diff options
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/snort/ChangeLog | 11 | ||||
-rw-r--r-- | net-analyzer/snort/files/pcap_memory.patch | 19 | ||||
-rw-r--r-- | net-analyzer/snort/files/snort-2.8.4-libnet.patch | 221 | ||||
-rw-r--r-- | net-analyzer/snort/files/snort.confd | 9 | ||||
-rw-r--r-- | net-analyzer/snort/files/snort.rc9 | 34 | ||||
-rw-r--r-- | net-analyzer/snort/files/spo_database_fix.patch | 18 | ||||
-rw-r--r-- | net-analyzer/snort/metadata.xml | 13 | ||||
-rw-r--r-- | net-analyzer/snort/snort-2.8.4.ebuild | 364 |
8 files changed, 681 insertions, 8 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog index c53b8051632d..2df80849eb86 100644 --- a/net-analyzer/snort/ChangeLog +++ b/net-analyzer/snort/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-analyzer/snort # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.139 2009/03/01 19:16:21 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.140 2009/04/17 12:05:30 patrick Exp $ + +*snort-2.8.4 (17 Apr 2009) + + 17 Apr 2009; Patrick Lauer <patrick@gentoo.org> + +files/snort-2.8.4-libnet.patch, +files/pcap_memory.patch, + files/snort.confd, +files/snort.rc9, +files/spo_database_fix.patch, + metadata.xml, +snort-2.8.4.ebuild: + Bump to 2.8.4. Reworked ebuild thanks to Jason Wallace. Lots of changes, + see bug #266288 for details. *snort-2.6.1.4-r1 (01 Mar 2009) diff --git a/net-analyzer/snort/files/pcap_memory.patch b/net-analyzer/snort/files/pcap_memory.patch new file mode 100644 index 000000000000..0f75e34dc60d --- /dev/null +++ b/net-analyzer/snort/files/pcap_memory.patch @@ -0,0 +1,19 @@ +diff -ru snort-2.8.4.orig/src/snort.c snort-2.8.4/src/snort.c +--- snort-2.8.4.orig/src/snort.c 2009-01-28 11:37:03.000000000 -0500 ++++ snort-2.8.4/src/snort.c 2009-04-09 10:48:26.000000000 -0400 +@@ -1188,6 +1188,15 @@ + LogMessage("Not Using PCAP_FRAMES\n" ); + } + ++ if( getenv("PCAP_MEMORY") ) ++ { ++ LogMessage("Using PCAP_MEMORY = %s\n", getenv("PCAP_MEMORY") ); ++ } ++ else ++ { ++ LogMessage("Not Using PCAP_MEMORY\n" ); ++ } ++ + #ifdef TIMESTATS + start_time = time(&start_time); /* start counting seconds */ + #endif diff --git a/net-analyzer/snort/files/snort-2.8.4-libnet.patch b/net-analyzer/snort/files/snort-2.8.4-libnet.patch new file mode 100644 index 000000000000..b0f073a14d51 --- /dev/null +++ b/net-analyzer/snort/files/snort-2.8.4-libnet.patch @@ -0,0 +1,221 @@ +diff -ru snort-2.8.4.rc1/configure.in snort-2.8.4.rc1_gentoo/configure.in +--- snort-2.8.4.rc1/configure.in 2009-04-06 08:54:54.000000000 -0400 ++++ snort-2.8.4.rc1_gentoo/configure.in 2009-04-06 09:08:37.000000000 -0400 +@@ -1214,19 +1214,19 @@ + else + libnet_dir="/usr/include /usr/local/include /sw/include" + fi +- AC_MSG_CHECKING("for libnet.h version 1.0.x") ++ AC_MSG_CHECKING("for libnet-1.0.h version 1.0.x") + for i in $libnet_dir; do +- if test -r "$i/libnet.h"; then ++ if test -r "$i/libnet-1.0.h"; then + LIBNET_INC_DIR="$i" + fi + done + + if test "$LIBNET_INC_DIR" != ""; then +- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0 >/dev/null"; then +- FAIL_MESSAGE("libnet 1.0.x (libnet.h)", $LIBNET_INC_DIR) ++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0 >/dev/null"; then ++ FAIL_MESSAGE("libnet 1.0.x (libnet-1.0.h)", $LIBNET_INC_DIR) + fi +- CFLAGS="${CFLAGS} `libnet-config --defines` `libnet-config --cflags`" +- LIBS="${LIBS} `libnet-config --libs`" ++ CFLAGS="${CFLAGS} `libnet-1.0-config --defines` `libnet-1.0-config --cflags`" ++ LIBS="${LIBS} `libnet-1.0-config --libs`" + CPPFLAGS="${CPPFLAGS} -I${LIBNET_INC_DIR}" + AC_MSG_RESULT($i) + else +@@ -1248,8 +1248,8 @@ + [ --enable-flexresp Flexible Responses on hostile connection attempts], + enable_flexresp="$enableval", enable_flexresp="no") + if test "x$enable_flexresp" = "xyes"; then +- CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-config --defines --cflags`" +- LDFLAGS="${LDFLAGS} `libnet-config --libs`" ++ CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-1.0-config --defines --cflags`" ++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`" + fi + + if test "x$enable_flexresp" != "xno" -a "x$enable_flexresp" = "xyes"; then +@@ -1259,21 +1259,21 @@ + exit + fi + +- if test `libnet-config --cflags | wc -c` = "1"; then ++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then + CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" + LIBNET_CONFIG_BROKEN_CFLAGS="yes" + fi + +- if test `libnet-config --libs | wc -c` = "1"; then +- AC_MSG_WARN(libnet-config --libs is broken on your system. If you) ++ if test `libnet-1.0-config --libs | wc -c` = "1"; then ++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you) + AC_MSG_WARN(are using a precompiled package please notify the) + AC_MSG_WARN(maintainer.) + LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" +- LIBS="${LIBS} -lnet" ++ LIBS="${LIBS} -lnet-1.0" + fi + + LNET="" +- AC_CHECK_HEADERS(libnet.h,, LNET="no") ++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no") + if test "x$LNET" = "xno"; then + echo + echo " ERROR! Libnet header not found, go get it from" +@@ -1291,33 +1291,33 @@ + libnet_dir="/usr/include /usr/local/include /sw/include" + fi + else +- libnet_dir=`libnet-config --cflags | cut -dI -f2` ++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2` + fi + + LIBNET_INC_DIR="" + for i in $libnet_dir; do +- if test -r "$i/libnet.h"; then ++ if test -r "$i/libnet-1.0.h"; then + LIBNET_INC_DIR="$i" + fi + done + + if test "x$LIBNET_INC_DIR" != "x"; then +- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then ++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then + AC_MSG_RESULT(no) + echo + echo " ERROR! Snort with --enable-flexresp will *only* work with" + echo " libnet version 1.0.2a, go get it from" + echo " http://www.packetfactory.net/projects/libnet/" +- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR) ++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR) + fi + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) +- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir) ++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir) + fi + + LNET="" +- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no") ++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no") + if test "x$LNET" = "xno"; then + echo + echo " ERROR! Libnet library not found, go get it from" +@@ -1368,8 +1368,8 @@ + [ --enable-react Intercept and terminate offending HTTP accesses], + enable_react="$enableval", enable_react="no") + if test "x$enable_react" = "xyes"; then +- CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-config --defines --cflags`" +- LDFLAGS="${LDFLAGS} `libnet-config --libs`" ++ CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-1.0-config --defines --cflags`" ++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`" + fi + + if test "x$enable_react" != "xno" -a "x$enable_react" = "xyes"; then +@@ -1380,13 +1380,13 @@ + exit + fi + +- if test `libnet-config --cflags | wc -c` = "1"; then ++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then + CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" + LIBNET_CONFIG_BROKEN_CFLAGS="yes" + fi + +- if test `libnet-config --libs | wc -c` = "1"; then +- AC_MSG_WARN(libnet-config --libs is broken on your system. If you) ++ if test `libnet-1.0-config --libs | wc -c` = "1"; then ++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you) + AC_MSG_WARN(are using a precompiled package please notify the) + AC_MSG_WARN(maintainer.) + LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" +@@ -1394,7 +1394,7 @@ + fi + + LNET="" +- AC_CHECK_HEADERS(libnet.h,, LNET="no") ++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no") + if test "x$LNET" = "xno"; then + echo + echo " ERROR! Libnet header not found, go get it from" +@@ -1412,33 +1412,33 @@ + libnet_dir="/usr/include /usr/local/include /sw/include" + fi + else +- libnet_dir=`libnet-config --cflags | cut -dI -f2` ++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2` + fi + + LIBNET_INC_DIR="" + for i in $libnet_dir; do +- if test -r "$i/libnet.h"; then ++ if test -r "$i/libnet-1.0.h"; then + LIBNET_INC_DIR="$i" + fi + done + + if test "x$LIBNET_INC_DIR" != "x"; then +- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then ++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then + AC_MSG_RESULT(no) + echo + echo " ERROR! Snort with --enable-react will *only* work with" + echo " libnet version 1.0.2a, go get it from" + echo " http://www.packetfactory.net/projects/libnet/" +- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR) ++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR) + fi + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) +- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir) ++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir) + fi + + LNET="" +- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no") ++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no") + if test "x$LNET" = "xno"; then + echo + echo " ERROR! Libnet library not found, go get it from" +Only in snort-2.8.4.rc1_gentoo/: configure.in.orig +diff -ru snort-2.8.4.rc1/src/detection-plugins/sp_react.c snort-2.8.4.rc1_gentoo/src/detection-plugins/sp_react.c +--- snort-2.8.4.rc1/src/detection-plugins/sp_react.c 2009-04-06 08:54:54.000000000 -0400 ++++ snort-2.8.4.rc1_gentoo/src/detection-plugins/sp_react.c 2009-04-06 09:08:37.000000000 -0400 +@@ -59,7 +59,7 @@ + #include <stdlib.h> + #include <string.h> + #include <ctype.h> +-#include <libnet.h> ++#include <libnet-1.0.h> + + #include "rules.h" + #include "decode.h" +diff -ru snort-2.8.4.rc1/src/detection-plugins/sp_respond.c snort-2.8.4.rc1_gentoo/src/detection-plugins/sp_respond.c +--- snort-2.8.4.rc1/src/detection-plugins/sp_respond.c 2009-04-06 08:54:54.000000000 -0400 ++++ snort-2.8.4.rc1_gentoo/src/detection-plugins/sp_respond.c 2009-04-06 09:08:37.000000000 -0400 +@@ -36,7 +36,7 @@ + + + #if defined(ENABLE_RESPONSE) && !defined(ENABLE_RESPONSE2) +-#include <libnet.h> ++#include <libnet-1.0.h> + + #include "decode.h" + #include "rules.h" +diff -ru snort-2.8.4.rc1/src/inline.c snort-2.8.4.rc1_gentoo/src/inline.c +--- snort-2.8.4.rc1/src/inline.c 2009-04-06 08:54:54.000000000 -0400 ++++ snort-2.8.4.rc1_gentoo/src/inline.c 2009-04-06 09:08:37.000000000 -0400 +@@ -20,7 +20,7 @@ + #include <stdlib.h> + #include <string.h> + #include <pcap.h> +-#include <libnet.h> ++#include <libnet-1.0.h> + + #include "decode.h" + #include "inline.h" diff --git a/net-analyzer/snort/files/snort.confd b/net-analyzer/snort/files/snort.confd index d4d240ac966b..c429ca61b2cb 100644 --- a/net-analyzer/snort/files/snort.confd +++ b/net-analyzer/snort/files/snort.confd @@ -1,16 +1,17 @@ # Config file for /etc/init.d/snort # This tell snort which interface to listen on (any for every interface) -IFACE=eth0 +IFACE="eth1" -# Make sure this matches your IFACE -PIDFILE=/var/run/snort_$IFACE.pid +# You do NOT want to change this +PIDPATH="/var/run/snort" +PIDFILE="snort_$IFACE.pid" # You probably don't want to change this, but in case you do LOGDIR="/var/log/snort" # Probably not this either -CONF=/etc/snort/snort.conf +CONF="/etc/snort/snort.conf" # This pulls in the options above SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF" diff --git a/net-analyzer/snort/files/snort.rc9 b/net-analyzer/snort/files/snort.rc9 new file mode 100644 index 000000000000..6c65a353adc8 --- /dev/null +++ b/net-analyzer/snort/files/snort.rc9 @@ -0,0 +1,34 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc9,v 1.3 2009/04/17 12:05:29 patrick Exp $ + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} diff --git a/net-analyzer/snort/files/spo_database_fix.patch b/net-analyzer/snort/files/spo_database_fix.patch new file mode 100644 index 000000000000..944b3ee49e14 --- /dev/null +++ b/net-analyzer/snort/files/spo_database_fix.patch @@ -0,0 +1,18 @@ +diff -ru snort-2.8.4.orig/src/output-plugins/spo_database.c snort-2.8.4/src/output-plugins/spo_database.c +--- snort-2.8.4.orig/src/output-plugins/spo_database.c 2009-01-26 16:50:26.000000000 -0500 ++++ snort-2.8.4/src/output-plugins/spo_database.c 2009-04-14 10:43:28.000000000 -0400 +@@ -2798,6 +2798,14 @@ + { + result = atoi(data->m_row[0]); + } ++ else ++ { ++ result = 0; ++ } ++ } ++ else ++ { ++ result = 0; + } + } + mysql_free_result(data->m_result); diff --git a/net-analyzer/snort/metadata.xml b/net-analyzer/snort/metadata.xml index d76e098fcf6a..3bd53ba25071 100644 --- a/net-analyzer/snort/metadata.xml +++ b/net-analyzer/snort/metadata.xml @@ -1,17 +1,24 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> +<maintainer> + <email>patrick@gentoo.org</email> + <name>Patrick Lauer</name> +</maintainer> + <herd>netmon</herd> <longdescription>Libpcap-based packet sniffer/logger/lightweight IDS</longdescription> <use> -<flag name='aruba'>Enable Aruba support</flag> -<flag name='community-rules'>Include Community rules</flag> + +<flag name='aruba'>Enable Aruba support</flag> +<flag name='community-rules'>Include Community rules</flag> <flag name='decoder-preprocessor-rules'></flag> <flag name='dynamicplugin'>Enable ability to dynamically load preprocessors, detection engine, and rules library</flag> <flag name='flexresp'>Enable new connection tearing (not recommended)</flag> <flag name='flexresp2'>Enable new connection tearing</flag> <flag name='gre'>Enable GRE support</flag> -<flag name='inline'>Enable snort-inline for accepting packets from <pkg>net-firewall/iptables</pkg>, via libipq, rather than <pkg>net-libs/libpcap</pkg>.</flag> +<flag name='inline'>Enable snort-inline for accepting packets from <pkg>net-firewall/iptables</pkg>, via libipq, rather than + <pkg>net-libs/libpcap</pkg>.</flag> <flag name='inline-init-failopen'>Enable inline-init-failopen support</flag> <flag name='linux-smp-stats'>Enable statistics reporting through proc on smp systems</flag> <flag name='memory-cleanup'>Enable memory-cleanup support</flag> diff --git a/net-analyzer/snort/snort-2.8.4.ebuild b/net-analyzer/snort/snort-2.8.4.ebuild new file mode 100644 index 000000000000..3e71d69bf439 --- /dev/null +++ b/net-analyzer/snort/snort-2.8.4.ebuild @@ -0,0 +1,364 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.4.ebuild,v 1.1 2009/04/17 12:05:30 patrick Exp $ + +AT_M4DIR=m4 + +inherit eutils autotools multilib + +DESCRIPTION="The de facto standard for intrusion detection/prevention" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86" +IUSE="static debug threads prelude memory-cleanup dynamicplugin decoder-preprocessor-rules ipv6 targetbased timestats ppm perfprofiling linux-smp-stats inline inline-init-failopen flexresp flexresp2 react aruba gre mpls postgres mysql odbc selinux" + +#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a +DEPEND="virtual/libc + virtual/libpcap + >=dev-libs/libpcre-6.0 + flexresp2? ( dev-libs/libdnet ) + flexresp? ( ~net-libs/libnet-1.0.2a ) + react? ( ~net-libs/libnet-1.0.2a ) + postgres? ( virtual/postgresql-base ) + mysql? ( virtual/mysql ) + odbc? ( dev-db/unixODBC ) + prelude? ( >=dev-libs/libprelude-0.9.0 ) + inline? ( ~net-libs/libnet-1.0.2a net-firewall/iptables )" + +RDEPEND="${DEPEND} + dev-lang/perl + selinux? ( sec-policy/selinux-snort )" + +pkg_setup() { + enewgroup snort + enewuser snort -1 -1 /dev/null snort + + if use flexresp && use flexresp2 ; then + ewarn + ewarn + ewarn "You have both the 'flexresp' and 'flexresp2' USE" + ewarn "flags set. You can use 'flexresp' OR 'flexresp2'" + ewarn "but not both." + ewarn + ewarn "Defaulting to flexresp2..." + ewarn + ewarn + epause + fi + + if use memory-cleanup && ! use dynamicplugin; then + ewarn + ewarn + ewarn "You have enabled 'memory-cleanup' but not 'dynamicplugin'." + ewarn "'memory-cleanup' requires 'dynamicplugin' to compile." + ewarn + ewarn "Enabling dynamicplugin..." + ewarn + ewarn + epause + fi + + if use inline-init-failopen && ! use inline; then + ewarn + ewarn + ewarn "You have enabled 'inline-init-failopen' but not 'inline'." + ewarn "'inline-init-failopen' is an 'inline' only function." + ewarn + ewarn "Enabling inline mode..." + ewarn + ewarn + epause + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + + #Dont monkey with the original source if you don't need to. + if use flexresp || use react || use inline || use inline-init-failopen; then + epatch "${FILESDIR}/${PN}-2.8.4-libnet.patch" + fi + + #Added patch to print the value of PCAP_MEMORY + epatch "${FILESDIR}/pcap_memory.patch" + + #Added patch to fix problem with the DB output plugin + #This will be included upstream in the next version released + epatch "${FILESDIR}/spo_database_fix.patch" + + if use prelude ; then + sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in + fi + + einfo "Regenerating autoconf/automake files" + eautoreconf +} + +src_compile() { + local myconf + + #Both shared and static are enable by defaut so we need to be specific + if use static; then + myconf="${myconf} --enable-static --disable-shared" + else + myconf="${myconf} --disable-static --enable-shared" + fi + + #Added in ebuild version snort-2.8.3.1. Should be rechecked in updated versions. + #Use 'die' because ./configure will die any ways with the same error message... + if use ipv6 && use targetbased; then + die "Support for target-based and IPv6 cannot be enabled simultaneously in this version." + fi + + #Sourcefire is often not clear about what is and is not enabled by default + #To avoid undesired results we should be very specific + #Also, See the next 'if' for "react" + if ! use react && use flexresp && ! use flexresp2; then + myconf="${myconf} --enable-flexresp --disable-flexresp2" + elif ! use react && ! use flexresp && use flexresp2; then + myconf="${myconf} --disable-flexresp --enable-flexresp2" + elif ! use react && use flexresp && use flexresp2; then + myconf="${myconf} --disable-flexresp --enable-flexresp2" + elif ! use react && ! use flexresp && ! use flexresp2; then + myconf="${myconf} --disable-flexresp --disable-flexresp2" + fi + + #We need to do this becaue 'react' automaticly enables 'flexresp' + #but ./configure fails if both --enable-react and --enable-flexresp + #are used. Here is the error... + #ERROR! --enable-react cannot be used with --enable-flexresp + #because it is AUTOMATICALLY enabled with --enable-flexresp + #Given that --enable-flexresp is enable we know that + #--disable-flexresp2 should be used + if use react; then + myconf="${myconf} --enable-react --disable-flexresp2" + fi + + #USE flag memory-cleanup requires dynamicplugin + #Only 'dynamicplugin' is set here, 'memory-cleanup' is set below via econf. + if use memory-cleanup || use dynamicplugin; then + myconf="${myconf} --enable-dynamicplugin" + else + myconf="${myconf} --disable-dynamicplugin" + fi + + + # USE flages 'targetbased' and 'inline-init-failopen' require threads + #Only 'threads' is set here. 'targetbased' and 'inline-init-failopen' are set below via econf. + if use targetbased || use inline-init-failopen || use threads; then + myconf="${myconf} --enable-pthread" + else + myconf="${myconf} --disable-pthread" + fi + + #Only needed if... + if use flexresp || use react || use inline; then + myconf="${myconf} --with-libipq-includes=/usr/include/libipq" + fi + + #'inline-init-failopen' requires 'inline' + if use inline-init-failopen || use inline; then + myconf="${myconf} --enable-inline" + else + myconf="${myconf} --disable-inline" + fi + +#The --enable-<feature> options... +#'static' 'threads' 'react' 'flexresp' 'flexresp2' 'inline' 'dynamicplugin' +# are configured above due to dependancy/conflict issues. + +#All others are handled the standard ebuild way via econf + + econf \ + --without-oracle \ + $(use_with postgres postgresql) \ + $(use_with mysql) \ + $(use_with odbc) \ + --with-pic \ + --disable-ipfw \ + --disable-profile \ + --disable-ppm-test \ + $(use_enable debug) \ + $(use_enable prelude) \ + $(use_enable memory-cleanup) \ + $(use_enable decoder-preprocessor-rules) \ + $(use_enable ipv6) \ + $(use_enable targetbased) \ + $(use_enable timestats) \ + $(use_enable ppm) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + $(use_enable inline-init-failopen) \ + $(use_enable aruba) \ + $(use_enable gre) \ + $(use_enable mpls) \ + ${myconf} || die "econf failed" + + # limit to single as reported by jforman on irc + emake -j1 || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + + dodir /var/log/snort/ + keepdir /var/log/snort/ + fowners snort:snort /var/log/snort + + dodir /var/run/snort/ + fowners snort:snort /var/run/snort/ + + dodoc doc/* + dodoc ./RELEASE.NOTES + docinto schemas + dodoc schemas/* + + insinto /etc/snort + doins etc/attribute_table.dtd \ + etc/classification.config \ + etc/gen-msg.map \ + etc/reference.config \ + etc/sid-msg.map \ + etc/threshold.conf \ + etc/unicode.map + + newins etc/snort.conf snort.conf.distrib + + insinto /etc/snort/preproc_rules + doins preproc_rules/decoder.rules \ + preproc_rules/preprocessor.rules + + dodir /etc/snort/rules/ + keepdir /etc/snort/rules/ + + fowners -R snort:snort /etc/snort/ + keepdir /etc/snort/ + + newinitd "${FILESDIR}/snort.rc9" snort + newconfd "${FILESDIR}/snort.confd" snort + +} + +pkg_preinst() { + + #Remove the example dunamic rule + rm "${D}usr/"$(get_libdir)"/snort_dynamicrules/lib_sfdynamic_example_rule.la" + rm "${D}usr/"$(get_libdir)"/snort_dynamicrules/lib_sfdynamic_example_rule.so" + rm "${D}usr/"$(get_libdir)"/snort_dynamicrules/lib_sfdynamic_example_rule.so.0" + rm "${D}usr/"$(get_libdir)"/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0" + + # Make some changes to snort.conf.distrib + + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection + sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \ + "${D}etc/snort/snort.conf.distrib" + + #Set the correct rule location in the config + sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Set the correct preprocessor/decoder rule location in the config + sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Enable the preprocessor/decoder rules + sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \ + "${D}etc/snort/snort.conf.distrib" + sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Just some clean up of trailing /'s in the config + sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \ + "${D}etc/snort/snort.conf.distrib" + sed -i -e 's:snort_dynamicrule/$:snort_dynamicrules:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Make it clear in the config where these are... + sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \ + "${D}etc/snort/snort.conf.distrib" + sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \ + "${D}etc/snort/snort.conf.distrib" + + #Disable all rule files by default. + #Users need to chose what they want enabled. + sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \ + "${D}etc/snort/snort.conf.distrib" + +} + +pkg_postinst() { + einfo + einfo "Snort is a libpcap based packet capture tool which can be used in" + einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion" + einfo "Detection System Mode." + einfo + einfo "To learn more about these modes review the Snort User Manual at..." + einfo + einfo "http://www.snort.org/docs/" + einfo + einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for" + einfo "information on configuring snort." + einfo + einfo "Joining the Snort Users and Snort Sigs mailing list is highly" + einfo "recommended for all users..." + einfo + einfo "http://www.snort.org/community/lists.html" + einfo + elog "Snort-2.8.4-r1 Notes:" + elog "The 'ruleperf' USE flag has been removed. The Snort Dev's have" + elog "included it in the build by default now." + elog + elog "The 'stream4udp' USE flag has been removed. It is no" + elog "longer a valid compile time option." + elog "If you are still using Stream4, you should switch to using Stream5." + elog + elog "/etc/init.d/snort and /etc/conf.d/snort have been updated to" + elog "resolve some bugs with starting and stopping snort." + elog "It is important that you update these when you run 'etc-update'" + elog + elog "The 'community-rules' USE flag has been removed." + elog + elog "We are no longer distributing rule files via the snort ebuild." + elog "There are a couple of reasons for this change..." + elog + elog "1. Rule files are not versioned making it impossible to use" + elog " portage to update them properly." + elog "2. Although some of the rules are still useful, the" + elog " Community Rules are quite old (RELEASED: 2007-04-27) and" + elog " should only be used to supplement the VRT rule set." + elog "3. Sourcefire's VRT rule set requires users to register (for free)" + elog " to download them." + elog "4. Certain versions of Snort require specific rule set versions" + elog " for proper detection and to prevent Snort from breaking." + elog " (See below.)" + elog + elog "To download rules for use with Snort please, see the following" + elog + elog "Sourcefire's VRT Rules and older Community Rules:" + elog "http://www.snort.org/pub-bin/downloads.cgi" + elog + elog "Emerging Threats Rules:" + elog "http://www.emergingthreats.net/" + elog + elog "A good place to put your downloaded rules would be..." + elog "/etc/snort/rules" + elog + elog "To manage updates to your rules please visit..." + elog + elog "http://oinkmaster.sourceforge.net/" + elog + elog "and then 'emerge oinkmaster'." + elog + elog "!!!IMPORTANT!!!" + elog "Users upgrading from versions prior to Snort-2.8.4 and are using" + elog "the dcerpc or dcerpc2 preprocessor in your snort.conf file" + elog "with the netbios rules should be aware of the following" + elog "announcements..." + elog + elog "http://vrt-sourcefire.blogspot.com/2009/04/snort-284-is-nigh.html" + elog "http://vrt-sourcefire.blogspot.com/2009/02/important-snort-rule-changes-and-new.html" + elog +} |