54 | | reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
55 | | reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
56 | | reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
57 | | reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
| 54 | reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 55 | reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 56 | reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 57 | reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 64 | |
| 65 | xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules |
| 66 | destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules |
| 67 | reinplace "s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|" \ |
| 68 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 69 | reinplace "s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|" \ |
| 70 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 71 | xinstall -d ${destroot}${prefix}/etc/snort/rules |
| 72 | destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules |
| 73 | reinplace "s|var RULE_PATH ../rules|var RULE_PATH /rules|" \ |
| 74 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 75 | xinstall -d -o snort ${destroot}${prefix}/var/log/snort |
| 76 | destroot.keepdirs-append ${destroot}${prefix}/var/log/snort |
| 77 | } |
| 78 | |
| 79 | post-activate { |
| 80 | if ![file exists ${prefix}/etc/snort/snort.conf ] { |
| 81 | copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf |
| 82 | } |
| 94 | |
| 95 | Please download rules from https://www.snort.org/snort-rules/#rules either |
| 96 | manually or with oinkmaster. |
| 97 | |
| 98 | Change at least your HOME_NET in snort.conf and Validate your config with |
| 99 | $ snort -T -c ${prefix}/etc/snort/snort.conf |
| 100 | |
| 101 | By default ${prefix}/share/${name}/snort.sh is configured |
| 102 | to listen only on en0 interface. |
| 103 | If you want to listen multiple interface, you need to start one snort |
| 104 | instance per interface (or bond them) |
| 105 | |
| 106 | $ grep 'Snort rules read' /var/log/system.log |
| 107 | $ egrep '^output' ${prefix}/etc/snort/snort.conf |
| 108 | If you get empty touched logs, try also to set: |
| 109 | ipvar EXTERNAL_NET !\$HOME_NET |
| 110 | instead of any |
| 111 | |
| 112 | You can test that snort is functionning by using those tool: |
| 113 | ftp http://\$EXTERNAL_HOST/cmd.exe |
| 114 | ftp http://lteo.net/cmd.exe |
| 115 | http://testmyids.com |
| 116 | nmap, IDSWakeup, pytbull, metasploit |
| 117 | |
| 118 | To use blacklist/whitelist, see |
| 119 | http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/ |
| 120 | http://systemnoise.com/wordpress/?p=89 |
| 121 | http://labs.snort.org/iplists/ |
| 122 | |
| 125 | if {![variant_isset mysql51] && ![variant_isset mysql55] && ![variant_isset mariadb] && ![variant_isset percona] } { |
| 126 | default_variants +mysql56 |
| 127 | } |
| 128 | |
| 129 | variant mysql51 \ |
| 130 | conflicts mysql55 mysql56 mariadb percona \ |
| 131 | description "Enable MySQL 5.1 support" { |
| 132 | |
| 133 | depends_lib-append port:mysql51 |
| 134 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config |
| 135 | configure.args-append --with-mysql-includes=${prefix}/include/mysql51/mysql \ |
| 136 | --with-mysql-libraries=${prefix}/lib/mysql51/mysql |
| 137 | configure.env CFLAGS="-L${prefix}/lib/mysql51/mysql" |
| 138 | } |
| 139 | |
| 140 | variant mysql55 \ |
| 141 | conflicts mysql51 mysql56 mariadb percona \ |
| 142 | description "Enable MySQL 5.5 support" { |
| 143 | |
| 144 | depends_lib-append port:mysql55 |
| 145 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config |
| 146 | configure.args-append --with-mysql-includes=${prefix}/include/mysql55/mysql \ |
| 147 | --with-mysql-libraries=${prefix}/lib/mysql55/mysql |
| 148 | configure.env CFLAGS="-L${prefix}/lib/mysql55/mysql" |
| 149 | } |
| 150 | |
| 151 | variant mysql56 \ |
| 152 | conflicts mysql51 mysql55 mariadb percona \ |
| 153 | description "Enable MySQL 5.6 support" { |
| 154 | |
| 155 | depends_lib-append port:mysql56 |
| 156 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config |
| 157 | configure.args-append --with-mysql-includes=${prefix}/include/mysql56/mysql \ |
| 158 | --with-mysql-libraries=${prefix}/lib/mysql56/mysql |
| 159 | configure.env CFLAGS="-L${prefix}/lib/mysql56/mysql" |
| 160 | } |
| 161 | |
| 162 | variant mariadb \ |
| 163 | conflicts mysql51 mysql55 mysql56 percona \ |
| 164 | description "Enable MariaDB (MySQL) support" { |
| 165 | |
| 166 | depends_lib-append port:mariadb |
| 167 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config |
| 168 | configure.args-append --with-mysql-includes=${prefix}/include/mariadb/mysql \ |
| 169 | --with-mysql-libraries=${prefix}/lib/mariadb/mysql |
| 170 | configure.env CFLAGS="-L${prefix}/lib/mariadb/mysql" |
| 171 | } |
| 172 | |
| 173 | variant percona \ |
| 174 | conflicts mysql51 mysql55 mysql56 mariadb \ |
| 175 | description "Enable Percona (MySQL) support" { |
| 176 | depends_lib-append port:percona |
| 177 | configure.env-append MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config |
| 178 | configure.args-append --with-mysql-includes=${prefix}/include/percona/mysql \ |
| 179 | --with-mysql-libraries=${prefix}/lib/percona/mysql |
| 180 | configure.env CFLAGS="-L${prefix}/lib/percona/mysql" |
| 181 | } |
| 182 | |