From owner-svn-ports-all@freebsd.org Tue Aug 30 23:37:49 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9867BBC9DC9; Tue, 30 Aug 2016 23:37:49 +0000 (UTC) (envelope-from woodsb02@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5C24EA3F; Tue, 30 Aug 2016 23:37:49 +0000 (UTC) (envelope-from woodsb02@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7UNbmTe015710; Tue, 30 Aug 2016 23:37:48 GMT (envelope-from woodsb02@FreeBSD.org) Received: (from woodsb02@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7UNbmcT015704; Tue, 30 Aug 2016 23:37:48 GMT (envelope-from woodsb02@FreeBSD.org) Message-Id: <201608302337.u7UNbmcT015704@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: woodsb02 set sender to woodsb02@FreeBSD.org using -f From: Ben Woods Date: Tue, 30 Aug 2016 23:37:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r421135 - in head/security: . snort2pfcd snort2pfcd/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2016 23:37:49 -0000 Author: woodsb02 Date: Tue Aug 30 23:37:47 2016 New Revision: 421135 URL: https://svnweb.freebsd.org/changeset/ports/421135 Log: Add new port security/snort2pfcd, which analyzes snort alert output and blocks ip addresses using pf for a specified period of time. PR: 211813 Submitted by: onestsam@gmail.com Reviewed by: adamw, mat (mentors) Approved by: koobs (mentor) Differential Revision: https://reviews.freebsd.org/D7712 Added: head/security/snort2pfcd/ head/security/snort2pfcd/Makefile (contents, props changed) head/security/snort2pfcd/distinfo (contents, props changed) head/security/snort2pfcd/files/ head/security/snort2pfcd/files/patch-Makefile (contents, props changed) head/security/snort2pfcd/files/snort2pfcd.in (contents, props changed) head/security/snort2pfcd/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Tue Aug 30 21:04:31 2016 (r421134) +++ head/security/Makefile Tue Aug 30 23:37:47 2016 (r421135) @@ -1066,6 +1066,7 @@ SUBDIR += snoopy SUBDIR += snort SUBDIR += snort-rep + SUBDIR += snort2pfcd SUBDIR += snortreport SUBDIR += snortsam SUBDIR += snortsnarf Added: head/security/snort2pfcd/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/Makefile Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,22 @@ +# $FreeBSD$ + +PORTNAME= snort2pfcd +PORTVERSION= 0.5 +CATEGORIES= security +MASTER_SITES= http://www.tworoutes.com/oss/ + +MAINTAINER= onestsam@gmail.com +COMMENT= Snort alert to pf blocker + +LIB_DEPENDS= libcidr.so:devel/libcidr +RUN_DEPENDS= snort:security/snort + +USE_RC_SUBR= snort2pfcd +PLIST_FILES= man/man8/snort2pfcd.8.gz \ + sbin/snort2pfcd + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/snort2pfcd ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_MAN} ${WRKSRC}/snort2pfcd.8.gz ${STAGEDIR}${MAN8PREFIX}/man/man8 + +.include Added: head/security/snort2pfcd/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/distinfo Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,3 @@ +TIMESTAMP = 1472559141 +SHA256 (snort2pfcd-0.5.tar.gz) = ea2f3df7bfbad5ecce7a266df89c4102cf5e92fa72869615925ca15631064dfe +SIZE (snort2pfcd-0.5.tar.gz) = 9321 Added: head/security/snort2pfcd/files/patch-Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/files/patch-Makefile Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,11 @@ +--- Makefile.orig 2016-08-30 14:07:38 UTC ++++ Makefile +@@ -1,7 +1,7 @@ + PROG= snort2pfcd + SRCS= main.c parser.c kevent.c spfc.c ioctl_helpers.c + MAN= ${PROG}.8 +-CFLAGS+=-Wall -Werror -pedantic ++CFLAGS+=-Wall -pedantic -I${LOCALBASE}/include + LDFLAGS+=-lutil -L${LOCALBASE}/lib -lcidr + + .include Added: head/security/snort2pfcd/files/snort2pfcd.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/files/snort2pfcd.in Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,47 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: snort2pfcd +# REQUIRE: DAEMON pf snort +# KEYWORD: shutdown + +. /etc/rc.subr + +name="snort2pfcd" +rcvar=${name}_enable +pidfile="/var/run/${name}.pid" +command="%%PREFIX%%/sbin/${name}" +start_cmd="${name}_start" +stop_cmd="${name}_stop" +required_modules="pf" + +snort2pfcd_start() +{ + echo "Starting ${name}..." + if [ $(sysctl -n kern.securelevel) != "3" ]; then + ${command} ${snort2pfcd_flags} + else + echo "${name} cannot operate on pf at securelevel 3" + fi + + if [ -f ${pidfile} ]; then + echo "${name} successfully started" + else + echo "${name} statup failed" + fi +} + +snort2pfcd_stop() +{ + if [ -f ${pidfile} ]; then + echo "Stopping ${name}..." + kill $(cat ${pidfile}) + rm ${pidfile} + else + echo "${name} is not running?" + fi +} + +load_rc_config ${name} +run_rc_command "$1" Added: head/security/snort2pfcd/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort2pfcd/pkg-descr Tue Aug 30 23:37:47 2016 (r421135) @@ -0,0 +1,3 @@ +Analyzes snort alert output and blocks ip addresses using pf for a specified +period of time. A whitelist is specified in CIDR format to exclude local and +trusted ip address from being blocked.