2005-10-18 17:15:04 +02:00
|
|
|
# $NetBSD: Makefile.common,v 1.27 2005/10/18 15:15:04 adrianp Exp $
|
2002-04-15 10:31:14 +02:00
|
|
|
#
|
|
|
|
|
2005-10-18 17:15:04 +02:00
|
|
|
DISTNAME= snort-2.4.3
|
2003-09-23 17:43:50 +02:00
|
|
|
CATEGORIES= net security
|
2005-03-25 19:28:28 +01:00
|
|
|
MASTER_SITES= http://www.snort.org/dl/current/ \
|
2003-09-23 17:43:50 +02:00
|
|
|
ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \
|
|
|
|
ftp://gd.tuwien.ac.at/infosys/security/snort/dl/
|
2002-04-15 10:31:14 +02:00
|
|
|
|
2004-07-01 19:10:22 +02:00
|
|
|
MAINTAINER= adrianp@NetBSD.org
|
2003-09-23 17:43:50 +02:00
|
|
|
HOMEPAGE= http://www.snort.org/
|
2002-04-15 10:31:14 +02:00
|
|
|
|
2003-09-23 17:43:50 +02:00
|
|
|
USE_PKGINSTALL= YES
|
|
|
|
GNU_CONFIGURE= YES
|
2003-03-04 02:02:25 +01:00
|
|
|
|
2003-04-16 17:51:22 +02:00
|
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
2003-03-04 02:02:25 +01:00
|
|
|
CONFIGURE_ARGS+= --with-libpcap-includes=${BUILDLINK_PREFIX.libpcap}/include
|
|
|
|
CONFIGURE_ARGS+= --with-libpcap-libraries=${BUILDLINK_PREFIX.libpcap}/lib
|
|
|
|
|
|
|
|
PKG_SYSCONFSUBDIR= snort
|
|
|
|
|
|
|
|
RCD_SCRIPTS= snort
|
|
|
|
|
|
|
|
SNORT_USER?= snort
|
|
|
|
SNORT_GROUP?= snort
|
|
|
|
PKG_GROUPS= ${SNORT_GROUP}
|
2005-08-23 13:48:47 +02:00
|
|
|
PKG_USERS= ${SNORT_USER}:${SNORT_GROUP}::Snort\ user
|
2003-03-04 02:02:25 +01:00
|
|
|
FILES_SUBST+= SNORT_USER="${SNORT_USER}" SNORT_GROUP="${SNORT_GROUP}"
|
|
|
|
|
2005-04-27 20:36:25 +02:00
|
|
|
OWN_DIRS_PERMS= ${VARBASE}/log/snort ${SNORT_USER} ${SNORT_GROUP} 700
|
2003-03-04 02:02:25 +01:00
|
|
|
CONF_FILES= ${EGDIR}/snort.conf.default \
|
|
|
|
${PKG_SYSCONFDIR}/snort.conf
|
2003-12-31 15:11:42 +01:00
|
|
|
CONF_FILES+= ${EGDIR}/threshold.conf \
|
|
|
|
${PKG_SYSCONFDIR}/threshold.conf
|
2003-03-04 02:02:25 +01:00
|
|
|
CONF_FILES+= ${EGDIR}/classification.config \
|
|
|
|
${PKG_SYSCONFDIR}/classification.config
|
|
|
|
CONF_FILES+= ${EGDIR}/reference.config \
|
|
|
|
${PKG_SYSCONFDIR}/reference.config
|
2005-08-19 20:12:36 +02:00
|
|
|
CONF_FILES+= ${EGDIR}/gen-msg.map \
|
2003-12-31 15:11:42 +01:00
|
|
|
${PKG_SYSCONFDIR}/gen-msg.map
|
2005-08-19 20:12:36 +02:00
|
|
|
CONF_FILES+= ${EGDIR}/generators \
|
2003-12-31 15:11:42 +01:00
|
|
|
${PKG_SYSCONFDIR}/generators
|
2005-08-19 20:12:36 +02:00
|
|
|
CONF_FILES+= ${EGDIR}/sid \
|
2003-12-31 15:11:42 +01:00
|
|
|
${PKG_SYSCONFDIR}/sid
|
2005-08-19 20:12:36 +02:00
|
|
|
CONF_FILES+= ${EGDIR}/sid-msg.map \
|
2003-12-31 15:11:42 +01:00
|
|
|
${PKG_SYSCONFDIR}/sid-msg.map
|
2005-08-19 20:12:36 +02:00
|
|
|
CONF_FILES+= ${EGDIR}/unicode.map \
|
2003-12-31 15:11:42 +01:00
|
|
|
${PKG_SYSCONFDIR}/unicode.map
|
2003-03-04 02:02:25 +01:00
|
|
|
|
|
|
|
EGDIR= ${PREFIX}/share/examples/snort
|
2004-09-21 17:50:26 +02:00
|
|
|
SNORTDIR= ${PREFIX}/share/snort
|
2003-03-04 02:02:25 +01:00
|
|
|
|
2004-07-01 19:10:22 +02:00
|
|
|
SUBST_CLASSES= paths
|
|
|
|
SUBST_STAGE.paths= post-patch
|
Update snort to 2.4.0
If you are using this package make note of the distribution change
mentioned below. I have update the MESSAGE to inform users of this and
there is now also a net/snort-rules package with the community rules.
> [*] Distribution Change
> * Rules are no longer distributed as part of the Snort releases, they are
> available as a separate download from snort.org. This was done for
> three reasons:
> 1) To better manage the new rules licensing.
> 2) To reduce the size of the engine download.
> 3) To move the thousands of documentation files for the rules into
> the rules tarballs. If you've ever checked Snort out of CVS you'll
> know why this is a Good Thing.
>
> [*] New additions
> * Added new IP defragmentation preprocessor, Frag3. The frag3 preprocessor
> is a target-based IP defragmentation module, and is intended as a
> replacement for the frag2 module. Check out the README.frag3 for full
> info on this new preprocessor.
>
> * Libprelude support has been added (enable with --enable-prelude).
> Thanks Yoann Vandoorselaere!
>
> * An "ftpbounce" rule detection plugin was added for easier detection of
> FTP bounce attacks.
>
> * Added a new Snort config option, "ignore_ports," to ignore packets
> based on port number. This is similar to bpf filters, but done within
> snort.conf.
>
> [*] Improvements
> * Snort startup messages printed in syslog now contain a PID before each
> entry. Thanks Sekure for initially bringing this up.
>
> * Stream4: Performance improvements.
>
> * Stream4: Added 'max_session_limit' option which limits number of
> concurrent sessions tracked. Added favor_old/favor_new options that
> affect order in which packets are put together for reassembly.
>
> * Stream4: New configuration options to manage flushpoints for improved
> anti-evasion. The flush_behavior option selects flushpoint management
> mode. New flush_base, flush_range, and flush_seed manage randomized
> flushing. Check out the snort.conf file for full config data on the
> new flush options.
>
> * Added two more alerts for BackOrifice client and server packets. This
> allows specific alerts to be suppressed.
>
> * PerfMon preprocessor updated to include more detailed stats for rebuilt
> packets (applayer, wire, fragmented & TCP). Also added 'atexitonly'
> option that dumps stats at exit of snort, and command line -Z flag to
> specify the file to which stats are logged.
>
> * Added new Http Inspect config item, "tab_uri_delimiter," which if
> specified, lets a tab character (0x09) act as the delimiter for a URI.
>
> * Added a '-G' command line flag to snort that specifies the Snort
> instance log identifier. It takes a single argument that can be either
> hex (prefaced with 0x) or decimal. The unified log files will include
> the instance ID when the -G flag is used.
>
> * "Same SRC/DST" (sid 527) and "Loopback Traffic" (sid 528) are now
> handled in the IP decoder. Those sids are now considered obsolete.
>
> * Http_Inspect "flow_depth" option now accepts a -1 value which tells
> Snort to ignore all server-side traffic.
>
> * RPMs have been updated to be more portable, and also now include a
> "--with inline" option for those wanting to build Inline RPMs. Thanks
> Daniel Wittenberg and JP Vossen for your help!
>
> * Many, many bug fixes have also gone into this release, please see the
> ChangeLog for details.
2005-08-13 21:56:47 +02:00
|
|
|
SUBST_FILES.paths= etc/snort.conf src/snort.c
|
|
|
|
SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g" \
|
|
|
|
-e "s|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g"
|
2004-07-01 19:10:22 +02:00
|
|
|
SUBST_MESSAGE.cgi= "Fixing paths."
|
2002-04-15 10:31:14 +02:00
|
|
|
|
|
|
|
post-install:
|
2004-07-01 19:10:22 +02:00
|
|
|
@${CP} ${WRKSRC}/etc/snort.conf ${WRKSRC}/etc/snort.conf.default
|
2003-03-04 02:02:25 +01:00
|
|
|
${INSTALL_DATA_DIR} ${EGDIR}
|
2003-12-31 15:11:42 +01:00
|
|
|
${INSTALL_DATA} ${WRKSRC}/etc/*.config \
|
|
|
|
${WRKSRC}/etc/*.map \
|
|
|
|
${WRKSRC}/etc/generators \
|
|
|
|
${WRKSRC}/etc/sid \
|
|
|
|
${WRKSRC}/etc/threshold.conf \
|
2004-07-01 19:10:22 +02:00
|
|
|
${WRKSRC}/etc/snort.conf.default ${EGDIR}/
|
2002-04-15 10:31:14 +02:00
|
|
|
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/snort
|
2002-10-13 06:42:12 +02:00
|
|
|
cd ${WRKSRC}/doc ; \
|
2003-07-26 13:13:16 +02:00
|
|
|
for i in `${LS} | ${EGREP} -v "(Makefile|signatures)"` ; do \
|
2002-10-13 06:42:12 +02:00
|
|
|
${INSTALL_DATA} $$i ${PREFIX}/share/doc/snort ; \
|
2002-04-15 10:31:14 +02:00
|
|
|
done
|
|
|
|
${INSTALL_MAN} ${WRKSRC}/snort.8 ${PREFIX}/man/man8
|
2003-12-31 15:11:42 +01:00
|
|
|
|
2004-04-10 05:09:45 +02:00
|
|
|
.include "../../devel/pcre/buildlink3.mk"
|
|
|
|
.include "../../net/libpcap/buildlink3.mk"
|