Context Navigation

Back to Ticket #42858

Ticket #42858: Portfile

File Portfile, 12.0 KB (added by jul_bsd@…, 10 years ago)

Line
1	# -- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2	# $Id$
3
4	PortSystem 1.0
5
6	name suricata
7	version 2.0.7
8	categories net security
9	platforms darwin
10	maintainers yahoo.fr:jul_bsd openmaintainer
11	license BSD
12
13	description Open Source IDS / IPS / NSM engine
14
15	long_description Suricata is a high performance Network IDS, IPS \
16	and Network Security Monitoring engine. Open Source \
17	and owned by a community run non-profit foundation, \
18	the Open Information Security Foundation (OISF). \
19	Suricata is developed by the OISF and its supporting \
20	vendors.
21
22	homepage http://suricata-ids.org/
23	master_sites http://www.openinfosecfoundation.org/download/
24
25	## https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Mac_OS_X_106x
26	## FIXME! one deps resolves to libgcc-devel which can conflict w a lot of ports depending on libgcc
27	depends_build port:autoconf port:automake
28	depends_lib port:pkgconfig port:libnet11 port:libpcap port:pcre \
29	port:libyaml port:libtool port:libmagic port:jansson
30	configure.env AC_PROG_LIBTOOL=${prefix}/bin/glibtool \
31	LDFLAGS="-ljansson"
32	configure.args --enable-ipfw --enable-gccprotect \
33	--enable-unittests \
34	--disable-geoip --disable-prelude --disable-unix-socket \
35	--disable-nss --disable-nspr \
36	--with-libjansson-includes=${prefix}/include \
37	--with-libjansson-libraries=${prefix}/lib
38
39	## Note: only linux support option for non-root user
40	## https://redmine.openinfosecfoundation.org/issues/240
41	## but http://pablo-secdev.blogspot.ca/2010/07/howto-setup-suricata-100-on-mac-os-x.html
42	add_users suricata group=suricata home=${prefix}/var/db/suricata shell=/sbin/nologin realname=suricata\ user
43
44	use_autoreconf yes
45
46	#compiler.blacklist clang llvm-gcc-4.2 macports-llvm-gcc-4.2 apple-gcc-4.2 macports-clang macports-clang-3.3
47
48	## FIXME! fails on "util-affinity.h:70:5: error: unknown type name 'cpu_set_t'" if enable build.args
49	variant universal {}
50	#build.args CFLAGS="${configure.cflags} [get_canonical_archflags cc]"
51	configure.cflags-append "${configure.cflags} [get_canonical_archflags cc]"
52
53	## Bug report: https://redmine.openinfosecfoundation.org/projects/suricata/search?utf8=%E2%9C%93&issues=1&q=darwin#
54
55	test.run yes
56	test.cmd suricata
57	test.args -u -l /tmp
58
59	notes "
60
61	To finish install
62	https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup
63
64	1) Customize config in ${prefix}/etc/${name} like HOME_NET and host-os-policy
65
66	You need add extra rules, eventually using oinkmaster:
67	https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
68	ex:
69	$ sudo chown -R oinkmaster /opt/local/etc/suricata/rules
70	$ sudo -u oinkmaster ${prefix}/bin/oinkmaster.pl -o ${prefix}/etc/${name}/rules -C ${prefix}/etc/oinkmaster-${name}.conf
71	The corresponding oinkmaster config is in the examples directory and
72	have been copied to ${prefix}/etc if not existing.
73
74	2) Test your config with
75	# suricata -c ${prefix}/etc/suricata/suricata.yaml -T
76
77	3) Standard execution
78	# suricata -c ${prefix}/etc/suricata/suricata.yaml -i en1 -D
79	plist launchd file is configured by default with this configuration
80
81	Alternative, you can have an ipfw rule set for the engine to see the packets from ipfw. For example:
82	# ipfw add 100 divert 8000 ip from any to any
83	Rememember to delete this rule if you are not using it as it will redirect all traffic to this port
84	and locked you if nothing handles this.
85	The 8000 above should be the same number you pass on the command line of Suricata with the option -d:
86	# suricata -c ${prefix}/etc/suricata/suricata.yaml -i en1 -d 8000
87
88	Note: Dropping privileges options are for now not supported outside of libpcap-ng on Linux.
89
90	4) Scheduled task to update rules with oinkmaster: a default file has been created as
91	${prefix}/Library/LaunchDaemons/org.macports.oinkmaster-suricata.plist
92	Check if it fit you and start it like
93	# chown -R oinkmaster ${prefix}/etc/suricata/rules
94	# install -d -o oinkmaster -m 755 ${prefix}/etc/suricata/backup
95	# ln -s ${prefix}/Library/LaunchDaemons/org.macports.oinkmaster-suricata.plist /Library/LaunchDaemons/
96	# launchctl load -w /Library/LaunchDaemons/org.macports.oinkmaster-suricata.plist
97	Test command with
98	# sudo -u oinkmaster ${prefix}/bin/oinkmaster.pl -o ${prefix}/etc/suricata/rules/ -b ${prefix}/etc/suricata/backup/ -C ${prefix}/etc/oinkmaster-suricata.conf
99
100	5) Check alert types on usage. For example:
101	$ sed ...
102	And, if necessary, disable false-positive rules
103	(eg SURICATA STREAM ones)
104
105	6) To rotate logs, an example config with system newsyslog is included (1/week)
106	${prefix}/share/examples/${name}/mp-suricata.conf
107	You can install it with
108	# cp ${prefix}/share/examples/${name}/mp-suricata.conf /private/etc/newsyslog.d/
109	And restart newsyslog
110	# launchctl unload -w /System/Library/LaunchDaemons/com.apple.newsyslog.plist
111	# launchctl load -w /System/Library/LaunchDaemons/com.apple.newsyslog.plist
112
113	FIXME! recommendation to rotate/handle unified2 log files
114	"
115
116	post-patch {
117	## disabling rules which seems to have disappeared from emergingthreats set and may block start
118	reinplace "s\|^ - emerging-virus.rules\|# - emerging-virus.rules\|g" ${worksrcpath}/suricata.yaml.in
119	reinplace "s\|filename: /var/log/suricata.log\|filename: ${prefix}/var/log/suricata/suricata.log\|g" ${worksrcpath}/suricata.yaml.in
120	reinplace "s\|magic-file: /usr/share/file/magic\|magic-file: ${prefix}/share/misc/magic\|g" ${worksrcpath}/suricata.yaml.in
121	}
122
123	## FIXME! no man? nothing in source. debian?
124	post-destroot {
125	xinstall -d ${destroot}${prefix}/share/examples/${name}
126	foreach f { classification.config reference.config suricata.yaml } {
127	xinstall ${worksrcpath}/${f} ${destroot}${prefix}/share/examples/${name}/
128	}
129	xinstall ${filespath}/oinkmaster-${name}.conf ${destroot}${prefix}/share/examples/${name}/
130	reinplace "s\|%%PREFIX%%\|${prefix}\|g" ${destroot}${prefix}/share/examples/${name}/oinkmaster-${name}.conf
131	copy ${filespath}/mp-suricata.conf ${destroot}${prefix}/share/examples/${name}/
132	reinplace "s\|%%PREFIX%%\|${prefix}\|g" ${destroot}${prefix}/share/examples/${name}/mp-suricata.conf
133
134	xinstall -d ${destroot}${prefix}/etc/${name}
135	xinstall -d ${destroot}${prefix}/var/log/${name}
136	xinstall -d ${destroot}${prefix}/etc/${name}/rules
137	## putting in the examples, emergingthreat set has them
138	foreach f { decoder-events.rules http-events.rules stream-events.rules files.rules smtp-events.rules } {
139	xinstall ${worksrcpath}/rules/${f} ${destroot}${prefix}/share/examples/${name}
140	}
141	xinstall ${worksrcpath}/threshold.config ${destroot}${prefix}/etc/suricata/threshold.config
142	destroot.keepdirs ${destroot}${prefix}/etc/${name} \
143	${destroot}${prefix}/var/log/${name} \
144	${destroot}${prefix}/etc/${name}/rules
145
146	xinstall -d ${destroot}${prefix}/Library/LaunchDaemons/
147	copy ${filespath}/org.macports.oinkmaster-suricata.plist ${destroot}${prefix}/Library/LaunchDaemons/
148	reinplace "s\|%%PREFIX%%\|${prefix}\|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.oinkmaster-suricata.plist
149	}
150
151	post-activate {
152	foreach f { classification.config reference.config suricata.yaml } {
153	if {![file exists ${prefix}/etc/${name}/${f}]} {
154	xinstall ${prefix}/share/examples/${name}/${f} ${prefix}/etc/${name}/
155	}
156	}
157	if {![file exists ${prefix}/etc/oinkmaster-suricata.conf]} {
158	xinstall ${prefix}/share/examples/${name}/oinkmaster-suricata.conf ${prefix}/etc/
159	}
160	}
161
162	if {${subport} eq ${name}} {
163
164	checksums rmd160 435d9af659416710e53c2f8ec6ff8ec768dcaaa8 \
165	sha256 c5c3ccebeecbace39df0ff2d50ec4515b541103ffaa5e33cd1dc79d4955c0dfd
166
167	patchfiles patch-src-suricata-common.h.diff \
168	patch-Makefile.in.diff
169
170	conflicts ${name}-devel ${name}1
171	livecheck.type regex
172	livecheck.url ${homepage}/download/
173	livecheck.regex "<strong>Suricata \$Stable\$ version is (\\d+\.\\d+\.\\d+), "
174	}
175
176	subport ${name}-devel {
177
178	version 2.1beta3
179	checksums rmd160 eaec8a61012ed69d6975dd6963101f3d47b02989 \
180	sha256 3e6fe2f099697e893db3074406acefb8c567386f3423977ace9aac518a63cb74
181
182	## Got both strlcpy/strlcat errors and "error: unknown type name 'json_t'"
183	patchfiles patch-configure.ac2.diff \
184	patch-src-suricata-common.h.diff \
185	patch-src-suricata-common.h2.diff
186
187	conflicts ${name} ${name}1
188
189	livecheck.type regex
190	livecheck.url ${homepage}/download/
191	livecheck.regex "<strong>Suricata \$Development\$ version is (\\d+(?:\\.\\d+)(\\w)), "
192	}
193
194	subport ${name}1 {
195	version 1.4.7
196	checksums rmd160 225241a6e5fc159347dcfaf6c424180d84cd281e \
197	sha256 ae4a117d23a8a304f6fba9bd5b7442422b64e4d6bf5ac1e17312b8ee443a6bc9
198
199	depends_lib port:pkgconfig port:libnet11 port:libpcap port:pcre \
200	port:libyaml port:libtool port:libmagic port:jansson
201	configure.env AC_PROG_LIBTOOL=${prefix}/bin/glibtool
202	configure.args --enable-ipfw --enable-gccprotect \
203	--enable-unittests \
204	--disable-geoip --disable-prelude --disable-unix-socket
205
206	patchfiles patch-configure.ac.diff patch-src-suricata-common.h.diff \
207	patch-src-suricata-common.h2.diff
208
209	use_autoreconf yes
210
211	conflicts ${name} ${name}-devel
212
213	## FIXME! if enabled or not, stalling
214	livecheck.type none
215	}
216
217	default_variants +debug +geoip +python27
218
219	## https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debugging
220	variant debug description { enable debug, processing will be slower } {
221	## Note: --enable-debug-validation is incompatible with --unittests
222	## https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Unit_Tests
223	configure.args-append --enable-debug --enable-profiling
224	}
225
226	#variant spatch description { spatch support. IN CONSTRUCTION } {
227	# ## http://coccinelle.lip6.fr/sp.php
228	#}
229
230	variant python27 description { Python 2.7 bindings } {
231	depends_build-append port:python27
232	# configure.env-append PYTHON=${prefix}/bin/python2.7
233	configure.python ${prefix}/bin/python2.7
234	}
235
236	variant prelude description { libprelude support } {
237	depends_lib-append port:libprelude
238	configure.args-delete --disable-prelude
239	configure.args-append --enable-prelude --with-libprelude-prefix=${prefix}
240	}
241
242	variant geoip description { libgeoip support } {
243	depends_lib-append port:libgeoip
244	configure.args-delete --disable-geoip
245	configure.args-append --enable-geoip --with-libgeoip-includes=${prefix}/include \
246	--with-libgeoip-libraries=${prefix}/lib
247	}
248
249	variant unixsocket description { unix-socket support } {
250	depends_lib-append port:jansson
251	configure.args-delete --disable-unix-socket
252	configure.args-append --enable-unix-socket
253	}
254
255	## https://redmine.openinfosecfoundation.org/projects/suricata/wiki/MD5
256	variant nss description { nss/md5 checksums support } {
257	depends_lib-append port:nss port:nspr
258	configure.args-delete --disable-nss --disable-nspr
259	configure.args-append --enable-nss \
260	--with-libnss-libraries=${prefix}/lib \
261	--with-libnss-includes=${prefix}/include/nss/ \
262	--with-libnspr-libraries=${prefix}/lib \
263	--with-libnspr-includes=${prefix}/include/nspr
264	}
265
266
267	startupitem.create yes
268	startupitem.executable ${prefix}/bin/suricata -c ${prefix}/etc/suricata/suricata.yaml -i en1
269	startupitem.netchange yes
270

Download in other formats:

Original Format