active-response) \ + $(use_enable normalizer) \ + $(use_enable reload-error-restart) \ + $(use_enable react) \ + $(use_enable flexresp3) \ + $(use_enable paf) \ + $(use_enable large-pcap-64bit large-pcap) \ + $(use_enable aruba) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_with postgres postgresql) \ + --enable-ipv6 \ + --enable-reload \ + --disable-prelude \ + --disable-build-dynamic-examples \ + --disable-profile \ + --disable-ppm-test \ + --disable-intel-soft-cpm \ + --disable-static-daq \ + --disable-rzb-saac \ + --without-oracle +} + +src_install() { + + emake DESTDIR="${D}" install || die "emake failed" + + dodir /var/log/snort \ + /var/run/snort \ + /etc/snort/rules \ + /etc/snort/so_rules \ + /usr/$(get_libdir)/snort_dynamicrules \ + || die "Failed to create core directories" + + # config.log and build.log are needed by Sourcefire + # to trouble shoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + dodoc RELEASE.NOTES ChangeLog \ + doc/* \ + tools/u2boat/README.u2boat \ + || die "Failed to install snort docs" + + insinto /etc/snort + doins etc/attribute_table.dtd \ + etc/classification.config \ + etc/gen-msg.map \ + etc/reference.config \ + etc/threshold.conf \ + etc/unicode.map || die "Failed to install docs in etc" + + # We use snort.conf.distrib because the config file is complicated + # and the one shipped with snort can change drastically between versions. + # Users should migrate setting by hand and not with etc-update. + newins etc/snort.conf snort.conf.distrib \ + || die "Failed to add snort.conf.distrib" + + # config.log and build.log are needed by Sourcefire + # to troubleshoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + # 'die' was intentionally not added here. + if [ -f "${WORKDIR}/${PF}/config.log" ]; then + dodoc "${WORKDIR}/${PF}/config.log" + fi + if [ -f "${T}/build.log" ]; then + dodoc "${T}/build.log" + fi + + insinto /etc/snort/preproc_rules + doins preproc_rules/decoder.rules \ + preproc_rules/preprocessor.rules \ + preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files" + + fowners -R snort:snort \ + /var/log/snort \ + /var/run/snort \ + /etc/snort || die + + newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script" + newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file" + + # Sourcefire uses Makefiles to install docs causing Bug #297190. + # This removes the unwanted doc directory and rogue Makefiles. + rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories" + rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files" + + #Remove unneeded .la files (Bug #382863) + rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die + rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la" + + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection + sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct rule location in the config + sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct preprocessor/decoder rule location in the config + sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Enable the preprocessor/decoder rules + sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Just some clean up of trailing /'s in the config + sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Make it clear in the config where these are... + sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable all rule files by default. + sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable normalizer preprocessor config if normalizer USE flag not set. + if ! use normalizer; then + sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \ + "${D}etc/snort/snort.conf.distrib" || die + fi + + # Set the configured DAQ to afpacket + sed -i -e 's|^# config daq: |config daq: afpacket|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the location of the DAQ modules + sed -i -e 's|^# config daq_dir: |config daq_dir: /usr/'$(get_libdir)'/daq|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the DAQ mode to passive + sed -i -e 's|^# config daq_mode: |config daq_mode: passive|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set snort to run as snort:snort + sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the default log dir + sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct so_rule location in the config + sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die +} + +pkg_postinst() { + + einfo "There have been a number of improvements and new features" + einfo "added to ${P}. Please review the RELEASE.NOTES and" + einfo "ChangLog located in /usr/share/doc/${PF}." + einfo + elog "The Sourcefire Vulnerability Research Team (VRT) recommends that" + elog "users migrate their snort.conf customizations to the latest config" + elog "file released by the VRT. You can find the latest version of the" + elog "Snort config file in /etc/snort/snort.conf.distrib." + elog + elog "!! It is important that you migrate to this new snort.conf file !!" + elog + elog "This version of the ebuild includes an updated init.d file and" + elog "conf.d file that rely on options found in the latest Snort" + elog "config file provided by the VRT." + + if use debug; then + elog "You have the 'debug' USE flag enabled. If this has been done to" + elog "troubleshoot an issue by producing a core dump or a back trace," + elog "then you need to also ensure the FEATURES variable in make.conf" + elog "contains the 'nostrip' option." + fi +} diff --git a/net-analyzer/snort/snort/files/disabledynamic.patch b/net-analyzer/snort/snort/files/disabledynamic.patch deleted file mode 100644 index d1ace23..0000000 --- a/net-analyzer/snort/snort/files/disabledynamic.patch +++ /dev/null @@ -1,110 +0,0 @@ -? cflags.out -? cppflags.out -? cscope.out -? disabledynamic.patch -? http.patch -? log -? make.out -? rules.work -? snort-build.sh -? snort.pc -? ylwrap -? etc/snort.conf.work -? src/dynamic-preprocessors/rzb_saac/Makefile -? tools/u2boat/u2boat -? tools/u2spewfoo/u2spewfoo -Index: src/fpcreate.c -=================================================================== -RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v -retrieving revision 1.107.2.2 -diff -u -p -r1.107.2.2 fpcreate.c ---- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 -+++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 -@@ -70,6 +70,8 @@ - #include "dynamic-plugins/sp_preprocopt.h" - #endif - -+#include "dynamic-plugins/sf_dynamic_define.h" -+ - - /* - * Content flag values -@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP - fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp); - #endif - -+#ifdef DYNAMIC_PLUGIN - /* No content added */ - if (pmd == preproc_opt_pmds) - FreePmdList(pmd); -+#endif - - if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0) - return -1; -Index: src/dynamic-plugins/sf_dynamic_define.h -=================================================================== -RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v -retrieving revision 1.15.4.1 -diff -u -p -r1.15.4.1 sf_dynamic_define.h ---- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 -+++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 -@@ -96,5 +96,15 @@ typedef enum { - #endif - #endif - -+/* Parameters are rule info pointer, int to indicate URI or NORM, -+ * and list pointer */ -+#define CONTENT_NORMAL 0x01 -+#define CONTENT_HTTP_URI 0x02 -+#define CONTENT_HTTP_HEADER 0x04 -+#define CONTENT_HTTP_CLIENT_BODY 0x08 -+#define CONTENT_HTTP_METHOD 0x10 -+#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ -+ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) -+ - #endif /* _SF_DYNAMIC_DEFINE_H_ */ - -Index: src/dynamic-plugins/sf_dynamic_engine.h -=================================================================== -RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v -retrieving revision 1.54.2.1 -diff -u -p -r1.54.2.1 sf_dynamic_engine.h ---- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 -+++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 -@@ -77,15 +77,6 @@ typedef struct _FPContentInfo - - } FPContentInfo; - --/* Parameters are rule info pointer, int to indicate URI or NORM, -- * and list pointer */ --#define CONTENT_NORMAL 0x01 --#define CONTENT_HTTP_URI 0x02 --#define CONTENT_HTTP_HEADER 0x04 --#define CONTENT_HTTP_CLIENT_BODY 0x08 --#define CONTENT_HTTP_METHOD 0x10 --#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ -- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) - typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **); - typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **); - typedef void (*RuleFreeFunc)(void *); -Index: src/preprocessors/Stream5/snort_stream5_tcp.c -=================================================================== -RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v -retrieving revision 1.296.2.5 -diff -u -p -r1.296.2.5 snort_stream5_tcp.c ---- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 -+++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 -@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void) - RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit, - &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup, - NULL, NULL, NULL, NULL); --#endif - - #ifdef PERF_PROFILING - RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats); - RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats); - #endif -+#endif - - } - diff --git a/net-analyzer/snort/snort/files/snort.confd b/net-analyzer/snort/snort/files/snort.confd deleted file mode 100644 index c429ca6..0000000 --- a/net-analyzer/snort/snort/files/snort.confd +++ /dev/null @@ -1,17 +0,0 @@ -# Config file for /etc/init.d/snort - -# This tell snort which interface to listen on (any for every interface) -IFACE="eth1" - -# You do NOT want to change this -PIDPATH="/var/run/snort" -PIDFILE="snort_$IFACE.pid" - -# You probably don't want to change this, but in case you do -LOGDIR="/var/log/snort" - -# Probably not this either -CONF="/etc/snort/snort.conf" - -# This pulls in the options above -SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF" diff --git a/net-analyzer/snort/snort/files/snort.confd.2 b/net-analyzer/snort/snort/files/snort.confd.2 deleted file mode 100644 index 780c910..0000000 --- a/net-analyzer/snort/snort/files/snort.confd.2 +++ /dev/null @@ -1,16 +0,0 @@ -# Config file for /etc/init.d/snort - -# The following options are now set in your snort.conf file: -# config set_gid: -# config set_uid: -# config snaplen: -# config bpf_file: -# config logdir: - -# The only options that should be set here are SNORT_IFACE and SNORT_CONF. - -# This tell snort which interface to listen on (any for every interface) -SNORT_IFACE="eth1" - -# Probably not this either -SNORT_CONF="/etc/snort/snort.conf" diff --git a/net-analyzer/snort/snort/files/snort.rc10 b/net-analyzer/snort/snort/files/snort.rc10 deleted file mode 100644 index fa88cbd..0000000 --- a/net-analyzer/snort/snort/files/snort.rc10 +++ /dev/null @@ -1,50 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc10,v 1.1 2010/11/02 18:22:10 patrick Exp $ - -opts="checkconfig reload" - -depend() { - need net - after mysql - after postgresql -} - -checkconfig() { - if [ ! -e $CONF ] ; then - eerror "You need a configuration file to run snort" - eerror "There is an example config in /etc/snort/snort.conf.distrib" - return 1 - fi -} - -start() { - checkconfig || return 1 - ebegin "Starting snort" - start-stop-daemon --start --quiet --exec /usr/bin/snort \ - -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 - eend $? -} - -stop() { - ebegin "Stopping snort" - start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} - # Snort needs a few seconds to fully shutdown - sleep 15 - eend $? -} - -reload() { - if [ ! -f ${PIDPATH}/${PIDFILE} ]; then - eerror "Snort isn't running" - return 1 - fi - - checkconfig || return 1 - ebegin "Reloading Snort" - start-stop-daemon --stop --oknodo --signal HUP --pidfile ${PIDPATH}/${PIDFILE} - eend $? -} - - diff --git a/net-analyzer/snort/snort/files/snort.rc11 b/net-analyzer/snort/snort/files/snort.rc11 deleted file mode 100644 index 8277575..0000000 --- a/net-analyzer/snort/snort/files/snort.rc11 +++ /dev/null @@ -1,57 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc11,v 1.1 2011/09/22 17:39:51 patrick Exp $ - -opts="checkconfig reload" - -depend() { - need net - after mysql - after postgresql -} - -checkconfig() { - if [ ! -e ${SNORT_CONF} ] ; then - eerror "You need a configuration file to run snort" - eerror "There is an example config in /etc/snort/snort.conf.distrib" - return 1 - fi -} - -start() { - checkconfig || return 1 - ebegin "Starting snort" - start-stop-daemon --start --quiet --exec /usr/bin/snort \ - -- --nolock-pidfile --pid-path /var/run/snort -D -i ${SNORT_IFACE} \ - -c ${SNORT_CONF} >/dev/null 2>&1 - eend $? -} - -stop() { - ebegin "Stopping snort" - start-stop-daemon --stop --quiet --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid - # Snort needs a few seconds to fully shutdown - sleep 15 - eend $? -} - -reload() { - - local SNORT_PID="`cat /var/run/snort/snort_${SNORT_IFACE}.pid`" - local SNORT_USER="`ps -p ${SNORT_PID} --no-headers -o user`" - - if [ ! -f /var/run/snort/snort_${SNORT_IFACE}.pid ]; then - eerror "Snort isn't running" - return 1 - elif [ ${SNORT_USER} != root ]; then - eerror "Snort must be running as root for reload to work!" - return 1 - else - checkconfig || return 1 - ebegin "Reloading Snort" - start-stop-daemon --signal HUP --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid - fi -} - - diff --git a/net-analyzer/snort/snort/snort-2.9.3.1.ebuild b/net-analyzer/snort/snort/snort-2.9.3.1.ebuild deleted file mode 100644 index 35a2583..0000000 --- a/net-analyzer/snort/snort/snort-2.9.3.1.ebuild +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.3.ebuild,v 1.4 2012/06/27 18:18:52 maekke Exp $ - -EAPI="2" -inherit autotools multilib user - -DESCRIPTION="The de facto standard for intrusion detection/prevention" -HOMEPAGE="http://www.snort.org/" -SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules -+ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response -+normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit -aruba mysql odbc postgres selinux" - -DEPEND=">=net-libs/libpcap-1.0.0 - >=net-libs/daq-0.6 - >=dev-libs/libpcre-6.0 - dev-libs/libdnet - postgres? ( dev-db/postgresql-base ) - mysql? ( virtual/mysql ) - odbc? ( dev-db/unixODBC ) - zlib? ( sys-libs/zlib )" - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-snort )" - -pkg_setup() { - - if use zlib && ! use dynamicplugin; then - eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag." - eerror "'zlib' requires 'dynamicplugin' be enabled." - die - fi - - # pre_inst() is a better place to put this - # but we need it here for the 'fowners' statements in src_install() - enewgroup snort - enewuser snort -1 -1 /dev/null snort - -} - -src_prepare() { - - #Multilib fix for the sf_engine - einfo "Applying multilib fix." - sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ - "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ - || die "sed for sf_engine failed" - - #Multilib fix for the curent set of dynamic-preprocessors - for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do - sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ - "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ - || die "sed for $i failed." - done - - AT_M4DIR=m4 eautoreconf -} - -src_configure() { - - econf \ - $(use_enable !static shared) \ - $(use_enable static) \ - $(use_enable static so-with-static-lib) \ - $(use_enable dynamicplugin) \ - $(use_enable zlib) \ - $(use_enable gre) \ - $(use_enable mpls) \ - $(use_enable targetbased) \ - $(use_enable decoder-preprocessor-rules) \ - $(use_enable ppm) \ - $(use_enable perfprofiling) \ - $(use_enable linux-smp-stats) \ - $(use_enable inline-init-failopen) \ - $(use_enable threads pthread) \ - $(use_enable debug) \ - $(use_enable debug debug-msgs) \ - $(use_enable debug corefiles) \ - $(use_enable !debug dlclose) \ - $(use_enable active-response) \ - $(use_enable normalizer) \ - $(use_enable reload-error-restart) \ - $(use_enable react) \ - $(use_enable flexresp3) \ - $(use_enable paf) \ - $(use_enable large-pcap-64bit large-pcap) \ - $(use_enable aruba) \ - $(use_with mysql) \ - $(use_with odbc) \ - $(use_with postgres postgresql) \ - --enable-ipv6 \ - --enable-reload \ - --disable-prelude \ - --disable-build-dynamic-examples \ - --disable-profile \ - --disable-ppm-test \ - --disable-intel-soft-cpm \ - --disable-static-daq \ - --disable-rzb-saac \ - --without-oracle -} - -src_install() { - - emake DESTDIR="${D}" install || die "emake failed" - - dodir /var/log/snort \ - /var/run/snort \ - /etc/snort/rules \ - /etc/snort/so_rules \ - /usr/$(get_libdir)/snort_dynamicrules \ - || die "Failed to create core directories" - - # config.log and build.log are needed by Sourcefire - # to trouble shoot build problems and bug reports so we are - # perserving them incase the user needs upstream support. - dodoc RELEASE.NOTES ChangeLog \ - doc/* \ - tools/u2boat/README.u2boat \ - || die "Failed to install snort docs" - - insinto /etc/snort - doins etc/attribute_table.dtd \ - etc/classification.config \ - etc/gen-msg.map \ - etc/reference.config \ - etc/threshold.conf \ - etc/unicode.map || die "Failed to install docs in etc" - - # We use snort.conf.distrib because the config file is complicated - # and the one shipped with snort can change drastically between versions. - # Users should migrate setting by hand and not with etc-update. - newins etc/snort.conf snort.conf.distrib \ - || die "Failed to add snort.conf.distrib" - - # config.log and build.log are needed by Sourcefire - # to troubleshoot build problems and bug reports so we are - # perserving them incase the user needs upstream support. - # 'die' was intentionally not added here. - if [ -f "${WORKDIR}/${PF}/config.log" ]; then - dodoc "${WORKDIR}/${PF}/config.log" - fi - if [ -f "${T}/build.log" ]; then - dodoc "${T}/build.log" - fi - - insinto /etc/snort/preproc_rules - doins preproc_rules/decoder.rules \ - preproc_rules/preprocessor.rules \ - preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files" - - fowners -R snort:snort \ - /var/log/snort \ - /var/run/snort \ - /etc/snort || die - - newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script" - newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file" - - # Sourcefire uses Makefiles to install docs causing Bug #297190. - # This removes the unwanted doc directory and rogue Makefiles. - rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories" - rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files" - - #Remove unneeded .la files (Bug #382863) - rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die - rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la" - - # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection - sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set the correct rule location in the config - sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set the correct preprocessor/decoder rule location in the config - sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Enable the preprocessor/decoder rules - sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Just some clean up of trailing /'s in the config - sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Make it clear in the config where these are... - sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Disable all rule files by default. - sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Disable normalizer preprocessor config if normalizer USE flag not set. - if ! use normalizer; then - sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \ - "${D}etc/snort/snort.conf.distrib" || die - fi - - # Set the configured DAQ to afpacket - sed -i -e 's|^# config daq: |config daq: afpacket|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set the location of the DAQ modules - sed -i -e 's|^# config daq_dir: |config daq_dir: /usr/'$(get_libdir)'/daq|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set the DAQ mode to passive - sed -i -e 's|^# config daq_mode: |config daq_mode: passive|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set snort to run as snort:snort - sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \ - "${D}etc/snort/snort.conf.distrib" || die - sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set the default log dir - sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \ - "${D}etc/snort/snort.conf.distrib" || die - - # Set the correct so_rule location in the config - sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \ - "${D}etc/snort/snort.conf.distrib" || die -} - -pkg_postinst() { - - einfo "There have been a number of improvements and new features" - einfo "added to ${P}. Please review the RELEASE.NOTES and" - einfo "ChangLog located in /usr/share/doc/${PF}." - einfo - elog "The Sourcefire Vulnerability Research Team (VRT) recommends that" - elog "users migrate their snort.conf customizations to the latest config" - elog "file released by the VRT. You can find the latest version of the" - elog "Snort config file in /etc/snort/snort.conf.distrib." - elog - elog "!! It is important that you migrate to this new snort.conf file !!" - elog - elog "This version of the ebuild includes an updated init.d file and" - elog "conf.d file that rely on options found in the latest Snort" - elog "config file provided by the VRT." - - if use debug; then - elog "You have the 'debug' USE flag enabled. If this has been done to" - elog "troubleshoot an issue by producing a core dump or a back trace," - elog "then you need to also ensure the FEATURES variable in make.conf" - elog "contains the 'nostrip' option." - fi -} -- cgit v1.2.3