Date: Mon, 23 Oct 2006 21:04:23 -0600 (MDT) From: Nick Rogness <nick@rogness.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: snort-inline-users@lists.sourceforge.net Subject: ports/104730: Port update to security/snort_inline Message-ID: <200610240304.k9O34NYX018814@skywalker.rogness.net> Resent-Message-ID: <200610240310.k9O3AK6e018794@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 104730 >Category: ports >Synopsis: Port update to security/snort_inline >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Oct 24 03:10:20 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Nick Rogness >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD skywalker.rogness.net 5.4-STABLE FreeBSD 5.4-STABLE #0: Mon Jul 11 21:54:56 MDT 2005 nick@skywalker.rogness.net:/usr/src/sys/i386/compile/SKYWALKER i386 >Description: Update port security/snort_inline to version 2.4.5 >How-To-Repeat: Attached Unified diff under Fix >Fix: diff -ruN snort_inline.old/Makefile snort_inline/Makefile --- snort_inline.old/Makefile Fri May 12 22:15:15 2006 +++ snort_inline/Makefile Mon Oct 23 20:16:34 2006 @@ -2,23 +2,19 @@ # Date created: 4 March 2005 # Whom: nick@rogness.net # -# $FreeBSD: ports/security/snort_inline/Makefile,v 1.4 2006/05/13 04:15:15 edwin Exp $ +# $FreeBSD: ports/security/snort_inline/Makefile,v 1.3 2005/11/14 17:07:04 sem Exp $ # PORTNAME= snort_inline -PORTVERSION= 2.3.0 -PORTREVISION= 1 +PORTVERSION= 2.4.5 CATEGORIES= security MASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/ -DISTNAME= snort_inline-2.3.0-RC1 MAINTAINER= nick@rogness.net COMMENT= An inline IPS system based on snort using ipfw LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre -WRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1 - USE_GPG= yes SIG_SUFFIX= .asc GNU_CONFIGURE= yes @@ -26,9 +22,7 @@ CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} CONFIGURE_ARGS+= --enable-inline --enable-ipfw -BUILD_DEPENDS+= libnet*<=1.1.0,1:${PORTSDIR}/net/libnet10 -CONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \ - --with-libnet-libraries=${LOCALBASE}/lib +LIB_DEPENDS+= dnet:${PORTSDIR}/net/libdnet .if defined(WITH_MYSQL) USE_MYSQL= yes @@ -55,14 +49,20 @@ CONFIGURE_ARGS+= --with-postgresql=no .endif -MAN8= snort.8 +MAN8= snort.8 snort_inline.8 DOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \ doc/README* doc/TODO doc/USAGE doc/*.pdf +RULE_PATH= ${DATADIR}/rules + USE_RC_SUBR= snort.sh post-patch: ${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c + ${REINPLACE_CMD} "s,/etc/snort_inline/drop-rules,${RULE_PATH}," ${WRKSRC}/etc/snort_inline.conf + ${REINPLACE_CMD} "s,$RULE_PATH/classification.config,${DATADIR}/classification.config," ${WRKSRC}/etc/snort_inline.conf + ${REINPLACE_CMD} "s,$RULE_PATH/reference.config,${DATADIR}/reference.config," ${WRKSRC}/etc/snort_inline.conf + ${REINPLACE_CMD} -e "s/^unicode.map/\/usr\/local\/share\/snort_inline\/unicode.map/" ${WRKSRC}/etc/snort_inline.conf pre-configure: @${ECHO} "" @@ -72,7 +72,7 @@ post-install: @${MKDIR} ${DATADIR} - ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR} + @${MKDIR} ${RULE_PATH} ${INSTALL_DATA} ${WRKSRC}/etc/classification.config \ ${DATADIR}/classification.config-sample [ -f ${DATADIR}/classification.config ] || \ @@ -82,7 +82,13 @@ ${DATADIR}/reference.config-sample [ -f ${DATADIR}/reference.config ] || \ ${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config -.for f in snort.conf snort_inline.conf unicode.map threshold.conf + ${INSTALL_DATA} ${WRKSRC}/etc/threshold.conf \ + ${DATADIR}/threshold.conf-sample + [ -f ${DATADIR}/threshold.conf ] || \ + ${CP} ${DATADIR}/threshold.conf-sample ${DATADIR}/threshold.conf + ${INSTALL_DATA} ${WRKSRC}/etc/unicode.map \ + ${DATADIR}/unicode.map +.for f in snort.conf snort_inline.conf ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample [ -f ${PREFIX}/etc/${f} ] || \ ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f} diff -ruN snort_inline.old/distinfo snort_inline/distinfo --- snort_inline.old/distinfo Mon Jan 23 18:03:27 2006 +++ snort_inline/distinfo Wed Jun 7 18:12:19 2006 @@ -1,3 +1,3 @@ -MD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419 -SHA256 (snort_inline-2.3.0-RC1.tar.gz) = 46027eeb583dd2efa1ca724948a84fd79d320a0f04df4befde27688c4f7995dc -SIZE (snort_inline-2.3.0-RC1.tar.gz) = 2742898 +MD5 (snort_inline-2.4.5.tar.gz) = 6fbc46cb339cd9f7b9699104b9a99b1a +SHA256 (snort_inline-2.4.5.tar.gz) = c417dd23d06d468f0fc5d2cc4f9d1022db5b02a9a77d702f8e24261f0a433651 +SIZE (snort_inline-2.4.5.tar.gz) = 3019957 diff -ruN snort_inline.old/files/snort.sh.in snort_inline/files/snort.sh.in --- snort_inline.old/files/snort.sh.in Mon Feb 20 13:47:40 2006 +++ snort_inline/files/snort.sh.in Wed Jun 7 18:09:58 2006 @@ -4,7 +4,7 @@ # PROVIDE: snort # REQUIRE: DAEMON # BEFORE: LOGIN -# KEYWORD: shutdown +# KEYWORD: FreeBSD shutdown # Add the following lines to /etc/rc.conf to enable snort: # snort_enable (bool): Set to YES to enable snort @@ -22,7 +22,7 @@ name="snort" rcvar=`set_rcvar` -command="%%PREFIX%%/bin/snort" +command="%%PREFIX%%/bin/snort_inline" load_rc_config $name diff -ruN snort_inline.old/pkg-plist snort_inline/pkg-plist --- snort_inline.old/pkg-plist Sat May 28 05:06:39 2005 +++ snort_inline/pkg-plist Mon Oct 23 20:45:39 2006 @@ -5,11 +5,11 @@ @unexec if [ -f %D/etc/snort_inline.conf ] && cmp -s %D/etc/snort_inline.conf %D/etc/snort_inline.conf-sample; then rm -f %D/etc/snort_inline.conf; fi etc/snort_inline.conf-sample @exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf -@unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi -etc/unicode.map-sample +@unexec if [ -f %B/unicode.map ] && cmp -s %B/unicode.map %B/unicode.map-sample; then rm -f %B/etc/unicode.map; fi +%%DATADIR%%/unicode.map @exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map -@unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi -etc/threshold.conf-sample +@unexec if [ -f %B/threshold.conf ] && cmp -s %B/threshold.conf %B/threshold.conf-sample; then rm -f %B/threshold.conf; fi +%%DATADIR%%/threshold.conf-sample @exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/BUGS @@ -36,63 +36,20 @@ %%PORTDOCS%%%%DOCSDIR%%/README.http_inspect %%PORTDOCS%%%%DOCSDIR%%/README.thresholding %%PORTDOCS%%%%DOCSDIR%%/README.wireless +%%PORTDOCS%%%%DOCSDIR%%/README.NFQUEUE +%%PORTDOCS%%%%DOCSDIR%%/README.clamav +%%PORTDOCS%%%%DOCSDIR%%/README.frag3 %%PORTDOCS%%%%DOCSDIR%%/TODO %%PORTDOCS%%%%DOCSDIR%%/USAGE %%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf %%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf %%PORTDOCS%%@dirrm %%DOCSDIR%% -%%DATADIR%%/attack-responses.rules -%%DATADIR%%/backdoor.rules -%%DATADIR%%/bad-traffic.rules -%%DATADIR%%/chat.rules @unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi %%DATADIR%%/classification.config-sample @exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config -%%DATADIR%%/ddos.rules -%%DATADIR%%/deleted.rules -%%DATADIR%%/dns.rules -%%DATADIR%%/dos.rules -%%DATADIR%%/experimental.rules -%%DATADIR%%/exploit.rules -%%DATADIR%%/finger.rules -%%DATADIR%%/ftp.rules -%%DATADIR%%/icmp-info.rules -%%DATADIR%%/icmp.rules -%%DATADIR%%/imap.rules -%%DATADIR%%/info.rules -%%DATADIR%%/local.rules -%%DATADIR%%/misc.rules -%%DATADIR%%/multimedia.rules -%%DATADIR%%/mysql.rules -%%DATADIR%%/netbios.rules -%%DATADIR%%/nntp.rules -%%DATADIR%%/oracle.rules -%%DATADIR%%/other-ids.rules -%%DATADIR%%/p2p.rules -%%DATADIR%%/policy.rules -%%DATADIR%%/pop2.rules -%%DATADIR%%/pop3.rules -%%DATADIR%%/porn.rules +%%DATADIR%%/classification.config @unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi %%DATADIR%%/reference.config-sample @exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config -%%DATADIR%%/rpc.rules -%%DATADIR%%/rservices.rules -%%DATADIR%%/scan.rules -%%DATADIR%%/shellcode.rules -%%DATADIR%%/smtp.rules -%%DATADIR%%/snmp.rules -%%DATADIR%%/sql.rules -%%DATADIR%%/telnet.rules -%%DATADIR%%/tftp.rules -%%DATADIR%%/virus.rules -%%DATADIR%%/web-attacks.rules -%%DATADIR%%/web-cgi.rules -%%DATADIR%%/web-client.rules -%%DATADIR%%/web-coldfusion.rules -%%DATADIR%%/web-frontpage.rules -%%DATADIR%%/web-iis.rules -%%DATADIR%%/web-misc.rules -%%DATADIR%%/web-php.rules -%%DATADIR%%/x11.rules +@dirrmtry %%DATADIR%%/rules @dirrm %%DATADIR%% >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610240304.k9O34NYX018814>