diff options
author | pav <pav@FreeBSD.org> | 2005-05-28 19:06:39 +0800 |
---|---|---|
committer | pav <pav@FreeBSD.org> | 2005-05-28 19:06:39 +0800 |
commit | d62ba3afc9b60b5b50a0981c2271f3421367cebf (patch) | |
tree | ec0d4ca049380d562fc4c3e58672f28249daaca9 /security | |
parent | ee53ca51eccc36f84d72f4f1033f4f63022ee06c (diff) | |
download | freebsd-ports-gnome-d62ba3afc9b60b5b50a0981c2271f3421367cebf.tar.gz freebsd-ports-gnome-d62ba3afc9b60b5b50a0981c2271f3421367cebf.tar.zst freebsd-ports-gnome-d62ba3afc9b60b5b50a0981c2271f3421367cebf.zip |
An inline IPS system based on snort using ipfw.
PR: ports/81378
Submitted by: Nick Rogness <nick@rogness.net>
Diffstat (limited to 'security')
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/snort_inline/Makefile | 97 | ||||
-rw-r--r-- | security/snort_inline/distinfo | 1 | ||||
-rw-r--r-- | security/snort_inline/files/snort.sh.in | 36 | ||||
-rw-r--r-- | security/snort_inline/pkg-descr | 8 | ||||
-rw-r--r-- | security/snort_inline/pkg-message | 24 | ||||
-rw-r--r-- | security/snort_inline/pkg-plist | 98 |
7 files changed, 265 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index cd9980d5bd38..991aa02aa092 100644 --- a/security/Makefile +++ b/security/Makefile @@ -466,6 +466,7 @@ SUBDIR += sniff SUBDIR += snort SUBDIR += snort-rep + SUBDIR += snort_inline SUBDIR += snortreport SUBDIR += snortsnarf SUBDIR += spike-proxy diff --git a/security/snort_inline/Makefile b/security/snort_inline/Makefile new file mode 100644 index 000000000000..f09c2b4c35dc --- /dev/null +++ b/security/snort_inline/Makefile @@ -0,0 +1,97 @@ +# New ports collection makefile for: snort_inline +# Date created: 4 March 2005 +# Whom: nick@rogness.net +# +# $FreeBSD$ +# + +PORTNAME= snort_inline +PORTVERSION= 2.3.0 +CATEGORIES= security +MASTER_SITES= http://freebsd.rogness.net/ports/snort_inline/ +DISTNAME= snort_inline-2.3.0-RC1 + +MAINTAINER= nick@rogness.net +COMMENT= An inline IPS system based on snort using ipfw + +LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre + +WRKSRC= ${WRKDIR}/snort_inline-2.3.0-RC1 + +USE_GPG= yes +SIG_SUFFIX= .asc +USE_REINPLACE= yes +GNU_CONFIGURE= yes +CONFIGURE_ENV= LDFLAGS="${LDFLAGS}" +CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} +CONFIGURE_ARGS+= --enable-inline --enable-ipfw + +BUILD_DEPENDS+= ${LOCALBASE}/lib/libnet.a:${PORTSDIR}/net/libnet +CONFIGURE_ARGS+= --with-libnet-includes=${LOCALBASE}/include \ + --with-libnet-libraries=${LOCALBASE}/lib + +.if defined(WITH_MYSQL) +USE_MYSQL= yes +CONFIGURE_ARGS+= --with-mysql=${LOCALBASE} +.else +CONFIGURE_ARGS+= --with-mysql=no +.endif + +.if defined(WITH_ODBC) +LIB_DEPENDS+= odbc.1:${PORTSDIR}/databases/unixODBC +CONFIGURE_ARGS+= --with-odbc=${LOCALBASE} +LDFLAGS+= ${PTHREAD_LIBS} +.else +CONFIGURE_ARGS+= --with-odbc=no +.endif + +.if defined(WITH_POSTGRESQL) +POSTGRESQL_PORT?= databases/postgresql7 +LIB_DEPENDS+= pq.3:${PORTSDIR}/${POSTGRESQL_PORT} +CONFIGURE_ARGS+= --with-postgresql=${LOCALBASE} +.if exists(/usr/lib/libssl.a) && exists(/usr/lib/libcrypto.a) +LDFLAGS+= -lssl -lcrypto +.endif +.else +CONFIGURE_ARGS+= --with-postgresql=no +.endif + +MAN8= snort.8 +DOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \ + doc/README* doc/TODO doc/USAGE doc/*.pdf + +USE_RC_SUBR= snort.sh + +post-patch: + ${REINPLACE_CMD} "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/src/snort.c + +pre-configure: + @${ECHO} "" + @${ECHO} "Set WITH_MYSQL, WITH_ODBC or WITH_POSTGRESQL" + @${ECHO} "to get additional support." + @${ECHO} "" + +post-install: + @${MKDIR} ${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/rules/*.rules ${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/etc/classification.config \ + ${DATADIR}/classification.config-sample + [ -f ${DATADIR}/classification.config ] || \ + ${CP} ${DATADIR}/classification.config-sample \ + ${DATADIR}/classification.config + ${INSTALL_DATA} ${WRKSRC}/etc/reference.config \ + ${DATADIR}/reference.config-sample + [ -f ${DATADIR}/reference.config ] || \ + ${CP} ${DATADIR}/reference.config-sample ${DATADIR}/reference.config +.for f in snort.conf snort_inline.conf unicode.map threshold.conf + ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample + [ -f ${PREFIX}/etc/${f} ] || \ + ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f} +.endfor +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR} +.endif + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/security/snort_inline/distinfo b/security/snort_inline/distinfo new file mode 100644 index 000000000000..074f4a3518e1 --- /dev/null +++ b/security/snort_inline/distinfo @@ -0,0 +1 @@ +MD5 (snort_inline-2.3.0-RC1.tar.gz) = d577c101a78c97b0f18a1e01b0252419 diff --git a/security/snort_inline/files/snort.sh.in b/security/snort_inline/files/snort.sh.in new file mode 100644 index 000000000000..f4611981fe3e --- /dev/null +++ b/security/snort_inline/files/snort.sh.in @@ -0,0 +1,36 @@ +#!/bin/sh +# $Id$ + +# PROVIDE: snort +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: FreeBSD shutdown + +# Add the following lines to /etc/rc.conf to enable snort: +# snort_enable (bool): Set to YES to enable snort +# Default: NO +# snort_flags (str): Extra flags passed to snort +# Default: -Dq -J 8000 +# snort_interface (str): Network interface to sniff +# Default: "" +# snort_conf (str): Snort configuration file +# Default: ${PREFIX}/etc/snort_inline.conf +# + +. %%RC_SUBR%% + +name="snort" +rcvar=`set_rcvar` + +command="%%PREFIX%%/bin/snort" + +load_rc_config $name + +[ -z "$snort_enable" ] && snort_enable="NO" +[ -z "$snort_conf" ] && snort_conf="%%PREFIX%%/etc/snort_inline.conf" +[ -z "$snort_flags" ] && snort_flags="-Dq -J 8000" + +[ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface" +[ -n "$snort_conf" ] && snort_flags="$snort_flags -c $snort_conf" + +run_rc_command "$1" diff --git a/security/snort_inline/pkg-descr b/security/snort_inline/pkg-descr new file mode 100644 index 000000000000..7ead26910606 --- /dev/null +++ b/security/snort_inline/pkg-descr @@ -0,0 +1,8 @@ +snort-inline is a variation of snort that interfaces with the +IPFW firewall and divert sockets to provide a simple IPS system +using snort signatures. + +WWW: http://freebsd.rogness.net/snort_inline + +- Nick Rogness +nick@rogness.net diff --git a/security/snort_inline/pkg-message b/security/snort_inline/pkg-message new file mode 100644 index 000000000000..17bd6382d2ba --- /dev/null +++ b/security/snort_inline/pkg-message @@ -0,0 +1,24 @@ + *********************************** + * !!!!!!!!!!! WARNING !!!!!!!!!!! * + *********************************** + +snort_inline uses rcNG startup scripts and must be enabled via /etc/rc.conf + +Available variables: + + snort_enable (bool): Set to YES to enable snort + Default: NO + snort_flags (str): Extra flags passed to snort + Default: -Dq -J 8000 + snort_interface (str): Network interface to sniff + Default: "" + snort_conf (str): Snort configuration file + Default: ${PREFIX}/etc/snort_inline.conf + +Also, make sure that your kernel is compiled with: + + options IPFIREWALL + options IPDIVERT + +The default divert port is 8000. See http://freebsd.rogness.net/snort_inline +for more information. diff --git a/security/snort_inline/pkg-plist b/security/snort_inline/pkg-plist new file mode 100644 index 000000000000..d9a148b677bf --- /dev/null +++ b/security/snort_inline/pkg-plist @@ -0,0 +1,98 @@ +bin/snort_inline +@unexec if [ -f %D/etc/snort.conf ] && cmp -s %D/etc/snort.conf %D/etc/snort.conf-sample; then rm -f %D/etc/snort.conf; fi +etc/snort.conf-sample +@exec [ -f %B/snort.conf ] || cp %B/%f %B/snort.conf +@unexec if [ -f %D/etc/snort_inline.conf ] && cmp -s %D/etc/snort_inline.conf %D/etc/snort_inline.conf-sample; then rm -f %D/etc/snort_inline.conf; fi +etc/snort_inline.conf-sample +@exec [ -f %B/snort_inline.conf ] || cp %B/%f %B/snort_inline.conf +@unexec if [ -f %D/etc/unicode.map ] && cmp -s %D/etc/unicode.map %D/etc/unicode.map-sample; then rm -f %D/etc/unicode.map; fi +etc/unicode.map-sample +@exec [ -f %B/unicode.map ] || cp %B/%f %B/unicode.map +@unexec if [ -f %D/etc/threshold.conf ] && cmp -s %D/etc/threshold.conf %D/etc/threshold.conf-sample; then rm -f %D/etc/threshold.conf; fi +etc/threshold.conf-sample +@exec [ -f %B/threshold.conf ] || cp %B/%f %B/threshold.conf +%%PORTDOCS%%%%DOCSDIR%%/AUTHORS +%%PORTDOCS%%%%DOCSDIR%%/BUGS +%%PORTDOCS%%%%DOCSDIR%%/CREDITS +%%PORTDOCS%%%%DOCSDIR%%/ChangeLog +%%PORTDOCS%%%%DOCSDIR%%/faq.pdf +%%PORTDOCS%%%%DOCSDIR%%/faq.tex +%%PORTDOCS%%%%DOCSDIR%%/NEWS +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/README.INLINE +%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP +%%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS +%%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK +%%PORTDOCS%%%%DOCSDIR%%/README.WIN32 +%%PORTDOCS%%%%DOCSDIR%%/README.alert_order +%%PORTDOCS%%%%DOCSDIR%%/README.csv +%%PORTDOCS%%%%DOCSDIR%%/README.database +%%PORTDOCS%%%%DOCSDIR%%/README.event_queue +%%PORTDOCS%%%%DOCSDIR%%/README.flow +%%PORTDOCS%%%%DOCSDIR%%/README.flowbits +%%PORTDOCS%%%%DOCSDIR%%/README.flow-portscan +%%PORTDOCS%%%%DOCSDIR%%/README.sfportscan +%%PORTDOCS%%%%DOCSDIR%%/README.asn1 +%%PORTDOCS%%%%DOCSDIR%%/README.http_inspect +%%PORTDOCS%%%%DOCSDIR%%/README.thresholding +%%PORTDOCS%%%%DOCSDIR%%/README.wireless +%%PORTDOCS%%%%DOCSDIR%%/TODO +%%PORTDOCS%%%%DOCSDIR%%/USAGE +%%PORTDOCS%%%%DOCSDIR%%/snort_manual.pdf +%%PORTDOCS%%%%DOCSDIR%%/snort_schema_v106.pdf +%%PORTDOCS%%@dirrm %%DOCSDIR%% +%%DATADIR%%/attack-responses.rules +%%DATADIR%%/backdoor.rules +%%DATADIR%%/bad-traffic.rules +%%DATADIR%%/chat.rules +@unexec if [ -f %B/classification.config ] && cmp -s %B/classification.config %B/classification.config-sample; then rm -f %B/classification.config; fi +%%DATADIR%%/classification.config-sample +@exec [ -f %B/classification.config ] || cp %B/%f %B/classification.config +%%DATADIR%%/ddos.rules +%%DATADIR%%/deleted.rules +%%DATADIR%%/dns.rules +%%DATADIR%%/dos.rules +%%DATADIR%%/experimental.rules +%%DATADIR%%/exploit.rules +%%DATADIR%%/finger.rules +%%DATADIR%%/ftp.rules +%%DATADIR%%/icmp-info.rules +%%DATADIR%%/icmp.rules +%%DATADIR%%/imap.rules +%%DATADIR%%/info.rules +%%DATADIR%%/local.rules +%%DATADIR%%/misc.rules +%%DATADIR%%/multimedia.rules +%%DATADIR%%/mysql.rules +%%DATADIR%%/netbios.rules +%%DATADIR%%/nntp.rules +%%DATADIR%%/oracle.rules +%%DATADIR%%/other-ids.rules +%%DATADIR%%/p2p.rules +%%DATADIR%%/policy.rules +%%DATADIR%%/pop2.rules +%%DATADIR%%/pop3.rules +%%DATADIR%%/porn.rules +@unexec if [ -f %B/reference.config ] && cmp -s %B/reference.config %B/reference.config-sample; then rm -f %B/reference.config; fi +%%DATADIR%%/reference.config-sample +@exec [ -f %B/reference.config ] || cp %B/%f %B/reference.config +%%DATADIR%%/rpc.rules +%%DATADIR%%/rservices.rules +%%DATADIR%%/scan.rules +%%DATADIR%%/shellcode.rules +%%DATADIR%%/smtp.rules +%%DATADIR%%/snmp.rules +%%DATADIR%%/sql.rules +%%DATADIR%%/telnet.rules +%%DATADIR%%/tftp.rules +%%DATADIR%%/virus.rules +%%DATADIR%%/web-attacks.rules +%%DATADIR%%/web-cgi.rules +%%DATADIR%%/web-client.rules +%%DATADIR%%/web-coldfusion.rules +%%DATADIR%%/web-frontpage.rules +%%DATADIR%%/web-iis.rules +%%DATADIR%%/web-misc.rules +%%DATADIR%%/web-php.rules +%%DATADIR%%/x11.rules +@dirrm %%DATADIR%% |