Index: head/security/snort/Makefile =================================================================== --- head/security/snort/Makefile (revision 489610) +++ head/security/snort/Makefile (revision 489611) @@ -1,130 +1,132 @@ # Created by: Dirk Froemberg # $FreeBSD$ PORTNAME= snort PORTVERSION= 2.9.12 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://snort.org/downloads/snort/ \ ZI PATCH_DIST_STRIP= -p1 MAINTAINER= zi@FreeBSD.org COMMENT= Lightweight network intrusion detection system LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE +BUILD_DEPENDS= daq>=2.0.0:net/daq LIB_DEPENDS= libpcre.so:devel/pcre \ libdnet.so:net/libdnet \ libpcap.so:net/libpcap - -BUILD_DEPENDS= daq>=2.0.0:net/daq RUN_DEPENDS= daq>=2.0.0:net/daq +USES= cpe libtool pathfix shebangfix ssl +USE_RC_SUBR= snort +USE_LDCONFIG= yes + +SUB_FILES= pkg-message +SHEBANG_FILES= tools/appid_detector_builder.sh +GNU_CONFIGURE= yes +MAKE_JOBS_UNSAFE= yes + +RULES_DIR= ${ETCDIR}/rules +PREPROC_RULE_DIR= ${ETCDIR}/preproc_rules +LOGS_DIR= /var/log/snort + +CONFLICTS_INSTALL= snort3-3.* + OPTIONS_DEFINE= IPV6 GRE HA NORMALIZER DOCS APPID \ PERFPROFILE LRGPCAP SOURCEFIRE NONETHER \ FILEINSPECT OPTIONS_GROUP= ADDONS DEV OPTIONS_GROUP_ADDONS= BARNYARD PULLEDPORK OPTIONS_GROUP_DEV= DBGSNORT OPTIONS_SUB= yes OPTIONS_DEFAULT= GRE NORMALIZER BARNYARD \ PERFPROFILE SOURCEFIRE PULLEDPORK GRE_DESC= GRE support IPV6_DESC= IPv6 in snort.conf LRGPCAP_DESC= Pcaps larger than 2GB NONETHER_DESC= Non-Ethernet Decoders NORMALIZER_DESC= Normalizer PERFPROFILE_DESC= Performance profiling SOURCEFIRE_DESC= Sourcefire recommended build options TARGETBASED_DESC= Targetbased support APPID_DESC= Build with application id support (EXPERIMENTAL) HA_DESC= Enable high-availability state sharing (EXPERIMENTAL) FILEINSPECT_DESC= Build with extended file inspection features (EXPERIMENTAL) ADDONS_DESC= Depend on 3rd party addons BARNYARD_DESC= Depend on barnyard2 (supports also snortsam) PULLEDPORK_DESC= Depend on pulledpork DEV_DESC= Developer options DBGSNORT_DESC= Enable debugging symbols+core dumps DBGSNORT_CONFIGURE_ENABLE= corefiles debug DBGSNORT_MAKE_ENV= DONTSTRIP="yes" GRE_CONFIGURE_ENABLE= gre LRGPCAP_CONFIGURE_ENABLE= large-pcap NONETHER_CONFIGURE_ENABLE= non-ether-decoders NORMALIZER_CONFIGURE_ENABLE= normalizer PERFPROFILE_CONFIGURE_ENABLE= perfprofiling ppm SOURCEFIRE_CONFIGURE_ENABLE= sourcefire APPID_CONFIGURE_ENABLE= open-appid HA_CONFIGURE_ENABLE= ha FILEINSPECT_CONFIGURE_ENABLE= file-inspect BARNYARD_RUN_DEPENDS= barnyard2:security/barnyard2 PULLEDPORK_RUN_DEPENDS= pulledpork.pl:security/pulledpork APPID_LIB_DEPENDS= libluajit-5.1.so:lang/luajit APPID_CONFIGURE_ENV+= luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.0" \ luajit_LIBS="-L${LOCALBASE}/lib -lluajit-5.1" .include - -USE_RC_SUBR= snort -SUB_FILES= pkg-message - -USES= cpe libtool pathfix shebangfix ssl -SHEBANG_FILES= tools/appid_detector_builder.sh -GNU_CONFIGURE= yes -USE_LDCONFIG= yes -MAKE_JOBS_UNSAFE= yes - -RULES_DIR= ${ETCDIR}/rules -PREPROC_RULE_DIR= ${ETCDIR}/preproc_rules -LOGS_DIR= /var/log/snort CONFIG_FILES= classification.config gen-msg.map reference.config \ snort.conf threshold.conf unicode.map file_magic.conf DOCS= RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \ doc/README* doc/USAGE doc/*.pdf PREPROC_RULES= decoder.rules preprocessor.rules sensitive-data.rules CFLAGS+= -fstack-protector CONFIGURE_ARGS+=--enable-reload \ --enable-mpls --enable-targetbased \ --enable-reload-error-restart post-patch: @${REINPLACE_CMD} "s,/etc/snort.conf,${ETCDIR}/snort.conf," \ ${WRKSRC}/src/snort.c ${WRKSRC}/snort.8 @${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' \ -e '/ipvar HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' \ -e '/^# include .PREPROC_RULE/s/# include/include/' \ ${WRKSRC}/etc/snort.conf # IPv6 is no longer a ./configure option! .if ! ${PORT_OPTIONS:MIPV6} @${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/' \ -e '/normalize_icmp6/s/^preprocessor/#preprocessor/' \ ${WRKSRC}/etc/snort.conf .endif post-build: @${FIND} ${WRKSRC}/src -name '*.0' -type f -exec ${STRIP_CMD} {} \; post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${RULES_DIR} ${STAGEDIR}${LOGS_DIR} \ ${STAGEDIR}${PREPROC_RULE_DIR} ${STAGEDIR}${DOCSDIR} .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${STAGEDIR}${ETCDIR}/${f}-sample .endfor .for f in ${PREPROC_RULES} ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${STAGEDIR}${PREPROC_RULE_DIR}/${f}-sample .endfor (cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}) .include Index: head/security/snort/files/patch-etc__snort.conf =================================================================== --- head/security/snort/files/patch-etc__snort.conf (revision 489610) +++ head/security/snort/files/patch-etc__snort.conf (revision 489611) @@ -1,15 +1,15 @@ ---- ./etc/snort.conf.orig 2010-03-19 20:41:00.000000000 +0100 -+++ ./etc/snort.conf 2010-04-27 22:26:53.000000000 +0200 +--- ./etc/snort.conf.orig 2010-03-19 21:41:00 UTC ++++ ./etc/snort.conf @@ -57,9 +57,9 @@ # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules -var RULE_PATH ../rules -var SO_RULE_PATH ../so_rules -var PREPROC_RULE_PATH ../preproc_rules +var RULE_PATH ./rules +var SO_RULE_PATH ./so_rules +var PREPROC_RULE_PATH ./preproc_rules ################################################### # Step #2: Configure the decoder. For more information, see README.decode