1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
|
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.5.3.ebuild,v 1.5 2011/04/02 12:52:27 ssuominen Exp $
inherit eutils autotools multilib
DESCRIPTION="The de facto standard for intrusion detection/prevention"
HOMEPAGE="http://www.snort.org/"
#SRC_URI="http://dl.snort.org/snort-current/${P}.tar.gz"
SRC_URI="http://download.openpkg.org/components/cache/snort/snort-2.8.5.3.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="static dynamicplugin ipv6 gre mpls targetbased decoder-preprocessor-rules ppm timestats perfprofiling linux-smp-stats inline inline-init-failopen prelude threads debug reload reload-error-restart flexresp flexresp2 react aruba mysql odbc postgres selinux"
#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a
DEPEND="net-libs/libpcap
>=dev-libs/libpcre-6.0
flexresp2? ( dev-libs/libdnet )
flexresp? ( ~net-libs/libnet-1.0.2a )
react? ( ~net-libs/libnet-1.0.2a )
postgres? ( dev-db/postgresql-base )
mysql? ( virtual/mysql )
odbc? ( dev-db/unixODBC )
prelude? ( >=dev-libs/libprelude-0.9.0 )
inline? ( ~net-libs/libnet-1.0.2a net-firewall/iptables )"
RDEPEND="${DEPEND}
dev-lang/perl
selinux? ( sec-policy/selinux-snort )"
pkg_setup() {
if use flexresp && use flexresp2; then
eerror
eerror "You have both the 'flexresp' and 'flexresp2' USE flags set."
eerror "You can use 'flexresp' OR 'flexresp2' but not both."
eerror "flexresp2 is recommended."
die
elif use flexresp && use react; then
eerror
eerror "You have both the 'react' and 'flexresp' USE flags set."
eerror "'react' is enabled automaticly when the 'flexresp'"
eerror "USE flag is set, but ./configure will fail if both are enabled."
eerror
eerror "This is an upstream issue and not a problem with this ebuild."
eerror
eerror "To enable both 'flexresp' and 'react' set USE="flexresp -react""
die
elif use flexresp2 && use react; then
eerror
eerror "You have both the 'react' and 'flexresp2' USE flags set."
eerror "You can use 'react' OR 'flexresp2' but not both."
die
elif use inline-init-failopen && ! use inline; then
eerror
eerror "You have enabled the 'inline-init-failopen' USE flag"
eerror "but not the 'inline' USE flag."
eerror "'inline-init-failopen' requires 'inline' be enabled."
die
elif use reload-error-restart && ! use reload; then
eerror
eerror "You have enabled the 'reload-error-restart' USE flag"
eerror "but not the 'reload' USE flag."
eerror "'reload-error-restart' requires 'reload' be enabled."
die
fi
# pre_inst() is a better place to put this
# but we need it here for the 'fowners' statements in src_install()
enewgroup snort
enewuser snort -1 -1 /dev/null snort
}
src_unpack() {
unpack ${A}
cd "${S}"
# Fix to prevent the docs Makefile from being used.
# Fixes #297190.
einfo "Applying documentation fix."
sed -i -e 's:src doc etc:src etc:g' \
"${WORKDIR}/${P}/Makefile.am" || die "Doc fix Failed"
# Fix to allow parallel building.
# Thanks to Natanael Copa #291558
einfo "Applying parallel building fix."
sed -i -e 's/^all-local:.*/all-local: $(LTLIBRARIES)/' \
src/dynamic-preprocessors/*/Makefile.am \
|| die "parallel builds fix Failed"
#Replaces the libnet-1.0 patch for inline, flexresp, and react
if use flexresp || use react || use inline; then
einfo "Applying libnet-1.0 fix."
sed -i -e 's:libnet.h:libnet-1.0.h:g' \
"${WORKDIR}/${P}/configure.in" \
"${WORKDIR}/${P}/src/detection-plugins/sp_react.c" \
"${WORKDIR}/${P}/src/detection-plugins/sp_respond.c" \
"${WORKDIR}/${P}/src/inline.c" || die "sed for libnet-1.0.h failed"
sed -i -e 's:libnet-config:libnet-1.0-config:g' \
"${WORKDIR}/${P}/configure.in" || die "sed for libnet-1.0-config failed"
sed -i -e 's:-lnet:-lnet-1.0:g' \
"${WORKDIR}/${P}/configure.in" || die "sed for -lnet-1.0 failed"
sed -i -e 's:AC_CHECK_LIB(net:AC_CHECK_LIB(net-1.0:g' \
"${WORKDIR}/${P}/configure.in" || die "sed for net-1.0 failed"
fi
#Multilib fix for the sf_engine
einfo "Applying multilib fix."
sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \
"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
|| die "sed for sf_engine failed"
#Multilib fix for the curent set of dynamic-preprocessors
for i in ftptelnet smtp ssh dcerpc dns ssl dcerpc2; do
sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \
"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
|| die "sed for $i failed."
done
#This sed will prevent the example dynamic code from being compiled/installed
einfo "Disabling sample code."
sed -i -e 's:$(EXAMPLES_DIR)::g' "${WORKDIR}/${P}/src/Makefile.am"
if use prelude; then
einfo "Applying prelude fix."
sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in
fi
AT_M4DIR=m4 eautoreconf
}
src_compile() {
local myconf
#targetbased and inline-init-failopen automaticly enable pthread
if use threads || use targetbased || use inline-init-failopen; then
myconf="${myconf} --enable-pthread"
fi
#Tell flexresp, react, and inline where libipq is
if use flexresp || use react || use inline; then
myconf="${myconf} --with-libipq-includes=/usr/include/libipq"
fi
econf \
$(use_enable !static shared) \
$(use_enable static) \
$(use_enable dynamicplugin) \
$(use_enable ipv6) \
$(use_enable gre) \
$(use_enable mpls) \
$(use_enable targetbased) \
$(use_enable decoder-preprocessor-rules) \
$(use_enable ppm) \
$(use_enable timestats) \
$(use_enable perfprofiling) \
$(use_enable linux-smp-stats) \
$(use_enable inline) \
$(use_enable inline-init-failopen) \
$(use_enable prelude) \
$(use_enable debug) \
$(use_enable reload) \
$(use_enable reload-error-restart) \
$(use_enable flexresp) \
$(use_enable flexresp2) \
$(use_enable react) \
$(use_enable aruba) \
$(use_with mysql) \
$(use_with odbc) \
$(use_with postgres postgresql) \
--disable-ipfw \
--disable-profile \
--disable-ppm-test \
--without-oracle \
${myconf}
emake || die "make failed"
}
src_install() {
emake DESTDIR="${D}" install || die "make install failed"
keepdir /var/log/snort/
fowners snort:snort /var/log/snort
keepdir /var/run/snort/
fowners snort:snort /var/run/snort/
dodoc doc/*
dodoc ./RELEASE.NOTES
docinto schemas
dodoc schemas/*
insinto /etc/snort
doins etc/attribute_table.dtd \
etc/classification.config \
etc/gen-msg.map \
etc/reference.config \
etc/sid-msg.map \
etc/threshold.conf \
etc/unicode.map \
|| die "Failed to add files in /etc/snort"
newins etc/snort.conf snort.conf.distrib
insinto /etc/snort/preproc_rules
doins preproc_rules/decoder.rules \
preproc_rules/preprocessor.rules \
|| die "Failed to add files in /etc/snort/preproc_rules"
keepdir /etc/snort/rules/
keepdir /usr/$(get_libdir)/snort_dynamicrule
fowners -R snort:snort /etc/snort/
if use reload; then
newinitd "${FILESDIR}/snort.reload.rc1" snort \
|| die "Failed to add snort.reload.rc1"
else
newinitd "${FILESDIR}/snort.rc9" snort || die "Failed to add snort.rc9"
fi
newconfd "${FILESDIR}/snort.confd" snort || die "Failed to add snort.confd"
# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \
"${D}etc/snort/snort.conf.distrib"
#Set the correct rule location in the config
sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \
"${D}etc/snort/snort.conf.distrib"
#Set the correct preprocessor/decoder rule location in the config
sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \
"${D}etc/snort/snort.conf.distrib"
#Enable the preprocessor/decoder rules
sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \
"${D}etc/snort/snort.conf.distrib"
sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \
"${D}etc/snort/snort.conf.distrib"
#Just some clean up of trailing /'s in the config
sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \
"${D}etc/snort/snort.conf.distrib"
sed -i -e 's:snort_dynamicrule/$:snort_dynamicrule:g' \
"${D}etc/snort/snort.conf.distrib"
#Make it clear in the config where these are...
sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \
"${D}etc/snort/snort.conf.distrib"
sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \
"${D}etc/snort/snort.conf.distrib"
#Disable all rule files by default.
#Users need to choose what they want enabled.
sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \
"${D}etc/snort/snort.conf.distrib"
}
pkg_postinst() {
einfo
einfo "Snort is a libpcap based packet capture tool which can be used in"
einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion"
einfo "Detection/Prevention System Mode."
einfo
einfo "To learn more about these modes review the Snort User Manual at..."
einfo
einfo "http://www.snort.org/docs/"
einfo
einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for"
einfo "information on configuring snort."
einfo
einfo "Joining the Snort-Users and Snort-Sigs mailing list is highly"
einfo "recommended for all users..."
einfo
einfo "http://www.snort.org/community/mailing-lists/"
einfo
einfo "To download rules for use with Snort please, see the following"
einfo
einfo "Sourcefire's VRT Rules and older Community Rules:"
einfo "http://www.snort.org/pub-bin/downloads.cgi"
einfo
einfo "Emerging Threats Rules:"
einfo "http://www.emergingthreats.net/"
einfo
einfo "To manage updates to your rules please visit..."
einfo
einfo "http://oinkmaster.sourceforge.net/"
einfo
einfo "and then 'emerge oinkmaster'."
elog
elog "Snort-2.8.5.3 Notes:"
elog
elog "Ebuild Notes"
elog "The USE flags 'prelude' and 'ipv6' now work when used together."
elog
elog "Snort Release Notes:"
elog "http://dl.snort.org/snort-current/release_notes_2853.txt"
elog
elog "Make sure to check snort.conf.distrib for new features/options."
elog
}
|