aboutsummaryrefslogtreecommitdiffstats
path: root/security/suricata/Makefile
blob: a00e8ea158e733c31e6d08cb7c892618e2ee4094 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Created by: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
# $FreeBSD$

PORTNAME=   suricata
PORTVERSION=    3.0
PORTREVISION=   1
CATEGORIES= security
MASTER_SITES=   http://www.openinfosecfoundation.org/download/

MAINTAINER= koobs@FreeBSD.org
COMMENT=    High Performance Network IDS, IPS and Security Monitoring engine

LICENSE=    GPLv2
LICENSE_FILE=   ${WRKSRC}/LICENSE

LIB_DEPENDS=    libpcre.so:${PORTSDIR}/devel/pcre \
        libnet.so:${PORTSDIR}/net/libnet \
        libyaml.so:${PORTSDIR}/textproc/libyaml

USES=       autoreconf cpe gmake libtool pathfix pkgconfig
USE_LDCONFIG=   yes
USE_RC_SUBR=    ${PORTNAME}
GNU_CONFIGURE=  yes

CPE_VENDOR= openinfosecfoundation

INSTALL_TARGET=     install-strip
PATHFIX_MAKEFILEIN= Makefile.am

OPTIONS_DEFINE=     GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE SC TESTS
OPTIONS_DEFAULT=    HTP_PORT IPFW JSON NETMAP PRELUDE

OPTIONS_RADIO=      SCRIPTS
OPTIONS_RADIO_SCRIPTS=  LUA LUAJIT

OPTIONS_SUB=        yes

SCRIPTS_DESC=       Scripting

GEOIP_DESC=     GeoIP support
HTP_PORT_DESC=      Use libhtp from ports
IPFW_DESC=      IPFW and IP Divert support for inline IDP
JSON_DESC=      JSON output support
LUA_DESC=       LUA scripting support
LUAJIT_DESC=        LuaJIT scripting support
NETMAP_DESC=        Netmap support for inline IDP
NSS_DESC=       File checksums and SSL/TLS fingerprinting
PORTS_PCAP_DESC=    Use libpcap from ports
PRELUDE_DESC=       Prelude support for NIDS alerts
SC_DESC=        Suricata socket client (suricatasc)
TESTS_DESC=     Unit tests in suricata binary

GEOIP_LIB_DEPENDS=      libGeoIP.so:${PORTSDIR}/net/GeoIP
GEOIP_CONFIGURE_ON=     --enable-geoip

HTP_PORT_LIB_DEPENDS=       libhtp.so:${PORTSDIR}/devel/libhtp
HTP_PORT_CONFIGURE_ON=      --enable-non-bundled-htp
HTP_PORT_CONFIGURE_OFF=     --enable-bundled-htp
HTP_PORT_CONFLICTS_INSTALL_OFF= libhtp-[0-9]* libhtp-suricata
HTP_PORT_USES_OFF=      iconv:translit

IPFW_CONFIGURE_ON=      --enable-ipfw

JSON_LIB_DEPENDS=       libjansson.so:${PORTSDIR}/devel/jansson
JSON_CONFIGURE_ON=      --with-libjansson-includes=${LOCALBASE}/include \
                --with-libjansson-libraries=${LOCALBASE}/lib

LUA_USES=           lua:51
LUA_CONFIGURE_ON=       --enable-lua \
                --with-liblua-includes=${LUA_INCDIR} \
                --with-liblua-libraries=${LUA_LIBDIR}

LUAJIT_LIB_DEPENDS=     libluajit-5.1.so:${PORTSDIR}/lang/luajit
LUAJIT_CONFIGURE_ON=        --enable-luajit

NSS_LIB_DEPENDS=        libnss3.so:${PORTSDIR}/security/nss \
                libnspr4.so:${PORTSDIR}/devel/nspr
NSS_CONFIGURE_ON=       --with-libnss-includes=${LOCALBASE}/include/nss/nss \
                --with-libnss-libraries=${LOCALBASE}/lib \
                --with-libnspr-libraries=${LOCALBASE}/lib \
                --with-libnspr-includes=${LOCALBASE}/include/nspr

NETMAP_CONFIGURE_ENABLE=    netmap

PORTS_PCAP_LIB_DEPENDS=     libpcap.so:${PORTSDIR}/net/libpcap
PORTS_PCAP_CONFIGURE_ON=    --with-libpcap-includes=${LOCALBASE}/include \
                --with-libpcap-libraries=${LOCALBASE}/lib
PORTS_PCAP_CONFIGURE_OFF=   --with-libpcap-includes=/usr/include \
                --with-libpcap-libraries=/usr/lib

PRELUDE_LIB_DEPENDS=        libprelude.so:${PORTSDIR}/security/libprelude
PRELUDE_CONFIGURE_ENABLE=   prelude
PRELUDE_CONFIGURE_ON=       --with-libprelude-prefix=${LOCALBASE}

SC_USES=            python
SC_CONFIGURE_ENV=       ac_cv_path_HAVE_PYTHON_CONFIG=yes
SC_CONFIGURE_ENV_OFF=       ac_cv_path_HAVE_PYTHON_CONFIG=no

TESTS_CONFIGURE_ENABLE=     unittests

SUB_FILES=  pkg-message

CONFIGURE_ARGS+=--enable-gccprotect \
        --disable-silent-rules \
        --with-libpcre-includes=${LOCALBASE}/include \
        --with-libpcre-libraries=${LOCALBASE}/lib \
        --with-libyaml-includes=${LOCALBASE}/include \
        --with-libyaml-libraries=${LOCALBASE}/lib \
        --with-libnet-includes=${LOCALBASE}/include \
        --with-libnet-libraries=${LOCALBASE}/lib \
        --with-libhtp-includes=${LOCALBASE}/include/ \
        --with-libhtp-libraries=${LOCALBASE}/lib \
            --disable-gccmarch-native

CONFIG_DIR?=    ${ETCDIR}
CONFIG_FILES=   suricata.yaml classification.config reference.config threshold.config
RULES_DIR=  ${CONFIG_DIR}/rules
RULES_FILES=    app-layer-events.rules decoder-events.rules dns-events.rules files.rules \
        http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \
        tls-events.rules
LOGS_DIR?=  /var/log/${PORTNAME}

.include <bsd.port.pre.mk>

pre-patch:
    ${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4

post-install:
    ${MKDIR} ${STAGEDIR}${CONFIG_DIR}
    ${MKDIR} ${STAGEDIR}${RULES_DIR}
    ${MKDIR} ${STAGEDIR}${LOGS_DIR}

.for f in ${CONFIG_FILES}
    ${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
.endfor

.for f in ${RULES_FILES}
    ${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f}
.endfor

.if ${PORT_OPTIONS:MSC}
    (cd ${STAGEDIR}${PREFIX} \
    && ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
    -d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})
.endif

TEST_TARGET=    check

.include <bsd.port.post.mk>