Initial import of snort-1.2, a

lightweight network intrusion detection system.

5 files changed, 59 insertions, 0 deletions

diff --git a/security/snort/Makefile b/security/snort/Makefile
new file mode 100644
index 000000000000..08a2d58f5f1b
--- /dev/null
+++ b/security/snort/Makefile
@@ -0,0 +1,25 @@
+# New ports collection makefile for:	snort
+# Version required:	1.2
+# Date created:		Mon Aug  2 12:04:08 CEST 1999
+# Whom:			Dirk Froemberg <dirk@FreeBSD.org>
+#
+# $Id$
+#
+
+DISTNAME=	snort-1.2
+CATEGORIES=	security net
+MASTER_SITES=	http://www.clark.net/~roesch/ \
+		http://www.physik.TU-Berlin.DE/~ibex/ports/distfiles/
+
+MAINTAINER=	dirk@FreeBSD.org
+
+GNU_CONFIGURE=	yes
+
+post-install:
+	${MKDIR} ${PREFIX}/share/snort
+.for i in CREDITS RULES.SAMPLE USAGE backdoor-lib misc-lib overflow-lib \
+          scan-lib snort-lib web-lib
+	${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/snort
+.endfor
+
+.include <bsd.port.mk>
diff --git a/security/snort/distinfo b/security/snort/distinfo
new file mode 100644
index 000000000000..ee9836184983
--- /dev/null
+++ b/security/snort/distinfo
@@ -0,0 +1 @@
+MD5 (snort-1.2.tar.gz) = 5cc7f80915e1f7719bf6a2a310b77948
diff --git a/security/snort/pkg-comment b/security/snort/pkg-comment
new file mode 100644
index 000000000000..2ed409a612f5
--- /dev/null
+++ b/security/snort/pkg-comment
@@ -0,0 +1 @@
+Lightweight network intrusion detection system
diff --git a/security/snort/pkg-descr b/security/snort/pkg-descr
new file mode 100644
index 000000000000..1b98a24f98c0
--- /dev/null
+++ b/security/snort/pkg-descr
@@ -0,0 +1,21 @@
+Snort is a libpcap-based packet sniffer/logger which can be used as a 
+lightweight network intrusion detection system. It features rules based logging
+and can perform content searching/matching in addition to being used to detect 
+a variety of other attacks and probes, such as buffer overflows, stealth port
+scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting 
+capabilty, with alerts being sent to syslog, a seperate "alert" file, or even
+to a Windows computer via Samba.
+
+Packets are logged in their decoded form to directories which are generated
+based upon the IP address of the remote peer.  This allows Snort to be used as
+a sort of "poor man's intrusion detection system" if you specify what traffic
+you want to record and what to let through.
+
+For instance, I use it to record traffic of interest to the six computers in 
+my office at work while I'm away on travel or gone for the weekend.  It's 
+also nice for debugging network code since it shows you most of the Important 
+Stuff(TM) about your packets (as I see it anyway).  The code is pretty easy
+to modify to provide more complete packet decoding, so feel free to make 
+suggestions.
+
+WWW: http://http://www.clark.net/~roesch/security.html
diff --git a/security/snort/pkg-plist b/security/snort/pkg-plist
new file mode 100644
index 000000000000..aeb9624f7993
--- /dev/null
+++ b/security/snort/pkg-plist
@@ -0,0 +1,11 @@
+bin/snort
+share/snort/CREDITS
+share/snort/RULES.SAMPLE
+share/snort/USAGE
+share/snort/backdoor-lib
+share/snort/misc-lib
+share/snort/overflow-lib
+share/snort/scan-lib
+share/snort/snort-lib
+share/snort/web-lib
+@dirrm share/snort