54 | | reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
55 | | reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
56 | | reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
57 | | reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
| 54 | reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 55 | reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 56 | reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 57 | reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 64 | |
| 65 | xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules |
| 66 | destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules |
| 67 | reinplace "s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|" \ |
| 68 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 69 | reinplace "s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|" \ |
| 70 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 71 | xinstall -d ${destroot}${prefix}/etc/snort/rules |
| 72 | destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules |
| 73 | reinplace "s|var RULE_PATH ../rules|var RULE_PATH /rules|" \ |
| 74 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 75 | xinstall -d -o snort ${destroot}${prefix}/var/log/snort |
| 76 | destroot.keepdirs-append ${destroot}${prefix}/var/log/snort |
| 77 | } |
| 78 | |
| 79 | post-activate { |
| 80 | if ![file exists ${prefix}/etc/snort/snort.conf ] { |
| 81 | copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf |
| 82 | } |
| 94 | |
| 95 | Please download rules from https://www.snort.org/snort-rules/#rules either |
| 96 | manually or with oinkmaster. |
| 97 | |
| 98 | Change at least your HOME_NET in snort.conf and Validate your config with |
| 99 | $ snort -T -c ${prefix}/etc/snort/snort.conf |
| 100 | |
| 101 | By default snort.sh is configured to listen only on en0 interface. |
| 102 | If you want to listen multiple interface, you need to start one snort |
| 103 | instance per interface (or bond them) |
| 104 | |
| 105 | $ grep 'Snort rules read' /var/log/system.log |
| 106 | $ egrep '^output' ${prefix}/etc/snort/snort.conf |
| 107 | If you get empty touched logs, try also to set: |
| 108 | ipvar EXTERNAL_NET !\$HOME_NET |
| 109 | instead of any |
| 110 | |
| 111 | You can test that snort is functionning by using those tool: |
| 112 | ftp http://\$EXTERNAL_HOST/cmd.exe |
| 113 | ftp http://lteo.net/cmd.exe |
| 114 | http://testmyids.com |
| 115 | nmap, IDSWakeup, pytbull, metasploit |
| 116 | |
| 117 | To use blacklist/whitelist, see |
| 118 | http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/ |
| 119 | http://systemnoise.com/wordpress/?p=89 |
| 120 | http://labs.snort.org/iplists/ |
| 121 | |
| 124 | if {![variant_isset mysql5] && ![variant_isset mysql51] && ![variant_isset mysql55] && ![variant_isset mariadb] && ![variant_isset percona] && ![variant_isset mysql4] } { |
| 125 | default_variants +mysql56 |
| 126 | } |
| 127 | |
| 128 | variant mysql4 \ |
| 129 | conflicts mysql5 mysql51 mysql55 mysql56 mariadb percona \ |
| 130 | description "Enable MySQL 4 support" { |
| 131 | |
| 132 | depends_lib-append port:mysql4 |
| 133 | configure.args-append --with-mysql=${prefix} |
| 134 | } |
| 135 | |
| 136 | variant mysql5 \ |
| 137 | conflicts mysql4 mysql51 mysql55 mysql56 mariadb percona \ |
| 138 | description "Enable MySQL 5.1 support" { |
| 139 | |
| 140 | depends_lib-append port:mysql5 |
| 141 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql5/bin/mysql_config |
| 142 | configure.args-append --with-mysql-includes=${prefix}/include/mysql5/mysql \ |
| 143 | --with-mysql-libraries=${prefix}/lib/mysql5/mysql |
| 144 | configure.env CFLAGS="-L${prefix}/lib/mysql5/mysql" |
| 145 | } |
| 146 | |
| 147 | variant mysql51 \ |
| 148 | conflicts mysql4 mysql5 mysql55 mysql56 mariadb percona \ |
| 149 | description "Enable MySQL 5.1 support" { |
| 150 | |
| 151 | depends_lib-append port:mysql51 |
| 152 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config |
| 153 | configure.args-append --with-mysql-includes=${prefix}/include/mysql51/mysql \ |
| 154 | --with-mysql-libraries=${prefix}/lib/mysql51/mysql |
| 155 | configure.env CFLAGS="-L${prefix}/lib/mysql51/mysql" |
| 156 | } |
| 157 | |
| 158 | variant mysql55 \ |
| 159 | conflicts mysql4 mysql5 mysql51 mysql56 mariadb percona \ |
| 160 | description "Enable MySQL 5.5 support" { |
| 161 | |
| 162 | depends_lib-append port:mysql55 |
| 163 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config |
| 164 | configure.args-append --with-mysql-includes=${prefix}/include/mysql55/mysql \ |
| 165 | --with-mysql-libraries=${prefix}/lib/mysql55/mysql |
| 166 | configure.env CFLAGS="-L${prefix}/lib/mysql55/mysql" |
| 167 | } |
| 168 | |
| 169 | variant mysql56 \ |
| 170 | conflicts mysql4 mysql5 mysql51 mysql55 mariadb percona \ |
| 171 | description "Enable MySQL 5.6 support" { |
| 172 | |
| 173 | depends_lib-append port:mysql56 |
| 174 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config |
| 175 | configure.args-append --with-mysql-includes=${prefix}/include/mysql56/mysql \ |
| 176 | --with-mysql-libraries=${prefix}/lib/mysql56/mysql |
| 177 | configure.env CFLAGS="-L${prefix}/lib/mysql56/mysql" |
| 178 | } |
| 179 | |
| 180 | variant mariadb \ |
| 181 | conflicts mysql4 mysql5 mysql51 mysql55 mysql56 percona \ |
| 182 | description "Enable MariaDB (MySQL) support" { |
| 183 | |
| 184 | depends_lib-append port:mariadb |
| 185 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config |
| 186 | configure.args-append --with-mysql-includes=${prefix}/include/mariadb/mysql \ |
| 187 | --with-mysql-libraries=${prefix}/lib/mariadb/mysql |
| 188 | configure.env CFLAGS="-L${prefix}/lib/mariadb/mysql" |
| 189 | } |
| 190 | |
| 191 | variant percona \ |
| 192 | conflicts mysql4 mysql5 mysql51 mysql55 mysql56 mariadb \ |
| 193 | description "Enable Percona (MySQL) support" { |
| 194 | depends_lib-append port:percona |
| 195 | configure.env-append MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config |
| 196 | configure.args-append --with-mysql-includes=${prefix}/include/percona/mysql \ |
| 197 | --with-mysql-libraries=${prefix}/lib/percona/mysql |
| 198 | configure.env CFLAGS="-L${prefix}/lib/percona/mysql" |
| 199 | } |
| 200 | |