[24203] trunk/dports/net/snort
source_changes at macosforge.org
source_changes at macosforge.org
Wed Apr 18 22:52:09 PDT 2007
Revision: 24203
http://trac.macosforge.org/projects/macports/changeset/24203
Author: markd at macports.org
Date: 2007-04-18 22:52:07 -0700 (Wed, 18 Apr 2007)
Log Message:
-----------
Update to 2.6.1.4. Disable preprocessors until someone finds out how to
enable them by default.
Modified Paths:
--------------
trunk/dports/net/snort/Portfile
Added Paths:
-----------
trunk/dports/net/snort/files/patch-etc-snort.conf
Modified: trunk/dports/net/snort/Portfile
===================================================================
--- trunk/dports/net/snort/Portfile 2007-04-19 05:26:38 UTC (rev 24202)
+++ trunk/dports/net/snort/Portfile 2007-04-19 05:52:07 UTC (rev 24203)
@@ -1,8 +1,8 @@
-# $Id$
+# $Id:
PortSystem 1.0
name snort
-version 2.6.1.3
+version 2.6.1.4
categories net
maintainers nomaintainer at macports.org
description Open Source Network Intrusion Detection System
@@ -17,9 +17,10 @@
platforms darwin freebsd
master_sites ${homepage}dl/current/ \
${homepage}dl/old/
-checksums sha1 cb944d74ab6c254f88d356d45e4492ba560dfc3c
+checksums sha1 2709f1ef0953029a8b9a23c94dea81bcd42b2906
+patchfiles patch-etc-snort.conf
depends_lib port:pcre
-configure.args --mandir=${prefix}/share/man
+configure.args --mandir=${prefix}/share/man --disable-dynamicplugin
variant mysql5 {
depends_lib-append port:mysql5
@@ -39,16 +40,15 @@
}
post-destroot {
-# Copy the Snort database schemas and sample snort.conf
+# Copy the Snort database schemas
xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
- xinstall -d -m 755 ${destroot}${prefix}/etc/${name}
- xinstall -m 755 ${worksrcpath}/etc/snort.conf ${destroot}${prefix}/etc/${name}/snort.conf.sample
-# Copy other useful files
+# Copy Snort's etc/ files
xinstall -d -m 755 ${destroot}${prefix}/etc/${name}
eval xinstall [glob ${worksrcpath}/etc/*.map] ${destroot}${prefix}/etc/${name}
- eval xinstall [glob ${worksrcpath}/etc/*.conf*] ${destroot}${prefix}/etc/${name}
+ eval xinstall [glob ${worksrcpath}/etc/*.conf] ${destroot}${prefix}/etc/${name}
+ file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/etc/${name}/snort.conf.dist
if { [variant_isset server] } {
xinstall -m 755 ${portpath}/${filesdir}/snort.sh \
Added: trunk/dports/net/snort/files/patch-etc-snort.conf
===================================================================
--- trunk/dports/net/snort/files/patch-etc-snort.conf (rev 0)
+++ trunk/dports/net/snort/files/patch-etc-snort.conf 2007-04-19 05:52:07 UTC (rev 24203)
@@ -0,0 +1,207 @@
+--- etc/snort.conf.org 2007-03-22 10:34:21.000000000 -0700
++++ etc/snort.conf 2007-04-18 21:48:31.000000000 -0700
+@@ -194,7 +194,7 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++# dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+@@ -204,7 +204,7 @@
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++# dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+@@ -235,7 +235,7 @@
+ #
+ # See README.flow for additional information
+ #
+-preprocessor flow: stats_interval 0 hash 2
++# preprocessor flow: stats_interval 0 hash 2
+
+ # frag2: IP defragmentation support
+ # -------------------------------
+@@ -320,8 +320,8 @@
+ # bind_to 10.3.1.0/24
+ #preprocessor frag3_engine: policy bsd
+
+-preprocessor frag3_global: max_frags 65536
+-preprocessor frag3_engine: policy first detect_anomalies
++#preprocessor frag3_global: max_frags 65536
++#preprocessor frag3_engine: policy first detect_anomalies
+
+
+ # stream4: stateful inspection/stream reassembly for Snort
+@@ -400,7 +400,7 @@
+ # 13 Stealth scan: SYN-FIN scan
+ # 14 TCP forward overlap
+
+-preprocessor stream4: disable_evasion_alerts
++#preprocessor stream4: disable_evasion_alerts
+
+ # tcp stream reassembly directive
+ # no arguments loads the default configuration
+@@ -436,7 +436,7 @@
+ #
+ # Using the default random flushpoints, the smallest flushpoint is 512,
+ # and the largest is 1725 bytes.
+-preprocessor stream4_reassemble
++#preprocessor stream4_reassemble
+
+ # stream5: Target Based stateful inspection/stream reassembly for Snort
+ # ---------------------------------------------------------------------
+@@ -472,11 +472,11 @@
+ # lots of options available here. See doc/README.http_inspect.
+ # unicode.map should be wherever your snort.conf lives, or given
+ # a full path to where snort can find it.
+-preprocessor http_inspect: global \
+- iis_unicode_map unicode.map 1252
++#preprocessor http_inspect: global \
++# iis_unicode_map unicode.map 1252
+
+-preprocessor http_inspect_server: server default \
+- profile all ports { 80 8080 8180 } oversize_dir_length 500
++#preprocessor http_inspect_server: server default \
++# profile all ports { 80 8080 8180 } oversize_dir_length 500
+
+ #
+ # Example unique server configuration
+@@ -510,7 +510,7 @@
+ # no_alert_incomplete - don't alert when a single segment
+ # exceeds the current packet size
+
+-preprocessor rpc_decode: 111 32771
++#preprocessor rpc_decode: 111 32771
+
+ # bo: Back Orifice detector
+ # -------------------------
+@@ -533,7 +533,7 @@
+ # 3 Back Orifice Server Traffic Detected
+ # 4 Back Orifice Snort Buffer Attack
+
+-preprocessor bo
++#preprocessor bo
+
+ # telnet_decode: Telnet negotiation string normalizer
+ # ---------------------------------------------------
+@@ -568,32 +568,32 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_ftptelnet_preproc.so>
+
+-preprocessor ftp_telnet: global \
+- encrypted_traffic yes \
+- inspection_type stateful
+-
+-preprocessor ftp_telnet_protocol: telnet \
+- normalize \
+- ayt_attack_thresh 200
++#preprocessor ftp_telnet: global \
++# encrypted_traffic yes \
++# inspection_type stateful
++
++#preprocessor ftp_telnet_protocol: telnet \
++# normalize \
++# ayt_attack_thresh 200
+
+ # This is consistent with the FTP rules as of 18 Sept 2004.
+ # CWD can have param length of 200
+ # MODE has an additional mode of Z (compressed)
+ # Check for string formats in USER & PASS commands
+ # Check nDTM commands that set modification time on the file.
+-preprocessor ftp_telnet_protocol: ftp server default \
+- def_max_param_len 100 \
+- alt_max_param_len 200 { CWD } \
+- cmd_validity MODE < char ASBCZ > \
+- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+- chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+- telnet_cmds yes \
+- data_chan
+-
+-preprocessor ftp_telnet_protocol: ftp client default \
+- max_resp_len 256 \
+- bounce yes \
+- telnet_cmds yes
++#preprocessor ftp_telnet_protocol: ftp server default \
++# def_max_param_len 100 \
++# alt_max_param_len 200 { CWD } \
++# cmd_validity MODE < char ASBCZ > \
++# cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
++# chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
++# telnet_cmds yes \
++# data_chan
++
++#preprocessor ftp_telnet_protocol: ftp client default \
++# max_resp_len 256 \
++# bounce yes \
++# telnet_cmds yes
+
+ # smtp: SMTP normalizer, protocol enforcement and buffer overflow
+ # ---------------------------------------------------------------------------
+@@ -611,15 +611,15 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_smtp_preproc.so>
+
+-preprocessor smtp: \
+- ports { 25 } \
+- inspection_type stateful \
+- normalize cmds \
+- normalize_cmds { EXPN VRFY RCPT } \
+- alt_max_command_line_len 260 { MAIL } \
+- alt_max_command_line_len 300 { RCPT } \
+- alt_max_command_line_len 500 { HELP HELO ETRN } \
+- alt_max_command_line_len 255 { EXPN VRFY }
++#preprocessor smtp: \
++# ports { 25 } \
++# inspection_type stateful \
++# normalize cmds \
++# normalize_cmds { EXPN VRFY RCPT } \
++# alt_max_command_line_len 260 { MAIL } \
++# alt_max_command_line_len 300 { RCPT } \
++# alt_max_command_line_len 500 { HELP HELO ETRN } \
++# alt_max_command_line_len 255 { EXPN VRFY }
+
+ # sfPortscan
+ # ----------
+@@ -675,7 +675,7 @@
+ # false alerts, especially under heavy load with dropped packets; which is why
+ # the option is off by default.
+ #
+-preprocessor sfportscan: proto { all } \
++#preprocessor sfportscan: proto { all } \
+ memcap { 10000000 } \
+ sense_level { low }
+
+@@ -771,10 +771,10 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_dcerpc_preproc.so>
+
+-preprocessor dcerpc: \
+- autodetect \
+- max_frag_size 3000 \
+- memcap 100000
++#preprocessor dcerpc: \
++# autodetect \
++# max_frag_size 3000 \
++# memcap 100000
+
+ # DNS
+ #----------------------------------------
+@@ -790,9 +790,9 @@
+ # or use commandline option
+ # --dynamic-preprocessor-lib <full path to libsf_dns_preproc.so>
+
+-preprocessor dns: \
+- ports { 53 } \
+- enable_rdata_overflow
++#preprocessor dns: \
++# ports { 53 } \
++# enable_rdata_overflow
+
+ ####################################################################
+ # Step #4: Configure output plugins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-changes/attachments/20070418/2217c2c9/attachment.html
More information about the macports-changes
mailing list