27 | | startupitem.create yes |
28 | | startupitem.start "${prefix}/share/${name}/snort.sh" |
29 | | startupitem.stop "/bin/kill \$(cat /var/run/snort_*.pid)" |
30 | | |
31 | | variant mysql5 description {mysql 5 support} { |
32 | | depends_lib-append path:bin/mysql_config5:mysql5 |
33 | | configure.args-append --with-mysql-includes=${prefix}/include/mysql5/mysql \ |
34 | | --with-mysql-libraries=${prefix}/lib/mysql5/mysql |
| 28 | #configure.compiler macports-gcc-4.9 |
| 29 | #compiler.blacklist-append {clang < 500} |
| 30 | #compiler.blacklist-append clang macports-clang llvm-gcc-4.2 |
| 31 | #compiler.blacklist *clang* |
| 32 | patchfiles patch-src-strlcatu.h.diff patch-src-strlcpyu.h.diff |
| 33 | |
| 34 | post-configure { |
| 35 | addgroup snort |
| 36 | add_users snort gid=[existsgroup snort] home=${prefix}/var/snort shell=/sbin/nologin realname=Snort\ user |
54 | | reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
55 | | reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
56 | | reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
57 | | reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist |
| 60 | reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 61 | reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 62 | reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 63 | reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 70 | |
| 71 | xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules |
| 72 | destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules |
| 73 | reinplace "s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|" \ |
| 74 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 75 | reinplace "s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|" \ |
| 76 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 77 | xinstall -d ${destroot}${prefix}/etc/snort/rules |
| 78 | destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules |
| 79 | reinplace "s|var RULE_PATH ../rules|var RULE_PATH /rules|" \ |
| 80 | ${destroot}${prefix}/share/examples/${name}/snort.conf.dist |
| 81 | xinstall -d -o snort ${destroot}${prefix}/var/log/snort |
| 82 | destroot.keepdirs-append ${destroot}${prefix}/var/log/snort |
| 83 | } |
| 84 | |
| 85 | post-activate { |
| 86 | if ![file exists ${prefix}/etc/snort/snort.conf ] { |
| 87 | copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf |
| 88 | } |
| 100 | |
| 101 | Please download rules from https://www.snort.org/snort-rules/#rules either |
| 102 | manually or with oinkmaster. |
| 103 | |
| 104 | Change at least your HOME_NET in snort.conf and Validate your config with |
| 105 | $ snort -T -c ${prefix}/etc/snort/snort.conf |
| 106 | |
| 107 | By default snort.sh is configured to listen only on en0 interface. |
| 108 | If you want to listen multiple interface, you need to start one snort |
| 109 | instance per interface (or bond them) |
| 110 | |
| 111 | $ grep 'Snort rules read' /var/log/system.log |
| 112 | $ egrep '^output' ${prefix}/etc/snort/snort.conf |
| 113 | If you get empty touched logs, try also to set: |
| 114 | ipvar EXTERNAL_NET !\$HOME_NET |
| 115 | instead of any |
| 116 | |
| 117 | You can test that snort is functionning by using those tool: |
| 118 | ftp http://\$EXTERNAL_HOST/cmd.exe |
| 119 | ftp http://lteo.net/cmd.exe |
| 120 | http://testmyids.com |
| 121 | nmap, IDSWakeup, pytbull, metasploit |
| 122 | |
| 123 | To use blacklist/whitelist, see |
| 124 | http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/ |
| 125 | http://systemnoise.com/wordpress/?p=89 |
| 126 | http://labs.snort.org/iplists/ |
| 127 | |
| 130 | if {![variant_isset mysql5] && ![variant_isset mysql51] && ![variant_isset mysql55] && ![variant_isset mariadb] && ![variant_isset percona] && ![variant_isset mysql4] } { |
| 131 | default_variants +mysql56 |
| 132 | } |
| 133 | |
| 134 | variant mysql4 \ |
| 135 | conflicts mysql5 mysql51 mysql55 mysql56 mariadb percona \ |
| 136 | description "Enable MySQL 4 support" { |
| 137 | |
| 138 | depends_lib-append port:mysql4 |
| 139 | configure.args-append --with-mysql=${prefix} |
| 140 | } |
| 141 | |
| 142 | variant mysql5 \ |
| 143 | conflicts mysql4 mysql51 mysql55 mysql56 mariadb percona \ |
| 144 | description "Enable MySQL 5.1 support" { |
| 145 | |
| 146 | depends_lib-append port:mysql5 |
| 147 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql5/bin/mysql_config |
| 148 | configure.args-append --with-mysql-includes=${prefix}/include/mysql5/mysql \ |
| 149 | --with-mysql-libraries=${prefix}/lib/mysql5/mysql |
| 150 | configure.env CFLAGS="-L${prefix}/lib/mysql5/mysql" |
| 151 | } |
| 152 | |
| 153 | variant mysql51 \ |
| 154 | conflicts mysql4 mysql5 mysql55 mysql56 mariadb percona \ |
| 155 | description "Enable MySQL 5.1 support" { |
| 156 | |
| 157 | depends_lib-append port:mysql51 |
| 158 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config |
| 159 | configure.args-append --with-mysql-includes=${prefix}/include/mysql51/mysql \ |
| 160 | --with-mysql-libraries=${prefix}/lib/mysql51/mysql |
| 161 | configure.env CFLAGS="-L${prefix}/lib/mysql51/mysql" |
| 162 | } |
| 163 | |
| 164 | variant mysql55 \ |
| 165 | conflicts mysql4 mysql5 mysql51 mysql56 mariadb percona \ |
| 166 | description "Enable MySQL 5.5 support" { |
| 167 | |
| 168 | depends_lib-append port:mysql55 |
| 169 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config |
| 170 | configure.args-append --with-mysql-includes=${prefix}/include/mysql55/mysql \ |
| 171 | --with-mysql-libraries=${prefix}/lib/mysql55/mysql |
| 172 | configure.env CFLAGS="-L${prefix}/lib/mysql55/mysql" |
| 173 | } |
| 174 | |
| 175 | variant mysql56 \ |
| 176 | conflicts mysql4 mysql5 mysql51 mysql55 mariadb percona \ |
| 177 | description "Enable MySQL 5.6 support" { |
| 178 | |
| 179 | depends_lib-append port:mysql56 |
| 180 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config |
| 181 | configure.args-append --with-mysql-includes=${prefix}/include/mysql56/mysql \ |
| 182 | --with-mysql-libraries=${prefix}/lib/mysql56/mysql |
| 183 | configure.env CFLAGS="-L${prefix}/lib/mysql56/mysql" |
| 184 | } |
| 185 | |
| 186 | variant mariadb \ |
| 187 | conflicts mysql4 mysql5 mysql51 mysql55 mysql56 percona \ |
| 188 | description "Enable MariaDB (MySQL) support" { |
| 189 | |
| 190 | depends_lib-append port:mariadb |
| 191 | configure.env-append MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config |
| 192 | configure.args-append --with-mysql-includes=${prefix}/include/mariadb/mysql \ |
| 193 | --with-mysql-libraries=${prefix}/lib/mariadb/mysql |
| 194 | configure.env CFLAGS="-L${prefix}/lib/mariadb/mysql" |
| 195 | } |
| 196 | |
| 197 | variant percona \ |
| 198 | conflicts mysql4 mysql5 mysql51 mysql55 mysql56 mariadb \ |
| 199 | description "Enable Percona (MySQL) support" { |
| 200 | depends_lib-append port:percona |
| 201 | configure.env-append MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config |
| 202 | configure.args-append --with-mysql-includes=${prefix}/include/percona/mysql \ |
| 203 | --with-mysql-libraries=${prefix}/lib/percona/mysql |
| 204 | configure.env CFLAGS="-L${prefix}/lib/percona/mysql" |
| 205 | } |
| 206 | |