aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorpav <pav@FreeBSD.org>2005-05-28 19:06:39 +0800
committerpav <pav@FreeBSD.org>2005-05-28 19:06:39 +0800
commitd62ba3afc9b60b5b50a0981c2271f3421367cebf (patch)
treeec0d4ca049380d562fc4c3e58672f28249daaca9 /security
parentee53ca51eccc36f84d72f4f1033f4f63022ee06c (diff)
downloadfreebsd-ports-gnome-d62ba3afc9b60b5b50a0981c2271f3421367cebf.tar.gz
freebsd-ports-gnome-d62ba3afc9b60b5b50a0981c2271f3421367cebf.tar.zst
freebsd-ports-gnome-d62ba3afc9b60b5b50a0981c2271f3421367cebf.zip
An inline IPS system based on snort using ipfw.
PR: ports/81378 Submitted by: Nick Rogness <nick@rogness.net>
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/snort_inline/Makefile97
-rw-r--r--security/snort_inline/distinfo1
-rw-r--r--security/snort_inline/files/snort.sh.in36
-rw-r--r--security/snort_inline/pkg-descr8
-rw-r--r--security/snort_inline/pkg-message24
-rw-r--r--security/snort_inline/pkg-plist98
7 files changed, 265 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index cd9980d5bd38..991aa02aa092 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -466,6 +466,7 @@
SUBDIR += sniff
SUBDIR += snort
SUBDIR += snort-rep
+ SUBDIR += snort_inline
SUBDIR += snortreport
SUBDIR += snortsnarf
SUBDIR += spike-proxy
diff --git a/security/snort_inline/Makefile b/security/snort_inline/Makefile
new file mode 100644
index 000000000000..f09c2b4c35dc
--- /dev/null
+++ b/security/snort_inline/Makefile
@@ -0,0 +1,97 @@
+# New ports collection makefile for: snort_inline
+# Date created: 4 March 2005
+# Whom: nick@rogness.net
+#
+# $FreeBSD$
+#
+
+PORTNAME= snort_inline
+PORTVERSION= 2.3.0
+CATEGORIES= security
+MASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/
+DISTNAME= snort_inline-2.3.0-RC1
+
+MAINTAINER= nick@rogness.net
+COMMENT= An inline IPS system based on snort using ipfw
+
+LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre
+
+WRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1
+
+USE_GPG= yes
+SIG_SUFFIX= .asc
+USE_REINPLACE= yes
+GNU_CONFIGURE= yes
+CONFIGURE_ENV= LDFLAGS="${LDFLAGS}"
+CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+CONFIGURE_ARGS+= --enable-inline --enable-ipfw
+
+BUILD_DEPENDS+= ${LOCALBASE}/lib/libnet.a:${PORTSDIR}/net/libnet
+CONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \
+ --with-libnet-libraries=${LOCALBASE}/lib
+
+.if defined(WITH_MYSQL)
+USE_MYSQL= yes
+CONFIGURE_ARGS+= --with-mysql=${LOCALBASE}
+.else
+CONFIGURE_ARGS+= --with-mysql=no
+.endif
+
+.if defined(WITH_ODBC)
+LIB_DEPENDS+= odbc.1:${PORTSDIR}/databases/unixODBC
+CONFIGURE_ARGS+= --with-odbc=${LOCALBASE}
+LDFLAGS+= ${PTHREAD_LIBS}
+.else
+CONFIGURE_ARGS+= --with-odbc=no
+.endif
+
+.if defined(WITH_POSTGRESQL)
+POSTGRESQL_PORT?= databases/postgresql7
+LIB_DEPENDS+= pq.3:${PORTSDIR}/${POSTGRESQL_PORT}
+CONFIGURE_ARGS+= --with-postgresql=${LOCALBASE}
+.if exists(/usr/lib/libssl.a) && exists(/usr/lib/libcrypto.a)
+LDFLAGS+= -lssl -lcrypto
+.endif
+.else
+CONFIGURE_ARGS+= --with-postgresql=no
+.endif
+
+MAN8= snort.8
+DOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \
+ doc/README* doc/TODO doc/USAGE doc/*.pdf
+
+USE_RC_SUBR= snort.sh
+
+post-patch:
+ ${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c
+
+pre-configure:
+ @${ECHO} ""
+ @${ECHO} "Set WITH_MYSQL, WITH_ODBC or WITH_POSTGRESQL"
+ @${ECHO} "to get additional support."
+ @${ECHO} ""
+
+post-install:
+ @${MKDIR} ${DATADIR}
+ ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR}
+ ${INSTALL_DATA} ${WRKSRC}/etc/classification.config \
+ ${DATADIR}/classification.config-sample
+ [ -f ${DATADIR}/classification.config ] || \
+ ${CP} ${DATADIR}/classification.config-sample \
+ ${DATADIR}/classification.config
+ ${INSTALL_DATA} ${WRKSRC}/etc/reference.config \
+ ${DATADIR}/reference.config-sample
+ [ -f ${DATADIR}/reference.config ] || \
+ ${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config
+.for f in snort.conf snort_inline.conf unicode.map threshold.conf
+ ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
+ [ -f ${PREFIX}/etc/${f} ] || \
+ ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
+.endfor
+.if !defined(NOPORTDOCS)
+ @${MKDIR} ${DOCSDIR}
+ cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+.endif
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/snort_inline/distinfo b/security/snort_inline/distinfo
new file mode 100644
index 000000000000..074f4a3518e1
--- /dev/null
+++ b/security/snort_inline/distinfo
@@ -0,0 +1 @@
+MD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419
diff --git a/security/snort_inline/files/snort.sh.in b/security/snort_inline/files/snort.sh.in
new file mode 100644
index 000000000000..f4611981fe3e
--- /dev/null
+++ b/security/snort_inline/files/snort.sh.in
@@ -0,0 +1,36 @@
+#!/bin/sh
+# $Id$
+
+# PROVIDE: snort
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: FreeBSD shutdown
+
+# Add the following lines to /etc/rc.conf to enable snort:
+# snort_enable (bool): Set to YES to enable snort
+# Default: NO
+# snort_flags (str): Extra flags passed to snort
+# Default: -Dq -J 8000
+# snort_interface (str): Network interface to sniff
+# Default: ""
+# snort_conf (str): Snort configuration file
+# Default: ${PREFIX}/etc/snort_inline.conf
+#
+
+. %%RC_SUBR%%
+
+name="snort"
+rcvar=`set_rcvar`
+
+command="%%PREFIX%%/bin/snort"
+
+load_rc_config $name
+
+[ -z "$snort_enable" ] && snort_enable="NO"
+[ -z "$snort_conf" ] && snort_conf="%%PREFIX%%/etc/snort_inline.conf"
+[ -z "$snort_flags" ] && snort_flags="-Dq -J 8000"
+
+[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface"
+[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf"
+
+run_rc_command "$1"
diff --git a/security/snort_inline/pkg-descr b/security/snort_inline/pkg-descr
new file mode 100644
index 000000000000..7ead26910606
--- /dev/null
+++ b/security/snort_inline/pkg-descr
@@ -0,0 +1,8 @@
+snort-inline is a variation of snort that interfaces with the
+IPFW firewall and divert sockets to provide a simple IPS system
+using snort signatures.
+
+WWW: http://freebsd.rogness.net/snort_inline
+
+- Nick Rogness
+nick@rogness.net
diff --git a/security/snort_inline/pkg-message b/security/snort_inline/pkg-message
new file mode 100644
index 000000000000..17bd6382d2ba
--- /dev/null
+++ b/security/snort_inline/pkg-message
@@ -0,0 +1,24 @@
+ ***********************************
+ * !!!!!!!!!!! WARNING !!!!!!!!!!! *
+ ***********************************
+
+snort_inline uses rcNG startup scripts and must be enabled via /etc/rc.conf
+
+Available variables:
+
+ snort_enable (bool): Set to YES to enable snort
+ Default: NO
+ snort_flags (str): Extra flags passed to snort
+ Default: -Dq -J 8000
+ snort_interface (str): Network interface to sniff
+ Default: ""
+ snort_conf (str): Snort configuration file
+ Default: ${PREFIX}/etc/snort_inline.conf
+
+Also, make sure that your kernel is compiled with:
+
+ options IPFIREWALL
+ options IPDIVERT
+
+The default divert port is 8000. See http://freebsd.rogness.net/snort_inline
+for more information.
diff --git a/security/snort_inline/pkg-plist b/security/snort_inline/pkg-plist
new file mode 100644
index 000000000000..d9a148b677bf
--- /dev/null
+++ b/security/snort_inline/pkg-plist
@@ -0,0 +1,98 @@
+bin/snort_inline
+@unexec if [ -f %D/etc/snort.conf ] && cmp -s %D/etc/snort.conf %D/etc/snort.conf-sample; then rm -f %D/etc/snort.conf; fi
+etc/snort.conf-sample
+@exec [ -f %B/snort.conf ] || cp %B/%f %B/snort.conf
+@unexec if [ -f %D/etc/snort_inline.conf ] && cmp -s %D/etc/snort_inline.conf %D/etc/snort_inline.conf-sample; then rm -f %D/etc/snort_inline.conf; fi
+etc/snort_inline.conf-sample
+@exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf
+@unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi
+etc/unicode.map-sample
+@exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map
+@unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi
+etc/threshold.conf-sample
+@exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf
+%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
+%%PORTDOCS%%%%DOCSDIR%%/BUGS
+%%PORTDOCS%%%%DOCSDIR%%/CREDITS
+%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
+%%PORTDOCS%%%%DOCSDIR%%/faq.pdf
+%%PORTDOCS%%%%DOCSDIR%%/faq.tex
+%%PORTDOCS%%%%DOCSDIR%%/NEWS
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.INLINE
+%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP
+%%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS
+%%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK
+%%PORTDOCS%%%%DOCSDIR%%/README.WIN32
+%%PORTDOCS%%%%DOCSDIR%%/README.alert_order
+%%PORTDOCS%%%%DOCSDIR%%/README.csv
+%%PORTDOCS%%%%DOCSDIR%%/README.database
+%%PORTDOCS%%%%DOCSDIR%%/README.event_queue
+%%PORTDOCS%%%%DOCSDIR%%/README.flow
+%%PORTDOCS%%%%DOCSDIR%%/README.flowbits
+%%PORTDOCS%%%%DOCSDIR%%/README.flow-portscan
+%%PORTDOCS%%%%DOCSDIR%%/README.sfportscan
+%%PORTDOCS%%%%DOCSDIR%%/README.asn1
+%%PORTDOCS%%%%DOCSDIR%%/README.http_inspect
+%%PORTDOCS%%%%DOCSDIR%%/README.thresholding
+%%PORTDOCS%%%%DOCSDIR%%/README.wireless
+%%PORTDOCS%%%%DOCSDIR%%/TODO
+%%PORTDOCS%%%%DOCSDIR%%/USAGE
+%%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf
+%%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+%%DATADIR%%/attack-responses.rules
+%%DATADIR%%/backdoor.rules
+%%DATADIR%%/bad-traffic.rules
+%%DATADIR%%/chat.rules
+@unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi
+%%DATADIR%%/classification.config-sample
+@exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config
+%%DATADIR%%/ddos.rules
+%%DATADIR%%/deleted.rules
+%%DATADIR%%/dns.rules
+%%DATADIR%%/dos.rules
+%%DATADIR%%/experimental.rules
+%%DATADIR%%/exploit.rules
+%%DATADIR%%/finger.rules
+%%DATADIR%%/ftp.rules
+%%DATADIR%%/icmp-info.rules
+%%DATADIR%%/icmp.rules
+%%DATADIR%%/imap.rules
+%%DATADIR%%/info.rules
+%%DATADIR%%/local.rules
+%%DATADIR%%/misc.rules
+%%DATADIR%%/multimedia.rules
+%%DATADIR%%/mysql.rules
+%%DATADIR%%/netbios.rules
+%%DATADIR%%/nntp.rules
+%%DATADIR%%/oracle.rules
+%%DATADIR%%/other-ids.rules
+%%DATADIR%%/p2p.rules
+%%DATADIR%%/policy.rules
+%%DATADIR%%/pop2.rules
+%%DATADIR%%/pop3.rules
+%%DATADIR%%/porn.rules
+@unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi
+%%DATADIR%%/reference.config-sample
+@exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config
+%%DATADIR%%/rpc.rules
+%%DATADIR%%/rservices.rules
+%%DATADIR%%/scan.rules
+%%DATADIR%%/shellcode.rules
+%%DATADIR%%/smtp.rules
+%%DATADIR%%/snmp.rules
+%%DATADIR%%/sql.rules
+%%DATADIR%%/telnet.rules
+%%DATADIR%%/tftp.rules
+%%DATADIR%%/virus.rules
+%%DATADIR%%/web-attacks.rules
+%%DATADIR%%/web-cgi.rules
+%%DATADIR%%/web-client.rules
+%%DATADIR%%/web-coldfusion.rules
+%%DATADIR%%/web-frontpage.rules
+%%DATADIR%%/web-iis.rules
+%%DATADIR%%/web-misc.rules
+%%DATADIR%%/web-php.rules
+%%DATADIR%%/x11.rules
+@dirrm %%DATADIR%%