Index: branches/2015Q4/security/pulledpork/Makefile =================================================================== --- branches/2015Q4/security/pulledpork/Makefile (revision 400665) +++ branches/2015Q4/security/pulledpork/Makefile (revision 400666) @@ -1,56 +1,60 @@ # Created by: Olli Hauer # $FreeBSD$ PORTNAME= pulledpork PORTVERSION= 0.7.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security -MASTER_SITES= GOOGLE_CODE +MASTER_SITES= GOOGLE_CODE \ + LOCAL/ohauer MAINTAINER= ohauer@FreeBSD.org COMMENT= Script to update snort-2.8+ rules LICENSE= GPLv2 RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \ p5-LWP-Protocol-https>=6.00:${PORTSDIR}/www/p5-LWP-Protocol-https \ - p5-libwww>=0:${PORTSDIR}/www/p5-libwww + p5-libwww>=0:${PORTSDIR}/www/p5-libwww \ + ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss NO_BUILD= yes USES= perl5 shebangfix USE_PERL5= run SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl SUB_FILES= pkg-message OPTIONS_DEFINE= DOCS .include post-patch: @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ -e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \ -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ ${WRKSRC}/etc/pulledpork.conf do-install: ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin @${MKDIR} -m 750 ${STAGEDIR}${ETCDIR} # pulledpork.conf contains the snort user registration key, do not install world readable ${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample @${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} ${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} + +do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} .include Index: branches/2015Q4/security/pulledpork/files/patch-etc__pulledpork.conf =================================================================== --- branches/2015Q4/security/pulledpork/files/patch-etc__pulledpork.conf (revision 400665) +++ branches/2015Q4/security/pulledpork/files/patch-etc__pulledpork.conf (revision 400666) @@ -1,38 +1,57 @@ --- etc/pulledpork.conf.orig 2013-09-11 21:01:05 UTC +++ etc/pulledpork.conf -@@ -121,14 +121,14 @@ config_path=/usr/local/etc/snort/snort.c +@@ -18,13 +18,15 @@ + # i.e. url|tarball|123456789, + rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz| + # NEW Community ruleset: +-rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community ++rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community + # NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST| + # This format MUST be followed to let pulledpork know that this is a blacklist +-rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open ++rule_url=http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open + # URL for rule documentation! (slow to process) + rule_url=https://www.snort.org/reg-rules/|opensource.gz| +-#rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open ++# THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change! ++# and open-nogpl, to avoid conflicts. ++#rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl + # THE FOLLOWING URL is for etpro downloads, note the tarball name change! + # and the et oinkcode requirement! + #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz| +@@ -121,14 +123,14 @@ config_path=/usr/local/etc/snort/snort.c # Define your distro, this is for the precompiled shared object libs! # Valid Distro Types: -# Debian-5-0, Debian-6-0, -# Ubuntu-8.04, Ubuntu-10-4 -# Centos-4-8, Centos-5-4 +# Debian-6-0, Ubuntu-10-4 +# Ubuntu-12-04, Centos-5-4 # FC-12, FC-14, RHEL-5-5, RHEL-6-0 -# FreeBSD-7-3, FreeBSD-8-1 -# OpenBSD-4-8 +# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 +# OpenBSD-5-2, OpenBSD-5-3 +# OpenSUSE-11-4, OpenSUSE-12-1 # Slackware-13-1 -distro=FreeBSD-8.1 +distro=FreeBSD-10-0 ####### This next section is optional, but probably pretty useful to you. ####### Please read thoroughly! -@@ -187,7 +187,7 @@ snort_control=/usr/local/bin/snort_contr +@@ -187,7 +189,7 @@ snort_control=/usr/local/bin/snort_contr # This value MUST contain all 4 minor version # numbers. ET rules are now also dependant on this, verify supported ET versions # prior to simply throwing rubbish in this variable kthx! -# snort_version=2.9.0.0 -+# snort_version=2.9.7.3 ++# snort_version=2.9.7.5 # Here you can specify what rule modification files to run automatically. # simply uncomment and specify the apt path. -@@ -206,4 +206,4 @@ snort_control=/usr/local/bin/snort_contr +@@ -206,4 +208,4 @@ snort_control=/usr/local/bin/snort_contr ####### need to process so_rules, simply comment out the so_rule section ####### you can also specify -T at runtime to process only GID 1 rules. -version=0.7.0 -+version=0.7.1 ++version=0.7.2 Index: branches/2015Q4/security/pulledpork/files/patch-pulledpork.pl =================================================================== --- branches/2015Q4/security/pulledpork/files/patch-pulledpork.pl (revision 400665) +++ branches/2015Q4/security/pulledpork/files/patch-pulledpork.pl (revision 400666) @@ -1,141 +1,298 @@ ---- pulledpork.pl.orig 2015-06-01 19:41:36 UTC +--- pulledpork.pl.orig 2013-09-11 21:01:05 UTC +++ pulledpork.pl @@ -3,7 +3,7 @@ ## pulledpork v(whatever it says below!) ## cummingsj@gmail.com -# Copyright (C) 2009-2013 JJ Cummings and the PulledPork Team! -+# Copyright (C) 2009-2014 JJ Cummings and the PulledPork Team! ++# Copyright (C) 2009-2015 JJ Cummings, Michael Shirk and the PulledPork Team! # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License -@@ -41,16 +41,17 @@ use Data::Dumper; +@@ -41,16 +41,51 @@ use Data::Dumper; # we are gonna need these! my ( $oinkcode, $temp_path, $rule_file, $Syslogging ); -my $VERSION = "PulledPork v0.7.0 - Swine Flu!"; -+my $VERSION = "PulledPork v0.7.1 - Swine Flu with a side of Ebola!"; ++my $VERSION = "PulledPork v0.7.2 - E.Coli in your water bottle!"; my $ua = LWP::UserAgent->new; ++# for certificate validation, check for the operating system ++# and set the path to the certificate store if required. ++my $oSystem = "$^O"; ++my $CAFile = "OS Default"; ++if ($oSystem =~ /freebsd/i) { ++ #Check to ensure the cert file exists ++ if ( -e "/etc/ssl/cert.pem" ) { ++ $CAFile = "/etc/ssl/cert.pem"; ++ if ( -r $CAFile) { ++ $ua->ssl_opts( SSL_ca_file => $CAFile ); ++ } else { ++ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n"; ++ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n") ++ if $Syslogging; ++ exit(1); ++ } ++ #Check for the other location for the cert file ++ } elsif ( -e "/usr/local/share/certs/ca-root-nss.crt" ) { ++ $CAFile = "/usr/local/share/certs/ca-root-nss.crt"; ++ if ( -r $CAFile) { ++ $ua->ssl_opts( SSL_ca_file => $CAFile ); ++ } else { ++ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n"; ++ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n") ++ if $Syslogging; ++ exit(1); ++ } ++ } else { ++ carp "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/share/certs/ca-root-nss.crt) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; ++ syslogit( 'err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n") ++ if $Syslogging; ++ exit(1); ++ } ++} + my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto ); my ( $Output, $Distro, $Snort, $sid_changelog, $ignore_files ); my ( $Snort_config, $Snort_path, $Textonly, $grabonly, $ips_policy, ); my ( $pid_path, $SigHup, $NoDownload, $sid_msg_map, @base_url ); my ( $local_rules, $arch, $docs, @records, $enonly ); my ( $rstate, $keep_rulefiles, $rule_file_path, $prefix, $black_list ); -my ( $Process, $hmatch, $bmatch , $sid_msg_version); +my ( $Process, $hmatch, $bmatch , $sid_msg_version, $skipVerify); my $Sostubs = 1; # verbose and quiet control print() -@@ -144,11 +145,11 @@ sub Help { +@@ -144,11 +179,11 @@ sub Help { -D What Distro are you running on, for the so_rules For latest supported options see http://www.snort.org/snort-rules/shared-object-rules Valid Distro Types: - Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 - Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 - FreeBSD-7-3, FreeBSD-8-1 - OpenBSD-4-8 - Slackware-13-1 + Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 + FC-12, FC-14, RHEL-5-5, RHEL-6-0 + FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 + OpenBSD-5-2, OpenBSD-5-3 + OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 -e Where the enablesid config file lives. -E Write ONLY the enabled rules to the output files. -g grabonly (download tarball rule file(s) and do NOT process) -@@ -176,6 +177,7 @@ sub Help { +@@ -176,6 +211,7 @@ sub Help { -V Print Version and exit -v Verbose mode, you know.. for troubleshooting and such nonsense. -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. + -w Skip the SSL verification (if there are issues pulling down rule files) __EOT exit(0); -@@ -191,7 +193,7 @@ sub pulledpork { +@@ -186,12 +222,12 @@ sub pulledpork { + + print <<__EOT; + +- http://code.google.com/p/pulledpork/ ++ https://github.com/shirkdog/pulledpork + _____ ____ `----,\\ ) `--==\\\\ / $VERSION `--==\\\\/ - .-~~~~-.Y|\\\\_ Copyright (C) 2009-2013 JJ Cummings -+ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2014 JJ Cummings ++ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2015 JJ Cummings \@_/ / 66\\_ cummingsj\@gmail.com | \\ \\ _(\") \\ /-| ||'--' Rules give me wings! -@@ -350,9 +352,27 @@ sub compare_md5 { +@@ -227,7 +263,7 @@ sub rule_extract { + $tar->read( $temp_path . $rule_file ); + $tar->setcwd( cwd() ); + local $Archive::Tar::CHOWN = 0; +- my @ignores = split( /,/, $ignore ); ++ my @ignores = split( /,/, $ignore ) if (defined $ignore); + + foreach (@ignores) { + if ( $_ =~ /\.rules/ ) { +@@ -350,9 +386,27 @@ sub compare_md5 { ## mimic LWP::Simple getstore routine - Thx pkthound! sub getstore { my ( $url, $file ) = @_; - my $request = HTTP::Request->new( GET => $url ); - my $response = $ua->request( $request, $file ); - $response->code; + + # on the first run, the file may not exist, so check. + if ( -e $file) { + # Check to ensure the user has write access to the file + if ( -r $file && -w _) { + my $request = HTTP::Request->new( GET => $url ); + my $response = $ua->request( $request, $file ); + $response->code; + } else { + carp "ERROR: $file is not writable by ".(getpwuid($<))[0]."\n"; + syslogit( 'err|local0', "FATAL: $file is not writable by ".(getpwuid($<))[0]."\n" ) + if $Syslogging; + exit(1); + } + } else { + # The file does not exist, any errors refer to permission issues + my $request = HTTP::Request->new( GET => $url ); + my $response = $ua->request( $request, $file ); + $response->code; + } + } ## time to grab the real 0xb33f -@@ -1507,7 +1527,8 @@ GetOptions( +@@ -527,9 +581,9 @@ sub read_rules { + elsif ( $row !~ /\\$/ && $trk == 1 ) + { # last line of multiline rule here + $record .= $row; +- if ( $record =~ /sid:\s*\d+\s*;/i ) { ++ if ( $record =~ /\ssid:\s*\d+\s*;/i ) { + $sid = $&; +- $sid =~ s/sid:\s*//; ++ $sid =~ s/\ssid:\s*//; + $sid =~ s/\s*;//; + $$hashref{0}{ trim($sid) }{'rule'} = $record; + } +@@ -537,9 +591,9 @@ sub read_rules { + undef $record; + } + else { +- if ( $row =~ /sid:\s*\d+\s*;/i ) { ++ if ( $row =~ /\ssid:\s*\d+\s*;/i ) { + $sid = $&; +- $sid =~ s/sid:\s*//; ++ $sid =~ s/\ssid:\s*//; + $sid =~ s/\s*;//; + $$hashref{0}{ trim($sid) }{'rule'} = $row; + } +@@ -563,13 +617,13 @@ sub read_rules { + $rule = trim($rule); + if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) { + +- if ( $rule =~ /sid:\s*\d+\s*;/i ) { ++ if ( $rule =~ /\ssid:\s*\d+\s*;/i ) { + $sid = $&; +- $sid =~ s/sid:\s*//; ++ $sid =~ s/\ssid:\s*//; + $sid =~ s/\s*;//; +- if ( $rule =~ /gid:\s*\d+/i ) { ++ if ( $rule =~ /\sgid:\s*\d+/i ) { + $gid = $&; +- $gid =~ s/gid:\s*//; ++ $gid =~ s/\sgid:\s*//; + } + else { $gid = 1; } + if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/i ) { +@@ -616,12 +670,12 @@ sub read_rules { + + foreach my $rule (@elements) { + if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) { +- if ( $rule =~ /sid:\s*\d+/ ) { ++ if ( $rule =~ /\ssid:\s*\d+/ ) { + $sid = $&; +- $sid =~ s/sid:\s*//; +- if ( $rule =~ /gid:\s*\d+/i ) { ++ $sid =~ s/\ssid:\s*//; ++ if ( $rule =~ /\sgid:\s*\d+/i ) { + $gid = $&; +- $gid =~ s/gid:\s*//; ++ $gid =~ s/\sgid:\s*//; + } + else { $gid = 1; } + if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/ ) { +@@ -1463,6 +1517,25 @@ sub archive_wanted { + push( @records, $File::Find::name ); + } + ++## Create ignore_files from conf file ++sub get_ignore_files { ++ my ($ignore_conf_file) = @_; ++ my $ignore_list; ++ ++ print "\tReading ignore_file: $ignore_conf_file\n"; ++ ++ # Read ignore file and exclude comments/blank lines ++ open ( FH, '<', $ignore_conf_file ) || croak "Couldn't read $ignore_conf_file $!\n"; ++ while ( ) { ++ chomp; ++ s/#.*//; ++ if ( ! /^\s*$/ ) { $ignore_list .= "$_," }; ++ }; ++ close FH; ++ $ignore_list =~ s/,\s*$//g ; ++ return $ignore_list ++} ++ + ### + ### Main here, let's get on with it already + ### +@@ -1507,7 +1580,8 @@ GetOptions( "u=s" => \@base_url, "V!" => sub { Version() }, "v+" => \$Verbose, - "help|?" => sub { Help() } + "help|?" => sub { Help() }, + "w" => \$skipVerify ); ## Fly piggy fly! -@@ -1533,7 +1554,7 @@ if ( $Verbose && !$Quiet ) { +@@ -1533,7 +1607,7 @@ if ( $Verbose && !$Quiet ) { if ( exists $Config_info{'version'} ) { croak "You are not using the current version of pulledpork.conf!\n", "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" - if $Config_info{'version'} ne "0.7.0"; -+ if $Config_info{'version'} ne "0.7.1"; ++ if $Config_info{'version'} ne "0.7.2"; } else { croak -@@ -1700,6 +1721,7 @@ if ( $Verbose && !$Quiet ) { +@@ -1546,6 +1620,12 @@ else { + $pid_path = ( $Config_info{'pid_path'} ) if exists $Config_info{'pid_path'}; + $ignore_files = ( $Config_info{'ignore'} ) if exists $Config_info{'ignore'}; + ++# Allow ignores to be specified in a file, supercedes the regular ignore config option ++if ( exists $Config_info{'ignore_file'}) ++{ ++ $ignore_files = get_ignore_files($Config_info{'ignore_file'}); ++} ++ + if ($rule_file_path) { + $keep_rulefiles = 1; + } +@@ -1658,6 +1738,8 @@ if ( $Verbose && !$Quiet ) { + print "MISC (CLI and Autovar) Variable Debug:\n"; + if ($Process) { print "\tProcess flag specified!\n"; } + if ($arch) { print "\tarch Def is: $arch\n"; } ++ if ($oSystem) { print "\tOperating System is: $oSystem\n"; } ++ if ($CAFile) { print "\tCA Certificate File is: $CAFile\n"; } + if ($Config_file) { print "\tConfig Path is: $Config_file\n"; } + if ($Distro) { print "\tDistro Def is: $Distro\n"; } + if ($docs) { print "\tDocs Reference Location is: $docs\n"; } +@@ -1700,6 +1782,8 @@ if ( $Verbose && !$Quiet ) { if ($Textonly) { print "\tText Rules only Flag is Set\n"; } if ( $Verbose == 2 ) { print "\tExtra Verbose Flag is Set\n"; } if ($Verbose) { print "\tVerbose Flag is Set\n"; } + if ($skipVerify) { print "\tSSL Hostname Verification disabled\n"; } ++ if ($ignore_files) { print "\tFile(s) to ignore = $ignore_files\n"; } if (@base_url) { print "\tBase URL is: @base_url\n"; } } -@@ -1717,10 +1739,17 @@ if ( !-d $temp_path ) { +@@ -1717,10 +1801,17 @@ if ( !-d $temp_path ) { # Validate sid_msg_map version Help("Please specify version 1 or 2 for sid_msg_version in your config file\n") unless $sid_msg_version =~ /(1|2)/; + # set some UserAgent and other connection configs $ua->agent("$VERSION"); $ua->show_progress(1) if ( $Verbose && !$Quiet ); +# check to see if SSL verfication is disabled +if ($skipVerify) { + $ua->ssl_opts( verify_hostname => 0 ) +} + + # New Settings to allow proxy connections to use proper SSL formating - Thx pkthound! $ua->timeout(60); $ua->cookie_jar( {} ); Index: branches/2015Q4/security/pulledpork/pkg-descr =================================================================== --- branches/2015Q4/security/pulledpork/pkg-descr (revision 400665) +++ branches/2015Q4/security/pulledpork/pkg-descr (revision 400666) @@ -1,21 +1,21 @@ pulledpork is a Perl script which helps to update your Snort 2.9+ rules. -= Features and Capabilities =- * Automated downloading, parsing, state modification and rule modification for all of your snort rulesets. * Checksum verification for all major rule downloads * Automatic generation of updated sid-msg.map file * Capability to include your local.rules in sid-msg.map file * Capability to pull rules tarballs from custom urls * Complete Shared Object support * Capability to download multiple disparate rulesets at once * Maintains accurate changelog * Capability to HUP processes after rules download * Aids in tuning of rulesets * Verbose output so that you know EXACTLY what is happening * Minimal Perl Module dependencies * A sweet smokey flavor throughout the pork! -WWW: http://code.google.com/p/pulledpork/ +WWW: https://github.com/shirkdog/pulledpork/ Index: branches/2015Q4 =================================================================== --- branches/2015Q4 (revision 400665) +++ branches/2015Q4 (revision 400666) Property changes on: branches/2015Q4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r400577