# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id$
PortSystem 1.0
name snort
version 2.9.8.3
categories net
maintainers nomaintainer
license GPL-2
description Open Source Network Intrusion Detection System
long_description \
Snort is an open source network intrusion detection system, capable \
of performing real-time traffic analysis and packet logging on IP \
networks. It can perform protocol analysis, content \
searching/matching and can be used to detect a variety of attacks \
and probes, such as buffer overflows, stealth port scans, CGI \
attacks, SMB probes, OS fingerprinting attempts, and much more.
homepage https://www.snort.org/
platforms darwin freebsd
master_sites ${homepage}downloads/snort/
checksums rmd160 4fcd18bff69c8a80576ee08de76acef220a58fe9 \
sha256 856d02ccec49fa30c920a1e416c47c0d62dd224340a614959ba5c03239100e6a
depends_lib port:daq \
port:openssl
#patchfiles patch-src-strlcatu.h.diff patch-src-strlcpyu.h.diff
add_users snort group=snort home=${prefix}/var/snort shell=/sbin/nologin realname=Snort\ user
set if en1
startupitem.create yes
startupitem.executable ${prefix}/bin/${name} -i ${if} -c ${prefix}/etc/snort/snort.conf -l ${prefix}/var/log/snort -u snort -g snort --pid-path ${prefix}/var/run
startupitem.pidfile "${prefix}/var/run/snort_${if}.pid"
#startupitem.start "${prefix}/share/${name}/snort.sh"
#startupitem.stop "/bin/kill \$(cat ${prefix}/var/run/snort_*.pid)"
destroot.asroot yes
post-destroot {
# Copy the Snort database schemas
# xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
# eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
# Copy Snort's etc/ files
xinstall -d -m 755 ${destroot}${prefix}/etc/${name}
xinstall {*}[glob ${worksrcpath}/etc/*.map] ${destroot}${prefix}/etc/${name}
xinstall {*}[glob ${worksrcpath}/etc/*.conf*] ${destroot}${prefix}/etc/${name}
xinstall -d -m 755 ${destroot}${prefix}/share/examples/${name}
file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
# fix snort.conf.dist
reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
reinplace "s|_LIST_PATH ../rules|_LIST_PATH ${prefix}/etc/snort|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
xinstall -d ${destroot}${prefix}/share/${name}
xinstall -m 755 ${filespath}/snort.sh \
${destroot}${prefix}/share/${name}/snort.sh
reinplace "s|__PREFIX__|${prefix}|g" \
${destroot}${prefix}/share/${name}/snort.sh
xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules
destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules
reinplace "s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|" \
${destroot}${prefix}/share/examples/${name}/snort.conf.dist
reinplace "s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|" \
${destroot}${prefix}/share/examples/${name}/snort.conf.dist
xinstall -d ${destroot}${prefix}/etc/snort/rules
destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules
reinplace "s|var RULE_PATH ../rules|var RULE_PATH /rules|" \
${destroot}${prefix}/share/examples/${name}/snort.conf.dist
xinstall -d -o snort ${destroot}${prefix}/var/log/snort
destroot.keepdirs-append ${destroot}${prefix}/var/log/snort
}
post-activate {
if ![file exists ${prefix}/etc/snort/snort.conf ] {
copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf
system "touch ${prefix}/etc/snort/rules/local.rules"
system "touch ${prefix}/etc/snort/white_list.rules"
system "touch ${prefix}/etc/snort/black_list.rules"
}
}
notes "
***** File locations *****
The Snort database schemas -> ${prefix}/share/${name}/schemas
The snort.conf sample file -> ${prefix}/share/examples/${name}/snort.conf.dist
If it doesn't exist before, the sample config is copied to ${prefix}/etc/snort.conf
NOTE: Make sure you do not change the location of the snort.conf file or the startup scripts will not be able to find it.
*Please download rules from https://www.snort.org/downloads/#rule-downloads either manually or with oinkmaster.*
Oinkmaster is the recommended way with regular updates.
Change at least your HOME_NET in snort.conf and Validate your config with
$ snort -T -c ${prefix}/etc/snort/snort.conf
By default ${prefix}/share/${name}/snort.sh is configured to listen only on ${if} interface.
If you want to listen multiple interface, you need to start one snort instance per interface (or bond them)
$ grep 'Snort rules read' /var/log/system.log
$ egrep '^output' ${prefix}/etc/snort/snort.conf
If you get empty touched logs, try also to set:
ipvar EXTERNAL_NET !\$HOME_NET
instead of any
You can test that snort is functioning by using these tools:
ftp http://\$EXTERNAL_HOST/cmd.exe
ftp http://lteo.net/cmd.exe
http://testmyids.com
nmap, IDSWakeup, pytbull, metasploit
To use blacklist/whitelist, see
http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/
http://systemnoise.com/wordpress/?p=89
http://labs.snort.org/iplists/
"
if {![variant_isset mysql51] && ![variant_isset mysql55] && ![variant_isset mariadb] && ![variant_isset percona] } {
default_variants +mysql56
}
variant mysql51 \
conflicts mysql55 mysql56 mariadb percona \
description "Enable MySQL 5.1 support" {
depends_lib-append port:mysql51
configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config
configure.args-append --with-mysql-includes=${prefix}/include/mysql51/mysql \
--with-mysql-libraries=${prefix}/lib/mysql51/mysql
configure.env CFLAGS="-L${prefix}/lib/mysql51/mysql"
}
variant mysql55 \
conflicts mysql51 mysql56 mariadb percona \
description "Enable MySQL 5.5 support" {
depends_lib-append port:mysql55
configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config
configure.args-append --with-mysql-includes=${prefix}/include/mysql55/mysql \
--with-mysql-libraries=${prefix}/lib/mysql55/mysql
configure.env CFLAGS="-L${prefix}/lib/mysql55/mysql"
}
variant mysql56 \
conflicts mysql51 mysql55 mariadb percona \
description "Enable MySQL 5.6 support" {
depends_lib-append port:mysql56
configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config
configure.args-append --with-mysql-includes=${prefix}/include/mysql56/mysql \
--with-mysql-libraries=${prefix}/lib/mysql56/mysql
configure.env CFLAGS="-L${prefix}/lib/mysql56/mysql"
}
variant mariadb \
conflicts mysql51 mysql55 mysql56 percona \
description "Enable MariaDB (MySQL) support" {
depends_lib-append port:mariadb
configure.env-append MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config
configure.args-append --with-mysql-includes=${prefix}/include/mariadb/mysql \
--with-mysql-libraries=${prefix}/lib/mariadb/mysql
configure.env CFLAGS="-L${prefix}/lib/mariadb/mysql"
}
variant percona \
conflicts mysql51 mysql55 mysql56 mariadb \
description "Enable Percona (MySQL) support" {
depends_lib-append port:percona
configure.env-append MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config
configure.args-append --with-mysql-includes=${prefix}/include/percona/mysql \
--with-mysql-libraries=${prefix}/lib/percona/mysql
configure.env CFLAGS="-L${prefix}/lib/percona/mysql"
}
livecheck.type regex
livecheck.url ${homepage}downloads
livecheck.regex >${name}-(\[0-9.\]+)${extract.suffix}<