Menu
▾
▴
Re: [Snort-inline-users] Port update to security/snort_inline
|
From: Nick R. <ni...@ro...> - 2006-10-24 03:11:05
|
Folks, I've submitted the update patch [below] to the FreeBSD team to upgrade the ports version to snort_inline-2.4.5. I cc'd this list so everyone knows where it is at. It's long overdue and I apologize. Cheers! > >>Submitter-Id: current-users >>Originator: Nick Rogness >>Organization: >>Confidential: no >>Synopsis: Port update to security/snort_inline >>Severity: non-critical >>Priority: low >>Category: ports >>Class: maintainer-update >>Release: FreeBSD 5.4-STABLE i386 >>Environment: > System: FreeBSD skywalker.rogness.net 5.4-STABLE FreeBSD 5.4-STABLE #0: > Mon Jul 11 21:54:56 MDT 2005 > ni...@sk...:/usr/src/sys/i386/compile/SKYWALKER i386 > > >>Description: > Update port security/snort_inline to version 2.4.5 > >>How-To-Repeat: > Attached Unified diff under Fix >>Fix: > > > diff -ruN snort_inline.old/Makefile snort_inline/Makefile > --- snort_inline.old/Makefile Fri May 12 22:15:15 2006 > +++ snort_inline/Makefile Mon Oct 23 20:16:34 2006 > @@ -2,23 +2,19 @@ > # Date created: 4 March 2005 > # Whom: ni...@ro... > # > -# $FreeBSD: ports/security/snort_inline/Makefile,v 1.4 2006/05/13 > 04:15:15 edwin Exp $ > +# $FreeBSD: ports/security/snort_inline/Makefile,v 1.3 2005/11/14 > 17:07:04 sem Exp $ > # > > PORTNAME= snort_inline > -PORTVERSION= 2.3.0 > -PORTREVISION= 1 > +PORTVERSION= 2.4.5 > CATEGORIES= security > MASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/ > -DISTNAME= snort_inline-2.3.0-RC1 > > MAINTAINER= ni...@ro... > COMMENT= An inline IPS system based on snort using ipfw > > LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre > > -WRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1 > - > USE_GPG= yes > SIG_SUFFIX= .asc > GNU_CONFIGURE= yes > @@ -26,9 +22,7 @@ > CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} > CONFIGURE_ARGS+= --enable-inline --enable-ipfw > > -BUILD_DEPENDS+= libnet*<=1.1.0,1:${PORTSDIR}/net/libnet10 > -CONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \ > - --with-libnet-libraries=${LOCALBASE}/lib > +LIB_DEPENDS+= dnet:${PORTSDIR}/net/libdnet > > .if defined(WITH_MYSQL) > USE_MYSQL= yes > @@ -55,14 +49,20 @@ > CONFIGURE_ARGS+= --with-postgresql=no > .endif > > -MAN8= snort.8 > +MAN8= snort.8 snort_inline.8 > DOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \ > doc/README* doc/TODO doc/USAGE doc/*.pdf > > +RULE_PATH= ${DATADIR}/rules > + > USE_RC_SUBR= snort.sh > > post-patch: > ${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c > + ${REINPLACE_CMD} "s,/etc/snort_inline/drop-rules,${RULE_PATH}," > ${WRKSRC}/etc/snort_inline.conf > + ${REINPLACE_CMD} > "s,$RULE_PATH/classification.config,${DATADIR}/classification.config," > ${WRKSRC}/etc/snort_inline.conf > + ${REINPLACE_CMD} > "s,$RULE_PATH/reference.config,${DATADIR}/reference.config," > ${WRKSRC}/etc/snort_inline.conf > + ${REINPLACE_CMD} -e > "s/^unicode.map/\/usr\/local\/share\/snort_inline\/unicode.map/" > ${WRKSRC}/etc/snort_inline.conf > > pre-configure: > @${ECHO} "" > @@ -72,7 +72,7 @@ > > post-install: > @${MKDIR} ${DATADIR} > - ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR} > + @${MKDIR} ${RULE_PATH} > ${INSTALL_DATA} ${WRKSRC}/etc/classification.config \ > ${DATADIR}/classification.config-sample > [ -f ${DATADIR}/classification.config ] || \ > @@ -82,7 +82,13 @@ > ${DATADIR}/reference.config-sample > [ -f ${DATADIR}/reference.config ] || \ > ${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config > -.for f in snort.conf snort_inline.conf unicode.map threshold.conf > + ${INSTALL_DATA} ${WRKSRC}/etc/threshold.conf \ > + ${DATADIR}/threshold.conf-sample > + [ -f ${DATADIR}/threshold.conf ] || \ > + ${CP} ${DATADIR}/threshold.conf-sample ${DATADIR}/threshold.conf > + ${INSTALL_DATA} ${WRKSRC}/etc/unicode.map \ > + ${DATADIR}/unicode.map > +.for f in snort.conf snort_inline.conf > ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample > [ -f ${PREFIX}/etc/${f} ] || \ > ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f} > diff -ruN snort_inline.old/distinfo snort_inline/distinfo > --- snort_inline.old/distinfo Mon Jan 23 18:03:27 2006 > +++ snort_inline/distinfo Wed Jun 7 18:12:19 2006 > @@ -1,3 +1,3 @@ > -MD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419 > -SHA256 (snort_inline-2.3.0-RC1.tar.gz) = > 46027eeb583dd2efa1ca724948a84fd79d320a0f04df4befde27688c4f7995dc > -SIZE (snort_inline-2.3.0-RC1.tar.gz) = 2742898 > +MD5 (snort_inline-2.4.5.tar.gz) = 6fbc46cb339cd9f7b9699104b9a99b1a > +SHA256 (snort_inline-2.4.5.tar.gz) = > c417dd23d06d468f0fc5d2cc4f9d1022db5b02a9a77d702f8e24261f0a433651 > +SIZE (snort_inline-2.4.5.tar.gz) = 3019957 > diff -ruN snort_inline.old/files/snort.sh.in > snort_inline/files/snort.sh.in > --- snort_inline.old/files/snort.sh.in Mon Feb 20 13:47:40 2006 > +++ snort_inline/files/snort.sh.in Wed Jun 7 18:09:58 2006 > @@ -4,7 +4,7 @@ > # PROVIDE: snort > # REQUIRE: DAEMON > # BEFORE: LOGIN > -# KEYWORD: shutdown > +# KEYWORD: FreeBSD shutdown > > # Add the following lines to /etc/rc.conf to enable snort: > # snort_enable (bool): Set to YES to enable snort > @@ -22,7 +22,7 @@ > name="snort" > rcvar=`set_rcvar` > > -command="%%PREFIX%%/bin/snort" > +command="%%PREFIX%%/bin/snort_inline" > > load_rc_config $name > > diff -ruN snort_inline.old/pkg-plist snort_inline/pkg-plist > --- snort_inline.old/pkg-plist Sat May 28 05:06:39 2005 > +++ snort_inline/pkg-plist Mon Oct 23 20:45:39 2006 > @@ -5,11 +5,11 @@ > @unexec if [ -f %D/etc/snort_inline.conf ] && cmp -s > %D/etc/snort_inline.conf %D/etc/snort_inline.conf-sample; then rm -f > %D/etc/snort_inline.conf; fi > etc/snort_inline.conf-sample > @exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf > -@unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map > %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi > -etc/unicode.map-sample > +@unexec if [ -f %B/unicode.map ] && cmp -s %B/unicode.map > %B/unicode.map-sample; then rm -f %B/etc/unicode.map; fi > +%%DATADIR%%/unicode.map > @exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map > -@unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf > %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi > -etc/threshold.conf-sample > +@unexec if [ -f %B/threshold.conf ] && cmp -s %B/threshold.conf > %B/threshold.conf-sample; then rm -f %B/threshold.conf; fi > +%%DATADIR%%/threshold.conf-sample > @exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf > %%PORTDOCS%%%%DOCSDIR%%/AUTHORS > %%PORTDOCS%%%%DOCSDIR%%/BUGS > @@ -36,63 +36,20 @@ > %%PORTDOCS%%%%DOCSDIR%%/README.http_inspect > %%PORTDOCS%%%%DOCSDIR%%/README.thresholding > %%PORTDOCS%%%%DOCSDIR%%/README.wireless > +%%PORTDOCS%%%%DOCSDIR%%/README.NFQUEUE > +%%PORTDOCS%%%%DOCSDIR%%/README.clamav > +%%PORTDOCS%%%%DOCSDIR%%/README.frag3 > %%PORTDOCS%%%%DOCSDIR%%/TODO > %%PORTDOCS%%%%DOCSDIR%%/USAGE > %%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf > %%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf > %%PORTDOCS%%@dirrm %%DOCSDIR%% > -%%DATADIR%%/attack-responses.rules > -%%DATADIR%%/backdoor.rules > -%%DATADIR%%/bad-traffic.rules > -%%DATADIR%%/chat.rules > @unexec if [ -f %B/classification.config ] && cmp -s > %B/classification.config %B/classification.config-sample; then rm -f > %B/classification.config; fi > %%DATADIR%%/classification.config-sample > @exec [ -f %B/classification.config ] || cp %B/%f > %B/classification.config > -%%DATADIR%%/ddos.rules > -%%DATADIR%%/deleted.rules > -%%DATADIR%%/dns.rules > -%%DATADIR%%/dos.rules > -%%DATADIR%%/experimental.rules > -%%DATADIR%%/exploit.rules > -%%DATADIR%%/finger.rules > -%%DATADIR%%/ftp.rules > -%%DATADIR%%/icmp-info.rules > -%%DATADIR%%/icmp.rules > -%%DATADIR%%/imap.rules > -%%DATADIR%%/info.rules > -%%DATADIR%%/local.rules > -%%DATADIR%%/misc.rules > -%%DATADIR%%/multimedia.rules > -%%DATADIR%%/mysql.rules > -%%DATADIR%%/netbios.rules > -%%DATADIR%%/nntp.rules > -%%DATADIR%%/oracle.rules > -%%DATADIR%%/other-ids.rules > -%%DATADIR%%/p2p.rules > -%%DATADIR%%/policy.rules > -%%DATADIR%%/pop2.rules > -%%DATADIR%%/pop3.rules > -%%DATADIR%%/porn.rules > +%%DATADIR%%/classification.config > @unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config > %B/reference.config-sample; then rm -f %B/reference.config; fi > %%DATADIR%%/reference.config-sample > @exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config > -%%DATADIR%%/rpc.rules > -%%DATADIR%%/rservices.rules > -%%DATADIR%%/scan.rules > -%%DATADIR%%/shellcode.rules > -%%DATADIR%%/smtp.rules > -%%DATADIR%%/snmp.rules > -%%DATADIR%%/sql.rules > -%%DATADIR%%/telnet.rules > -%%DATADIR%%/tftp.rules > -%%DATADIR%%/virus.rules > -%%DATADIR%%/web-attacks.rules > -%%DATADIR%%/web-cgi.rules > -%%DATADIR%%/web-client.rules > -%%DATADIR%%/web-coldfusion.rules > -%%DATADIR%%/web-frontpage.rules > -%%DATADIR%%/web-iis.rules > -%%DATADIR%%/web-misc.rules > -%%DATADIR%%/web-php.rules > -%%DATADIR%%/x11.rules > +@dirrmtry %%DATADIR%%/rules > @dirrm %%DATADIR%% > > > Nick Rogness <ni...@ro...> |
