[130021] trunk/dports/net/snort/Portfile

pixilla at macports.org pixilla at macports.org
Wed Dec 24 12:49:31 PST 2014 

Revision: 130021
          https://trac.macports.org/changeset/130021
Author:   pixilla at macports.org
Date:     2014-12-24 12:49:31 -0800 (Wed, 24 Dec 2014)
Log Message:
-----------
net/snort:
- Add maintainer jul_bsd.
- Update version to 2.9.7.0.
- Update master_sites.
- Add mysql variants.
- Fix livecheck.

Modified Paths:
--------------
    trunk/dports/net/snort/Portfile

Modified: trunk/dports/net/snort/Portfile
===================================================================
--- trunk/dports/net/snort/Portfile	2014-12-24 19:23:25 UTC (rev 130020)
+++ trunk/dports/net/snort/Portfile	2014-12-24 20:49:31 UTC (rev 130021)
@@ -1,3 +1,4 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
 # $Id$
 
 PortSystem 1.0
@@ -3,7 +4,7 @@
 
 name             snort
-version          2.9.1.2
+version          2.9.7.0
 categories       net
-maintainers      nomaintainer
+maintainers      yahoo.fr:jul_bsd openmaintainer
 license          GPL-2
 description      Open Source Network Intrusion Detection System
@@ -17,61 +18,164 @@
     attacks, SMB probes, OS fingerprinting attempts, and much more.
 homepage         http://www.snort.org/
 platforms        darwin freebsd
-master_sites     ${homepage}dl/snort-current/
+master_sites     ${homepage}/downloads/snort/
 
-checksums        rmd160  a28ebd59df80884e1554fb75a4279e97b1dd8b32 \
-                 sha256  eac98be8138f9debdcc8f77061dab1950e88fa40c18311ddbab0a329852375f5
+checksums           rmd160  fa49f3660db9ad940c4c9394d823bbb7faf625c1 \
+                    sha256  9738afea45d20b7f77997cc00055e7dd70f6aea0101209d87efec4bc4eace49b
 
 depends_lib      port:daq
 
-startupitem.create  yes
-startupitem.start   "${prefix}/share/${name}/snort.sh"
-startupitem.stop    "/bin/kill \$(cat /var/run/snort_*.pid)"
+#patchfiles       patch-src-strlcatu.h.diff patch-src-strlcpyu.h.diff
 
-variant mysql5 description {mysql 5 support} {
-    depends_lib-append    path:bin/mysql_config5:mysql5
-    configure.args-append   --with-mysql-includes=${prefix}/include/mysql5/mysql \
-                            --with-mysql-libraries=${prefix}/lib/mysql5/mysql
-}
+add_users snort group=snort home=${prefix}/var/snort shell=/sbin/nologin realname=Snort\ user
 
-variant mysql4 description {mysql 4 support} {
-    depends_lib-append    port:mysql4
-    configure.args-append --with-mysql=${prefix}
-}
 
+set if en1
+startupitem.create  yes
+startupitem.executable ${prefix}/bin/${name} -i ${if} -c ${prefix}/etc/snort/snort.conf -l ${prefix}/var/log/snort -u snort -g snort --pid-path ${prefix}/var/run
+startupitem.pidfile "${prefix}/var/run/snort_${if}.pid"
+#startupitem.start   "${prefix}/share/${name}/snort.sh"
+#startupitem.stop    "/bin/kill \$(cat ${prefix}/var/run/snort_*.pid)"
+
+destroot.asroot     yes
 post-destroot {
 # Copy the Snort database schemas
-    xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
-    eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
+#    xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
+#    eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
 
 # Copy Snort's etc/ files
     xinstall -d -m 755 ${destroot}${prefix}/etc/${name}
     eval xinstall [glob ${worksrcpath}/etc/*.map] ${destroot}${prefix}/etc/${name}
     eval xinstall [glob ${worksrcpath}/etc/*.conf*] ${destroot}${prefix}/etc/${name}
-    file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/etc/${name}/snort.conf.dist
+    xinstall -d -m 755 ${destroot}${prefix}/share/examples/${name}
+    file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
 
 # fix snort.conf.dist
-    reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
+    reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
 
+    xinstall -d ${destroot}${prefix}/share/${name}
     xinstall -m 755 ${filespath}/snort.sh \
         ${destroot}${prefix}/share/${name}/snort.sh
     reinplace "s|__PREFIX__|${prefix}|g" \
         ${destroot}${prefix}/share/${name}/snort.sh
+
+    xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules
+    destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules
+    reinplace "s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|" \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|" \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    xinstall -d ${destroot}${prefix}/etc/snort/rules
+    destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules
+    reinplace "s|var RULE_PATH ../rules|var RULE_PATH /rules|" \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    xinstall -d -o snort ${destroot}${prefix}/var/log/snort
+    destroot.keepdirs-append ${destroot}${prefix}/var/log/snort
 }
 
+post-activate {
+    if ![file exists ${prefix}/etc/snort/snort.conf ] {
+        copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf
+    }
+}
+
 notes "
             ***** File locations *****
 
 The Snort database schemas -> ${prefix}/share/${name}/schemas
-The snort.conf sample file -> ${prefix}/etc/${name}/snort.conf.dist (copy to snort.conf)
+The snort.conf sample file -> ${prefix}/share/examples/${name}/snort.conf.dist
+If it doesn't exist before, the sample config is copied to ${prefix}/etc/snort.conf
 
-NOTE: Make sure you do not change the location of the snort.conf file\
-or the startup scripts will not be able to find it.
+NOTE: Make sure you do not change the location of the snort.conf file or the startup scripts will not be able to find it.
+
+Please download rules from https://www.snort.org/snort-rules/#rules either manually or with oinkmaster.
+
+Change at least your HOME_NET in snort.conf and Validate your config with
+    $ snort -T -c ${prefix}/etc/snort/snort.conf
+
+By default ${prefix}/share/${name}/snort.sh is configured to listen only on ${if} interface.
+If you want to listen multiple interface, you need to start one snort instance per interface (or bond them)
+
+    $ grep 'Snort rules read' /var/log/system.log
+    $ egrep '^output' ${prefix}/etc/snort/snort.conf
+If you get empty touched logs, try also to set:
+    ipvar EXTERNAL_NET !\$HOME_NET
+instead of any
+
+You can test that snort is functionning by using those tool:
+ftp http://\$EXTERNAL_HOST/cmd.exe
+ftp http://lteo.net/cmd.exe
+http://testmyids.com
+nmap, IDSWakeup, pytbull, metasploit
+
+To use blacklist/whitelist, see
+http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/
+http://systemnoise.com/wordpress/?p=89
+http://labs.snort.org/iplists/
+
 "
 
+if {![variant_isset mysql51] && ![variant_isset mysql55] && ![variant_isset mariadb] && ![variant_isset percona] } {
+    default_variants +mysql56
+}
+
+variant mysql51 \
+    conflicts mysql55 mysql56 mariadb percona \
+    description "Enable MySQL 5.1 support" {
+
+    depends_lib-append          port:mysql51
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql51/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql51/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql51/mysql"
+}
+
+variant mysql55 \
+    conflicts mysql51 mysql56 mariadb percona \
+    description "Enable MySQL 5.5 support" {
+
+    depends_lib-append          port:mysql55
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql55/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql55/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql55/mysql"
+}
+
+variant mysql56 \
+    conflicts mysql51 mysql55 mariadb percona \
+    description "Enable MySQL 5.6 support" {
+
+    depends_lib-append          port:mysql56
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql56/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql56/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql56/mysql"
+}
+
+variant mariadb \
+    conflicts mysql51 mysql55 mysql56 percona \
+    description "Enable MariaDB (MySQL) support" {
+
+    depends_lib-append          port:mariadb
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mariadb/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mariadb/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mariadb/mysql"
+}
+
+variant percona \
+    conflicts mysql51 mysql55 mysql56 mariadb \
+    description "Enable Percona (MySQL) support" {
+    depends_lib-append          port:percona
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/percona/mysql \
+                            --with-mysql-libraries=${prefix}/lib/percona/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/percona/mysql"
+}
+
 livecheck.type      regex
-livecheck.url       ${homepage}snort-downloads
+livecheck.url       ${homepage}/downloads
 livecheck.regex     >${name}-(\[0-9.\]+)${extract.suffix}<
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20141224/08e2a6ae/attachment.html>

More information about the macports-changes mailing list