From b90199844d2020969f92b06e70228f7f2c1c9422 Mon Sep 17 00:00:00 2001
From: Muhammad Moinur Rahman <bofh@FreeBSD.org>
Date: Fri, 6 Sep 2019 11:54:16 +0000
Subject: [PATCH] [NEW] security/suricata5: High Performance Network IDS, IPS
 and Security Monitoring engine(v5)

The Suricata Engine is an Open Source Next Generation Intrusion Detection and
Prevention Engine developed by the Open Information Security Foundation (OISF).

This engine is not intended to just replace or emulate the existing tools in
the industry, but will bring new ideas and technologies to the field.

OISF is part of and funded by the Department of Homeland Security's Directorate
for Science and Technology HOST program (Homeland Open Security Technology),
by the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
through the very generous support of the members of the OISF Consortium.

More information about the Consortium is available, as well as a list of our
current Consortium Members.

This is upcoming version 5.

WWW: https://suricata-ids.org
---
 security/Makefile                             |   1 +
 security/suricata5/Makefile                   | 121 ++++++++++++++
 security/suricata5/distinfo                   |   3 +
 .../suricata5/files/ax_check_compile_flag.m4  |  74 +++++++++
 security/suricata5/files/patch-configure.ac   |  15 ++
 security/suricata5/files/pkg-message.in       |  46 ++++++
 security/suricata5/files/suricata.in          |  68 ++++++++
 security/suricata5/pkg-descr                  |  17 ++
 security/suricata5/pkg-plist                  | 154 ++++++++++++++++++
 9 files changed, 499 insertions(+)
 create mode 100644 security/suricata5/Makefile
 create mode 100644 security/suricata5/distinfo
 create mode 100644 security/suricata5/files/ax_check_compile_flag.m4
 create mode 100644 security/suricata5/files/patch-configure.ac
 create mode 100644 security/suricata5/files/pkg-message.in
 create mode 100644 security/suricata5/files/suricata.in
 create mode 100644 security/suricata5/pkg-descr
 create mode 100644 security/suricata5/pkg-plist

diff --git a/security/Makefile b/security/Makefile
index 97bd455db365..f5c336429100 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1261,6 +1261,7 @@
     SUBDIR += sudoscript
     SUBDIR += super
     SUBDIR += suricata
+    SUBDIR += suricata5
     SUBDIR += swatch
     SUBDIR += switzerland
     SUBDIR += symbion-sslproxy
diff --git a/security/suricata5/Makefile b/security/suricata5/Makefile
new file mode 100644
index 000000000000..aae5fc7edf0f
--- /dev/null
+++ b/security/suricata5/Makefile
@@ -0,0 +1,121 @@
+# Created by: Muhammad Moinur Rahman <bofh@FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	suricata
+DISTVERSION=	5.0.0-beta1
+CATEGORIES=	security
+MASTER_SITES=	https://www.openinfosecfoundation.org/download/
+PKGNAMESUFFIX=	5
+
+MAINTAINER=	bofh@FreeBSD.org
+COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine(v5)
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	rustc:lang/${RUST_DEFAULT} \
+		${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
+LIB_DEPENDS=	libjansson.so:devel/jansson \
+		liblz4.so:archivers/liblz4 \
+		libnet.so:net/libnet \
+		libpcre.so:devel/pcre \
+		libyaml.so:textproc/libyaml
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
+
+USES=		autoreconf cpe libtool pkgconfig python
+USE_LDCONFIG=	yes
+USE_PYTHON=	py3kplist
+USE_RC_SUBR=	${PORTNAME}
+
+CONFLICTS_INSTALL=libhtp
+
+GNU_CONFIGURE=	yes
+
+CPE_VENDOR=	openinfosecfoundation
+
+INSTALL_TARGET=	install-strip
+TEST_TARGET=		check
+
+OPTIONS_DEFINE=		GEOIP IPFW NSS PORTS_PCAP PRELUDE REDIS TESTS
+OPTIONS_DEFINE_amd64=	HYPERSCAN
+OPTIONS_DEFAULT=	IPFW HYPERSCAN
+OPTIONS_SUB=		yes
+
+OPTIONS_RADIO=		SCRIPTS
+OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT
+
+SCRIPTS_DESC=		Scripting
+HYPERSCAN_DESC=		Hyperscan support
+IPFW_DESC=		IPFW and IP Divert support for inline IDP
+LUAJIT_DESC=		LuaJIT scripting support
+LUA_DESC=		LUA scripting support
+NSS_DESC=		File checksums and SSL/TLS fingerprinting
+PORTS_PCAP_DESC=	Use libpcap from ports
+PRELUDE_DESC=		Prelude support for NIDS alerts
+REDIS_DESC=		Redis output support
+TESTS_DESC=		Unit tests in suricata binary
+
+GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
+GEOIP_CONFIGURE_ENABLE=	geoip
+HYPERSCAN_LIB_DEPENDS=	libhs.so:devel/hyperscan
+IPFW_CONFIGURE_ON=	--enable-ipfw
+LUA_USES=		lua:51
+LUA_CONFIGURE_ENABLE=	lua
+LUAJIT_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit
+LUAJIT_CONFIGURE_ENABLE=luajit
+NSS_LIB_DEPENDS=		libnss3.so:security/nss \
+				libnspr4.so:devel/nspr
+NSS_CONFIGURE_ENABLE=		nss nspr
+PORTS_PCAP_LIB_DEPENDS=		libpcap.so.1:net/libpcap
+PORTS_PCAP_CONFIGURE_ON=	--with-libpcap-includes=${LOCALBASE}/include \
+				--with-libpcap-libraries=${LOCALBASE}/lib
+PORTS_PCAP_CONFIGURE_OFF=	--with-libpcap-includes=/usr/include \
+				--with-libpcap-libraries=/usr/lib
+PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude \
+				libgnutls.so:security/gnutls \
+				libgcrypt.so:security/libgcrypt \
+				libgpg-error.so:security/libgpg-error \
+				libltdl.so:devel/libltdl
+PRELUDE_CONFIGURE_ENABLE=	prelude
+REDIS_LIB_DEPENDS=		libhiredis.so:databases/hiredis
+REDIS_CONFIGURE_ENABLE=		hiredis
+TESTS_CONFIGURE_ENABLE=		unittests
+
+SUB_FILES=	pkg-message
+
+CONFIGURE_ARGS+=--enable-gccprotect \
+		--enable-bundled-htp \
+	        --disable-gccmarch-native \
+		--enable-netmap \
+		--disable-af-packet \
+		--disable-nflog \
+		--disable-nfqueue \
+		--disable-pfring \
+		--disable-windivert \
+		--disable-ebpf-build \
+		--disable-ebpf
+
+CONFIG_DIR?=	${ETCDIR}
+CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
+LOGS_DIR?=	/var/log/${PORTNAME}
+
+pre-patch:
+	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
+
+post-patch:
+	@${REINPLACE_CMD} -e "/AC_PATH_PROGS.*HAVE_PYTHON/ s/python[^,]*,/${PYTHON_VERSION},/g" \
+		${WRKSRC}/configure.ac
+	@${REINPLACE_CMD} -e "s|GeoIP.h|maxminddb.h|g" \
+		${WRKSRC}/configure.ac
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${CONFIG_DIR}
+	@${MKDIR} ${STAGEDIR}${LOGS_DIR}
+.for f in ${CONFIG_FILES}
+	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
+.endfor
+	(cd ${STAGEDIR}${PREFIX} \
+	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
+	-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})
+
+.include <bsd.port.mk>
diff --git a/security/suricata5/distinfo b/security/suricata5/distinfo
new file mode 100644
index 000000000000..c0527b5be1a0
--- /dev/null
+++ b/security/suricata5/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1567633319
+SHA256 (suricata-5.0.0-beta1.tar.gz) = 5b8398676a598caf003dd2d8573d276385594277f4c5f09e26059a8252d993d5
+SIZE (suricata-5.0.0-beta1.tar.gz) = 15649004
diff --git a/security/suricata5/files/ax_check_compile_flag.m4 b/security/suricata5/files/ax_check_compile_flag.m4
new file mode 100644
index 000000000000..51df0c09a7a8
--- /dev/null
+++ b/security/suricata5/files/ax_check_compile_flag.m4
@@ -0,0 +1,74 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 3
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
diff --git a/security/suricata5/files/patch-configure.ac b/security/suricata5/files/patch-configure.ac
new file mode 100644
index 000000000000..6469c5417da0
--- /dev/null
+++ b/security/suricata5/files/patch-configure.ac
@@ -0,0 +1,15 @@
+--- configure.ac.orig	2017-02-15 07:54:17 UTC
++++ configure.ac
+@@ -935,8 +935,10 @@
+             AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),,[enable_prelude=no])
+     # Prelude doesn't work with -Werror
+     STORECFLAGS="${CFLAGS}"
+-    CFLAGS="${CFLAGS} -Wno-error=unused-result"
+-
++    AX_CHECK_COMPILE_FLAG([-Wno-error=unused-result], 
++        [CFLAGS="${CFLAGS} -Wno-error=unused-result"],
++        [])
++       
+     AS_IF([test "x$enable_prelude" = "xyes"], [
+         AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
+         if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
diff --git a/security/suricata5/files/pkg-message.in b/security/suricata5/files/pkg-message.in
new file mode 100644
index 000000000000..60c8ede06848
--- /dev/null
+++ b/security/suricata5/files/pkg-message.in
@@ -0,0 +1,46 @@
+[
+{ type: install
+  message: <<EOM
+If you want to run Suricata in IDS mode, add to /etc/rc.conf:
+
+	suricata_enable="YES"
+	suricata_interface="<if>"
+
+NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode.
+
+However, if you want to run Suricata in Inline IPS Mode in divert(4) mode,
+add to /etc/rc.conf:
+
+	suricata_enable="YES"
+	suricata_divertport="8000"
+
+NOTE:
+	Suricata won't start in IDS mode without an interface configured.
+	Therefore if you omit suricata_interface from rc.conf, FreeBSD's
+	rc.d/suricata will automatically try to start Suricata in IPS Mode
+	(on divert port 8000, by default).
+
+Alternatively, if you want to run Suricata in Inline IPS Mode in high-speed
+netmap(4) mode, add to /etc/rc.conf:
+
+	suricata_enable="YES"
+	suricata_netmap="YES"
+
+NOTE:
+	Suricata requires additional interface settings in the configuration
+	file to run in netmap(4) mode.
+
+RULES: Suricata IDS/IPS Engine comes without rules by default. You should
+add rules by yourself and set an updating strategy. To do so, please visit:
+
+ http://www.openinfosecfoundation.org/documentation/rules.html
+ http://www.openinfosecfoundation.org/documentation/emerging-threats.html
+
+You may want to try BPF in zerocopy mode to test performance improvements:
+
+	sysctl -w net.bpf.zerocopy_enable=1
+
+Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf
+EOM
+}
+]
diff --git a/security/suricata5/files/suricata.in b/security/suricata5/files/suricata.in
new file mode 100644
index 000000000000..895c5e345a6c
--- /dev/null
+++ b/security/suricata5/files/suricata.in
@@ -0,0 +1,68 @@
+#!/bin/sh
+# $FreeBSD: head/security/suricata/files/suricata.in 454649 2017-11-21 18:55:28Z zeising $
+
+# PROVIDE: suricata
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable suricata:
+# suricata_enable (bool):	Set to YES to enable suricata
+# 				Default: NO
+# suricata_flags (str):		Extra flags passed to suricata
+#				Default: -D
+# suricata_interface (str):	Network interface(s) to sniff
+#				Default: "" 
+# suricata_conf (str):		Suricata configuration file
+#				Default: ${PREFIX}/etc/suricata/suricata.yaml
+# suricata_divertport (int):	Port to create divert socket (Inline Mode)
+#				Default: 8000
+# suricata_netmap (str):	Set to YES to enable netmap (Inline Mode)
+#				Default: NO
+# suricata_user (str):		Set the user to run suricata as
+#				Default: root
+# suricata_pidfile (str):	Pidfile to store pid of suricata process
+#				Default: /var/run/suricata.pid
+
+. /etc/rc.subr
+
+name="suricata"
+rcvar=suricata_enable
+
+start_precmd="suricata_prestart"
+command="%%PREFIX%%/bin/suricata"
+
+load_rc_config $name
+
+[ -z "$suricata_enable" ]	&& suricata_enable="NO"
+[ -z "$suricata_conf" ]		&& suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
+[ -z "$suricata_flags" ]	&& suricata_flags="-D"
+[ -z "$suricata_divertport" ]	&& suricata_divertport="8000"
+[ -z "$suricata_netmap" ]	&& suricata_netmap="NO"
+[ -z "$suricata_user" ]		&& suricata_user="root"
+[ -z "$suricata_pidfile" ]	&& suricata_pidfile="/var/run/suricata.pid"
+
+if [ -n "$suricata_interface" ]; then
+	for interface in $suricata_interface; do
+		suricata_flags="$suricata_flags --pcap=$interface"
+	done
+elif [ "$suricata_netmap" != "NO" ]; then
+	suricata_flags="$suricata_flags --netmap"
+else
+	suricata_flags="$suricata_flags -d $suricata_divertport"
+	info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
+fi
+
+pidfile=$suricata_pidfile
+suricata_flags="$suricata_flags --pidfile $pidfile"
+
+[ -n "$suricata_conf" ]	&& suricata_flags="$suricata_flags -c $suricata_conf"
+
+suricata_prestart()
+{
+	if ! run_rc_command status > /dev/null; then
+		rm -f "$pidfile"
+	fi
+}
+
+run_rc_command "$1"
diff --git a/security/suricata5/pkg-descr b/security/suricata5/pkg-descr
new file mode 100644
index 000000000000..9bab4ae33cf5
--- /dev/null
+++ b/security/suricata5/pkg-descr
@@ -0,0 +1,17 @@
+The Suricata Engine is an Open Source Next Generation Intrusion Detection and
+Prevention Engine developed by the Open Information Security Foundation (OISF).
+
+This engine is not intended to just replace or emulate the existing tools in
+the industry, but will bring new ideas and technologies to the field.
+
+OISF is part of and funded by the Department of Homeland Security's Directorate
+for Science and Technology HOST program (Homeland Open Security Technology),
+by the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
+through the very generous support of the members of the OISF Consortium.
+
+More information about the Consortium is available, as well as a list of our
+current Consortium Members.
+
+This is upcoming version 5.
+
+WWW: https://suricata-ids.org
diff --git a/security/suricata5/pkg-plist b/security/suricata5/pkg-plist
new file mode 100644
index 000000000000..acf5f604edc6
--- /dev/null
+++ b/security/suricata5/pkg-plist
@@ -0,0 +1,154 @@
+bin/suricata
+bin/suricata-update
+bin/suricatactl
+bin/suricatasc
+include/htp/bstr.h
+include/htp/bstr_builder.h
+include/htp/htp.h
+include/htp/htp_base64.h
+include/htp/htp_config.h
+include/htp/htp_connection_parser.h
+include/htp/htp_core.h
+include/htp/htp_decompressors.h
+include/htp/htp_hooks.h
+include/htp/htp_list.h
+include/htp/htp_multipart.h
+include/htp/htp_table.h
+include/htp/htp_transaction.h
+include/htp/htp_urlencoded.h
+include/htp/htp_utf8_decoder.h
+include/htp/htp_version.h
+lib/libhtp.a
+lib/libhtp.so
+lib/libhtp.so.2
+lib/libhtp.so.2.0.0
+libdata/pkgconfig/htp.pc
+man/man1/suricata.1.gz
+%%DOCSDIR%%/AUTHORS
+%%DOCSDIR%%/Basic_Setup.txt
+%%DOCSDIR%%/GITGUIDE
+%%DOCSDIR%%/INSTALL
+%%DOCSDIR%%/INSTALL.PF_RING
+%%DOCSDIR%%/INSTALL.WINDOWS
+%%DOCSDIR%%/NEWS
+%%DOCSDIR%%/README
+%%DOCSDIR%%/Setting_up_IPSinline_for_Linux.txt
+%%DOCSDIR%%/TODO
+%%DOCSDIR%%/Third_Party_Installation_Guides.txt
+%%PYTHON_SITELIBDIR%%/suricata-5.0.0_beta1-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/suricata/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/config/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/config/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/config/defaults.py
+%%PYTHON_SITELIBDIR%%/suricata/config/defaults.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/filestore.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/filestore.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/loghandler.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/loghandler.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/main.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/main.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/test_filestore.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/test_filestore.pyc
+%%PYTHON_SITELIBDIR%%/suricata/sc/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/sc/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/sc/__pycache__/specs.cpython-36.pyc
+%%PYTHON_SITELIBDIR%%/suricata/sc/specs.py
+%%PYTHON_SITELIBDIR%%/suricata/sc/suricatasc.py
+%%PYTHON_SITELIBDIR%%/suricata/sc/suricatasc.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/addsource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/addsource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/disablesource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/disablesource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/enablesource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/enablesource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listenabledsources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listenabledsources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listsources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listsources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/removesource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/removesource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/updatesources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/updatesources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/argparse.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/argparse.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/ordereddict.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/ordereddict.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/config.py
+%%PYTHON_SITELIBDIR%%/suricata/update/config.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/disable.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/drop.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/enable.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/modify.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/threshold.in
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/update.yaml
+%%PYTHON_SITELIBDIR%%/suricata/update/data/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/data/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/data/index.py
+%%PYTHON_SITELIBDIR%%/suricata/update/data/index.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/data/update.py
+%%PYTHON_SITELIBDIR%%/suricata/update/data/update.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/engine.py
+%%PYTHON_SITELIBDIR%%/suricata/update/engine.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/exceptions.py
+%%PYTHON_SITELIBDIR%%/suricata/update/exceptions.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/extract.py
+%%PYTHON_SITELIBDIR%%/suricata/update/extract.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/loghandler.py
+%%PYTHON_SITELIBDIR%%/suricata/update/loghandler.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/main.py
+%%PYTHON_SITELIBDIR%%/suricata/update/main.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/maps.py
+%%PYTHON_SITELIBDIR%%/suricata/update/maps.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/net.py
+%%PYTHON_SITELIBDIR%%/suricata/update/net.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/notes.py
+%%PYTHON_SITELIBDIR%%/suricata/update/notes.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/rule.py
+%%PYTHON_SITELIBDIR%%/suricata/update/rule.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/sources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/sources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/util.py
+%%PYTHON_SITELIBDIR%%/suricata/update/util.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/version.py
+%%PYTHON_SITELIBDIR%%/suricata/update/version.pyc
+%%PYTHON_SITELIBDIR%%/suricata_update-1.0.5-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
+%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
+@sample %%ETCDIR%%/classification.config.sample
+@sample %%ETCDIR%%/reference.config.sample
+@sample %%ETCDIR%%/suricata.yaml.sample
+@sample %%ETCDIR%%/threshold.config.sample
+%%DATADIR%%/rules/app-layer-events.rules
+%%DATADIR%%/rules/decoder-events.rules
+%%DATADIR%%/rules/dnp3-events.rules
+%%DATADIR%%/rules/dns-events.rules
+%%DATADIR%%/rules/files.rules
+%%DATADIR%%/rules/http-events.rules
+%%DATADIR%%/rules/ipsec-events.rules
+%%DATADIR%%/rules/kerberos-events.rules
+%%DATADIR%%/rules/modbus-events.rules
+%%DATADIR%%/rules/nfs-events.rules
+%%DATADIR%%/rules/ntp-events.rules
+%%DATADIR%%/rules/smb-events.rules
+%%DATADIR%%/rules/smtp-events.rules
+%%DATADIR%%/rules/stream-events.rules
+%%DATADIR%%/rules/tls-events.rules
+@dir %%DATADIR%%
+@dir %%ETCDIR%%
+@dir include/htp
+@dir(root,wheel,0700) /var/log/suricata
+@postunexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/%%ETCDIR%%`` to remove configuration files."; fi
+@dir %%DOCSDIR%%