aboutsummaryrefslogtreecommitdiff
path: root/network/snort
diff options
context:
space:
mode:
authorThomas_York <straterra@fuhell.com>2010-05-12 17:44:12 +0200
committerRobby Workman <rworkman@slackbuilds.org>2010-05-12 17:44:12 +0200
commit253331a788c0b5f75ac7854310db12ad82b35b40 (patch)
treeb2c279ce00fdc3728f8665cce643cb1dda0f8715 /network/snort
parent4d34781f9d03b76829018cbbaaa14076b3fdaf95 (diff)
network/snort: Updated for version 2.8.4.1
Diffstat (limited to 'network/snort')
-rw-r--r--network/snort/README34
-rw-r--r--network/snort/README.SLACKWARE48
-rw-r--r--network/snort/doinst.sh19
-rw-r--r--network/snort/rc.snort53
-rw-r--r--network/snort/slack-desc6
-rw-r--r--network/snort/snort.SlackBuild98
-rw-r--r--network/snort/snort.info10
7 files changed, 196 insertions, 72 deletions
diff --git a/network/snort/README b/network/snort/README
index 6a15d09b62094..52132b6ce9118 100644
--- a/network/snort/README
+++ b/network/snort/README
@@ -3,8 +3,8 @@ is capable of performing real-time traffic analysis, alerting, blocking and
packet logging on IP networks. It utilizes a combination of protocol analysis
and pattern matchingin order to detect a anomalies, misuse and attacks.
Snort uses a flexible rules language to describe activity that can be considered
-malicious or anomalous as well as an analysis engine that incorporates a modular
-plugin architecture. Snort is capable of detecting and responding in real-time,
+malicious or anomalous as well as an analysis engine that incorporates a modular
+plugin architecture. Snort is capable of detecting and responding in real-time,
sending alerts, performing session sniping, logging packets, or dropping
sessions/packets when deployed in-line.
@@ -12,31 +12,5 @@ Snort has three primary functional modes. It can be used as a packet sniffer
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
or as a full blown network intrusion detection and prevention system.
-Please read the snort_manual.pdf file that should be included with this
-distribution for full documentation on the program as well as a guide to
-getting started.
-
-This package builds a very basic snort implimentation useful for monitoring
-traffic as an IDS or packet logger and as a sort of improved tcpdump (which
-is what I use it for). MySQL support is included, so you should have little
-trouble hooking snort up to a database or ACID. For more information on
-these, check out snort's homepage at:
-
- http://www.snort.org/
- http://www.snort.org/docs/
-
-snort.org has a nasty habit of changing the location of their source
-code, which means there's no garauntee that the link in snort.info is
-correct. If you can't get that link to work, look for the source code at:
-
- http://www.snort.org/dl/old/
-
-Please note that this build script disables dynamic plugins. This can be
-easily added by deleting the following line in the script.
-
- --disable-dynamicplugin \
-
-This will put the headers and source for dynamic plugins into /usr/src/snort.
-There is no rc.snort script included with this script at this time, but you
-should have little trouble creating one of your own. Please e-mail me with
-any questions or comments. -- Alan Hicks <alan@lizella.net>
+Note that --libdir seems to be ignored on Slackware64; libraries are installed
+to /usr/lib anyway.
diff --git a/network/snort/README.SLACKWARE b/network/snort/README.SLACKWARE
new file mode 100644
index 0000000000000..05fa4f438ea00
--- /dev/null
+++ b/network/snort/README.SLACKWARE
@@ -0,0 +1,48 @@
+Snort has three primary functional modes. It can be used as a packet sniffer
+like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion detection and prevention system.
+
+Please read the snort_manual.pdf file that should be included with this
+distribution for full documentation on the program as well as a guide to
+getting started.
+
+This package builds a very basic snort implimentation useful for monitoring
+traffic as an IDS or packet logger and as a sort of improved tcpdump (which
+is what I use it for). MySQL support is included, so you should have little
+trouble hooking snort up to a database or ACID. For more information on
+these, check out snort's homepage at:
+
+ http://www.snort.org/
+ http://www.snort.org/docs/
+
+snort.org has a nasty habit of changing the location of their source
+code, which means there's no garauntee that the link in snort.info is
+correct. If you can't get that link to work, look for the source code at:
+
+ http://www.snort.org/dl/old/
+
+In order for Snort to function properly, you need to provide rule files.
+I recommend registering for free at http://www.snorg.org so you can get these
+files. Once you have done that, go to http://snort.org/pub-bin/downloads.cgi
+and get the latest 2.8 series VRT Certified Rules. You need to untar this
+file and place follow files from etc in the tarball in to your /etc/snort
+directory :
+
+generators
+gen-msg.map
+sid
+sid-msg.map
+
+If you are going to use a front end like Base, you should copy the
+dog/signatures directory from the tarball in to
+/usr/doc/snort-$VERSION/ . Last, but certainly not least, you must
+copy the contents of the rules/ directory in the tarball to
+/etc/snort/rules/ . After you've done this, you can safely restart
+snort or send a HUP to snort to reload the files (killall -HUP snort).
+
+A rc.snort file has been included for your convenience, but it needs to be
+added to your init script of choice to run on boot. You should modify the
+variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor.
+This Slackbuild is no longer maintained by Alan Hicks, but rather me
+(Thomas York), so email me instead if you have any questions.
+ --Thomas York (straterra@fuhell.com)
diff --git a/network/snort/doinst.sh b/network/snort/doinst.sh
index f10be9c005d58..fa5bf4b7416e7 100644
--- a/network/snort/doinst.sh
+++ b/network/snort/doinst.sh
@@ -1,18 +1,29 @@
-#!/bin/sh
-
config() {
NEW="$1"
- OLD="`dirname $NEW`/`basename $NEW .new`"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
# If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
- elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
rm $NEW
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
+# Keep same perms on rc.snort.new:
+if [ -e etc/rc.d/rc.snort ]; then
+ cp -a etc/rc.d/rc.snort etc/rc.d/rc.snort.new.incoming
+ cat etc/rc.d/rc.snort.new > etc/rc.d/rc.snort.new.incoming
+ mv etc/rc.d/rc.snort.new.incoming etc/rc.d/rc.snort.new
+fi
+
+config etc/rc.d/rc.snort.new
config etc/snort/snort.conf.new
config etc/snort/reference.config.new
config etc/snort/threshold.conf.new
+config etc/snort/attribute_table.dtd.new
+config etc/snort/classification.config.new
+config etc/snort/gen-msg.map.new
+config etc/snort/sid-msg.map.new
+config etc/snort/unicode.map.new
diff --git a/network/snort/rc.snort b/network/snort/rc.snort
new file mode 100644
index 0000000000000..d91941e8227f4
--- /dev/null
+++ b/network/snort/rc.snort
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Start/stop/restart snort
+
+# This tell snort which interface to listen on (any for every interface)
+IFACE=${IFACE:-any}
+
+# Make sure this matches your IFACE
+PIDFILE=/var/run/snort_$IFACE.pid
+
+# You probably don't want to change this, but in case you do
+LOGDIR="/var/log/snort"
+
+# Probably not this either
+CONF=/etc/snort/snort.conf
+
+# Start snort:
+snort_start() {
+ CMDLINE="/usr/bin/snort -d -D -i $IFACE"
+ echo -n "Starting Snort daemon: $CMDLINE"
+ $CMDLINE --pid-path /var/run --create-pidfile -l $LOGDIR -c $CONF
+ echo
+}
+
+# Stop snort:
+snort_stop() {
+ echo -n "Stopping Snort daemon ($IFACE)..."
+ kill $(cat $PIDFILE)
+ echo
+ sleep 1
+ rm -f $PIDFILE
+}
+
+# Restart snort:
+snort_restart() {
+ snort_stop
+ sleep 1
+ snort_start
+}
+
+case "$1" in
+'start')
+ snort_start
+ ;;
+'stop')
+ snort_stop
+ ;;
+'restart')
+ snort_restart
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
+
diff --git a/network/snort/slack-desc b/network/snort/slack-desc
index cc4035ea3c4dd..4d2f8cc2c8ef7 100644
--- a/network/snort/slack-desc
+++ b/network/snort/slack-desc
@@ -11,9 +11,9 @@ snort:
snort: Snort is an open source network intrusion detection and prevention
snort: system. It is capable of performing real-time traffic analysis,
snort: alerting, blocking and packet logging on IP networks. It utilizes a
-snort: combination of protocol analysis and pattern matchingin order to detect
-snort: anomalies, misuse and attacks.
+snort: combination of protocol analysis and pattern matchingin order to
+snort: detect anomalies, misuse and attacks.
snort: Snort is capable of detecting and responding in real-time, sending
snort: alerts, performing session sniping, logging packets, or dropping
snort: sessions/packets when deployed in-line.
-snort:
+snort:
diff --git a/network/snort/snort.SlackBuild b/network/snort/snort.SlackBuild
index d12fa64d25e6c..7168c20f76c8f 100644
--- a/network/snort/snort.SlackBuild
+++ b/network/snort/snort.SlackBuild
@@ -1,5 +1,7 @@
#!/bin/sh
-# Copyright 2006, Alan Hicks, Lizella, GA
+
+# Copyright 2006-2009, Alan Hicks, Lizella, GA,
+# Copyright 2009, Thomas York, Beech Grove, In.
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -22,65 +24,101 @@
# Modified by the SlackBuilds.org project
PRGNAM=snort
-VERSION=2.6.1.5
+VERSION=2.8.4.1
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
+
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
-PKG=$TMP/pkg-$PRGNAM
+PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
fi
+set -e
+
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
-cd $TMP || exit 1
+cd $TMP
rm -rf $PRGNAM-$VERSION
-tar xzvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1
-cd $PRGNAM-$VERSION || exit 1
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
-# Fix ownership and permissions inside the source tarball.
-# It's appalling how many projects have 777 permissions or
-# even suid, sgid, and sticky bits set on things.
chown -R root:root .
-chmod -R u+w,go+r-w,a-s .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
--sysconfdir=/etc \
+ --mandir=/usr/man \
--localstatedir=/var \
+ --docdir=/usr/doc/$PRGNAM-$VERSION \
--enable-pthread \
--enable-linux-smp-stats \
- --with-mysql=/usr \
- --disable-dynamicplugin \
- || exit 1
-
-make || exit 1
-make install-strip DESTDIR=$PKG || exit 1
-
-if [ -d $PKG/usr/man ]; then
- ( cd $PKG/usr/man
- find . -type f -exec gzip -9 {} \;
- for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
- )
-fi
+ --with-mysql-libraries=/usr/lib${LIBDIRSUFFIX}/mysql \
+ --with-mysql-includes=/usr/include/mysql \
+ --build=$ARCH-slackware-linux
-mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a COPYING ChangeLog LICENSE RELEASE.NOTES doc/* $PKG/usr/doc/$PRGNAM-$VERSION/
-cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+make
+make install-strip DESTDIR=$PKG
-# Setup a sane config directory - snort won't do this on its own
-mkdir -p $PKG/etc/snort
-cat etc/snort.conf > $PKG/etc/snort/snort.conf.new
-cat etc/reference.config > $PKG/etc/snort/reference.config.new
+( cd $PKG/usr/man
+ find . -type f -exec gzip -9 {} \;
+ for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
+)
+
+# Set up a sane config directory - snort won't do this on its own
+mkdir -p $PKG/etc/$PRGNAM
+# Fix paths for libraries in snort.conf
+sed -e 's%usr/local%usr%g' etc/snort.conf > $PKG/etc/snort/snort.conf.new
cat etc/threshold.conf > $PKG/etc/snort/threshold.conf.new
+cat etc/reference.config > $PKG/etc/snort/reference.config.new
+cat etc/classification.config > $PKG/etc/snort/classification.config.new
+cat etc/attribute_table.dtd > $PKG/etc/snort/attribute_table.dtd.new
+cat etc/gen-msg.map > $PKG/etc/snort/gen-msg.map.new
+cat etc/sid-msg.map > $PKG/etc/snort/sid-msg.map.new
+cat etc/unicode.map > $PKG/etc/snort/unicode.map.new
+
+# Create default, empty directory for rules
+mkdir -p $PKG/etc/snort/rules
+mkdir -p $PKG/etc/snort/preproc_rules
+
+# Include the rc.snort file
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.snort > $PKG/etc/rc.d/rc.snort.new
+chmod 0755 $PKG/etc/rc.d/rc.snort.new
+
+# Create directory for logging
+mkdir -p $PKG/var/log/snort
+
+# Bundle the SQL schemas and install the docs
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/schemas
+for file in schemas/create_*; do
+ cat $file > $PKG/usr/doc/$PRGNAM-$VERSION/$file
+done
+cp -a COPYING ChangeLog LICENSE RELEASE.NOTES doc/* \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
+find $PKG/usr/doc -name "Makefile*" -exec rm -f {} \;
+rm -rf $PKG/usr/share
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
diff --git a/network/snort/snort.info b/network/snort/snort.info
index de7b99f3438b1..ca5339190f448 100644
--- a/network/snort/snort.info
+++ b/network/snort/snort.info
@@ -1,8 +1,8 @@
PRGNAM="snort"
-VERSION="2.6.1.5"
+VERSION="2.8.4.1"
HOMEPAGE="http://www.snort.org/"
-DOWNLOAD="http://www.snort.org/dl/old/snort-2.6.1.5.tar.gz"
-MD5SUM="e52a7ea6ba9743a8f8ca397cd26fa1bf"
-MAINTAINER="Alan_Hicks"
-EMAIL="alan@lizella.net"
+DOWNLOAD="http://dl.snort.org/snort-current/snort-2.8.4.1.tar.gz"
+MD5SUM="63f4e76ae96a2d133f4c7b741bad5458"
+MAINTAINER="Thomas_York"
+EMAIL="straterra@fuhell.com"
APPROVED="rworkman"