# Created by: Dirk Froemberg # $FreeBSD$ PORTNAME= snort PORTVERSION= 2.9.5.6 CATEGORIES= security MASTER_SITES= SF/snort/snort \ http://mirrors.rit.edu/zi/ PATCH_DIST_STRIP= -p1 MAINTAINER= zi@FreeBSD.org COMMENT= Lightweight network intrusion detection system LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libpcre.so:${PORTSDIR}/devel/pcre BUILD_DEPENDS= daq>=2.0.0:${PORTSDIR}/net/daq \ ${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet RUN_DEPENDS= daq>=2.0.0:${PORTSDIR}/net/daq \ ${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet OPTIONS_DEFINE= IPV6 MPLS GRE TARGETBASED ZLIB NORMALIZER REACT \ PERFPROFILE FLEXRESP3 LRGPCAP SOURCEFIRE NONETHER \ DOCS OPTIONS_GROUP= ADDONS DEV OPTIONS_GROUP_ADDONS= BARNYARD PULLEDPORK OPTIONS_GROUP_DEV= DBGSNORT OPTIONS_DEFAULT= IPV6 MPLS GRE TARGETBASED ZLIB NORMALIZER REACT \ PERFPROFILE FLEXRESP3 SOURCEFIRE PULLEDPORK \ BARNYARD FLEXRESP3_DESC= Flexible response on events (v3) GRE_DESC= GRE support IPV6_DESC= IPv6 in snort.conf LRGPCAP_DESC= Pcaps larger than 2GB NONETHER_DESC= Non-Ethernet Decoders NORMALIZER_DESC= Normalizer PERFPROFILE_DESC= Performance profiling REACT_DESC= React SOURCEFIRE_DESC= Sourcefire-specific build options TARGETBASED_DESC= Targetbased support ZLIB_DESC= GZIP support ADDONS_DESC= Depend on 3rd party addons BARNYARD_DESC= Depend on barnyard2 (supports also snortsam) PULLEDPORK_DESC= Depend on pulledpork DEV_DESC= Developper options DBGSNORT_DESC= Enable debugging symbols+core dumps DBGSNORT_CONFIGURE_ENABLE= corefiles debug DBGSNORT_MAKE_ENV= DONTSTRIP="yes" FLEXRESP3_CONFIGURE_ENABLE= flexresp3 active-response GRE_CONFIGURE_ENABLE= gre LRGPCAP_CONFIGURE_ENABLE= large-pcap MPLS_CONFIGURE_ENABLE= mpls NONETHER_CONFIGURE_ENABLE= non-ether-decoders NORMALIZER_CONFIGURE_ENABLE= normalizer PERFPROFILE_CONFIGURE_ENABLE= perfprofiling ppm REACT_CONFIGURE_ENABLE= react SOURCEFIRE_CONFIGURE_ENABLE= sourcefire TARGETBASED_CONFIGURE_ENABLE= targetbased ZLIB_CONFIGURE_ENABLE= zlib BARNYARD_RUN_DEPENDS= barnyard2:${PORTSDIR}/security/barnyard2 PULLEDPORK_RUN_DEPENDS= pulledpork.pl:${PORTSDIR}/security/pulledpork .include USE_RC_SUBR= snort SUB_FILES= pkg-message USES= pathfix GNU_CONFIGURE= yes USE_AUTOTOOLS= libtool USE_LDCONFIG= yes MAKE_JOBS_UNSAFE= yes RULES_DIR= ${ETCDIR}/rules PREPROC_RULE_DIR= ${ETCDIR}/preproc_rules LOGS_DIR= /var/log/snort CONFIG_FILES= classification.config gen-msg.map reference.config \ snort.conf threshold.conf unicode.map DOCS= RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \ doc/README* doc/USAGE doc/*.pdf PREPROC_RULES= decoder.rules preprocessor.rules sensitive-data.rules LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config .if exists(${LIBNET_CONFIG}) LIBNET_CFLAGS!= ${LIBNET_CONFIG} --cflags LIBNET_LIBS!= ${LIBNET_CONFIG} --libs .else LIBNET_CFLAGS= -I${LOCALBASE}/include/libnet11 LIBNET_LIBS= -L${LOCALBASE}/lib/libnet11 -lnet .endif LIBNET_INCDIR= ${LIBNET_CFLAGS:M-I*:S/-I//} LIBNET_LIBDIR= ${LIBNET_LIBS:M-L*:S/-L//} CFLAGS+= -fstack-protector CONFIGURE_ARGS+=--enable-reload \ --enable-reload-error-restart \ --with-dnet-includes=${LIBNET_INCDIR} \ --with-dnet-libraries=${LIBNET_LIBDIR} post-patch: @${FIND} ${WRKSRC} \( -name 'Makefile.in' -o -name snort.conf \) -print0 | \ ${XARGS} -0 ${REINPLACE_CMD} -e 's|lib/snort_|lib/snort/|g' @${REINPLACE_CMD} "s,/etc/snort.conf,${ETCDIR}/snort.conf," \ ${WRKSRC}/src/snort.c ${WRKSRC}/snort.8 @${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' \ -e '/ipvar HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' \ -e '/^# include .PREPROC_RULE/s/# include/include/' \ ${WRKSRC}/etc/snort.conf @${REINPLACE_CMD} -e 's|libnet-config|${LIBNET_CONFIG}|g' ${WRKSRC}/configure # IPv6 is no longer a ./configure option! .if ! ${PORT_OPTIONS:MIPV6} @${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/' \ -e '/normalize_icmp6/s/^preprocessor/#preprocessor/' \ ${WRKSRC}/etc/snort.conf .endif post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${RULES_DIR} ${STAGEDIR}${LOGS_DIR} \ ${STAGEDIR}${PREPROC_RULE_DIR} ${STAGEDIR}${DOCSDIR} .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${STAGEDIR}${ETCDIR}/${f}-sample .endfor .for f in ${PREPROC_RULES} ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${STAGEDIR}${PREPROC_RULE_DIR}/${f}-sample .endfor (cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}) .include