Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Jun 2007 13:47:07 +0900 (JST)
From:      Tomoyuki Sakurai <cherry@trombik.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        clsung@FreeBSD.org
Subject:   ports/113551: [PATCH] security/snort: optional expression support in rc.conf
Message-ID:  <20070611044707.20D6A22DF5@spica.trombik.org>
Resent-Message-ID: <200706110450.l5B4o29v084872@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
>Number:         113551
>Category:       ports
>Synopsis:       [PATCH] security/snort: optional expression support in rc.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 11 04:50:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Tomoyuki Sakurai
>Release:        FreeBSD 6.1-RELEASE-p11 i386
>Organization:
>Environment:
System: FreeBSD spica.trombik.org 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #6: Sun Jan  7 04:14:41 JST
>Description:
With this patch, you can specify optional pcap filter in rc.conf.

Example:
snort_expression="not net after.nat.addr.ess/24"

Port maintainer (clsung@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- snort-2.6.1.4_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/snort/files/snort.sh.in /usr/home/cherry/svn/ports/security/snort/files/snort.sh.in
--- /usr/ports/security/snort/files/snort.sh.in	Fri Sep 22 17:47:25 2006
+++ /usr/home/cherry/svn/ports/security/snort/files/snort.sh.in	Mon Jun 11 13:39:48 2007
@@ -15,6 +15,12 @@
 #				Default: "" 
 # snort_conf (str):		Snort configuration file
 #				Default: ${PREFIX}/etc/snort/snort.conf
+# snort_expression (str):	filter expression
+#				If your expression is very long, set 
+#				kern.ps_arg_cache_limit sysctl variable
+#				to large value. Otherwise, snort won't
+#				restart!
+#				Default: ""
 #
 
 . %%RC_SUBR%%
@@ -33,5 +39,6 @@
 [ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface" \
                           && pidfile="/var/run/snort_${snort_interface}.pid"
 [ -n "$snort_conf" ]      && snort_flags="$snort_flags -c $snort_conf"
+[ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"
 
 run_rc_command "$1"
--- snort-2.6.1.4_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070611044707.20D6A22DF5>