Opened 11 years ago
Last modified 7 years ago
#42858 new submission
[NEW] suricata 1.4.7
Reported by: | jul_bsd@… | Owned by: | macports-tickets@… |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.2.1 |
Keywords: | Cc: | Schamschula (Marius Schamschula), mkae (Marko Käning) | |
Port: | suricata |
Description
Open Source IDS / IPS / NSM engine
- compile/run
- devel subport
Attachments (26)
Change History (54)
comment:2 Changed 11 years ago by neverpanic (Clemens Lang)
--prefix=${prefix}
is automatically passed configure inconfigure.pre_args
by MacPorts. You don't have to pass it again.--sysconfdir
defaults toPREFIX/etc
, so passing--sysconfdir=${prefix}/etc
isn't necessary.- The same applies to
--localstatedir
. revision 0
is the default and can be omitted.- Don't set
configure.compiler
directly unless absolutely necessary. Instead, usecompiler.blacklist
to blacklist the compilers that will fail to compile suricata and let MacPorts choose a fallback. Even better would be fixing the build with clang. - Conflicts should be specified both ways, so the suricata subport should
conflicts ${name}-devel
- Instead of listing a variant that does nothing, consider commenting it.
- I'm not sure hardcoding the startupitem to the
en1
interface is a good solution. I don't have a better idea either, though. - When adding optional features with dependencies in variants you need to make sure the configure script doesn't autodetect the presence of the dependency and links against libraries when the dependency isn't specified. For example, suricata must not link against libgeoip when installed without the geoip variant even when the libgeoip port is installed. To do this, pass
--disable-geoip
in the defaultconfigure.args
and replace it with--enable-geoip
in the geoip variant.
comment:3 Changed 11 years ago by neverpanic (Clemens Lang)
Also, configure picks up python as $prefix/bin/python
checking for python... /opt/local/bin/python
which is a symlink that can be adjusted by users and might cause the package to build different depending on what a user has chosen as python version. You should choose a version of python you want to use and set configure.python
to avoid that to make the build reproducible.
comment:4 Changed 11 years ago by neverpanic (Clemens Lang)
Also, here's a patch to fix the build problem with clang due to the system headers defining strlcat(3)
and strlcpy(3)
as macros:
-
configure.ac
old new 155 155 # Checks for library functions. 156 156 AC_FUNC_MALLOC 157 157 AC_FUNC_REALLOC 158 AC_CHECK_FUNCS([gettimeofday memset strcasecmp strchr strdup strerror strncasecmp strtol strtoul memchr ])158 AC_CHECK_FUNCS([gettimeofday memset strcasecmp strchr strdup strerror strncasecmp strtol strtoul memchr strlcat strlcpy]) 159 159 160 160 # Add large file support 161 161 AC_SYS_LARGEFILE -
src/suricata-common.h
old new 304 304 #include "util-optimize.h" 305 305 #include "util-path.h" 306 306 307 #ifndef strlcat 308 /* strlcat is a macro on some systems; if it is, we probably don't need this 309 * declaration and the macro expansion will break the declaration. */ 307 310 size_t strlcat(char *, const char *src, size_t siz); 311 #endif 312 #ifndef strlcpy 313 /* strlcpy is a macro on some systems; if it is, we probably don't need this 314 * declaration and the macro expansion will break the declaration. */ 308 315 size_t strlcpy(char *dst, const char *src, size_t siz); 316 #endif 309 317 310 318 #endif /* __SURICATA_COMMON_H__ */
Please submit this patch upstream as well.
Changed 11 years ago by jul_bsd@…
Attachment: | patch-configure.ac.diff added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | oinkmaster-suricata.conf added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | org.macports.oinkmaster-suricata.plist added |
---|
comment:5 Changed 11 years ago by jul_bsd@…
- update to 2.0 and subport suricata1, disabled suricata-devel for now, review patch for 2.0
- 2.0 is NOT compiling, see main.log
- add test command but not sure if it is executed
- review livecheck for 2.0
Changed 11 years ago by jul_bsd@…
Attachment: | patch-configure.ac2.diff added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | suricata2.0-fail-main.log added |
---|
comment:6 Changed 10 years ago by jul_bsd@…
- suricata 2.0.1 + subport suricata1 => both install/run
- configure.blacklist need to be reviewed but seems to be a long one. works ok w gcc4.9
- universal variant in work in progress but failing if enable build.args (be it in universal or not)
util-affinity.h:70:5: error: unknown type name 'cpu_set_t'
- test.run
- switch tasks to LaunchDaemons
- newsyslog configuration to rotate logs
- fix livecheck
Changed 10 years ago by jul_bsd@…
Attachment: | suricata-universal-main.log added |
---|
comment:7 Changed 10 years ago by jul_bsd@…
Changed 10 years ago by jul_bsd@…
Attachment: | patch-src-suricata-common.h2.diff added |
---|
Changed 10 years ago by jul_bsd@…
Attachment: | patch-Makefile.in.diff added |
---|
comment:8 Changed 10 years ago by jul_bsd@…
sadly, running test mode 2,1/devel and also 2,0,3 gives
$ sudo suricata -c /opt/local/etc/suricata/suricata.yaml -T 30/8/2014 -- 20:07:45 - <Info> - Running suricata under test mode 30/8/2014 -- 20:07:45 - <Notice> - This is Suricata version 2.1beta1 RELEASE /usr/share/file/magic/animation, 712: Warning: Printf format `l' is not valid for type `belong' in description `%ld x' /usr/share/file/magic/animation, 713: Warning: Printf format `l' is not valid for type `belong' in description `%ld' /usr/share/file/magic/animation, 720: Warning: Printf format `l' is not valid for type `belong' in description `%ld x' /usr/share/file/magic/animation, 721: Warning: Printf format `l' is not valid for type `belong' in description `%ld' /usr/share/file/magic/animation, 785: Warning: Current entry does not yet have a description for adding a MIME type /usr/share/file/magic/animation, 787: Warning: Current entry does not yet have a description for adding a MIME [...] /usr/share/file/magic/xwindows, 34: Warning: Printf format `h' is not valid for type `leshort' in description `version %hd' /usr/share/file/magic/xwindows, 35: Warning: Printf format `h' is not valid for type `leshort' in description `.%hd' 30/8/2014 -- 20:07:45 - <Error> - [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: File 5.19 supports only version 12 magic files. `/usr/share/file/magic.mgc' is version 7
Changed 10 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata.diff added |
---|
Update from 2.0.4 to 2.0.7
Changed 10 years ago by Schamschula (Marius Schamschula)
Attachment: | patch-src-output-json.h.diff added |
---|
comment:11 Changed 10 years ago by Schamschula (Marius Schamschula)
Updated suricata to version 2.0.7. A number of patches have been included upstream, but a new patch is needed to build output-json.c.
Changed 10 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata.2.diff added |
---|
Update post-destroot
comment:12 Changed 10 years ago by Schamschula (Marius Schamschula)
Copy a few more rules and files and a config file in post-destroot.
comment:13 follow-up: 14 Changed 10 years ago by jul_bsd@…
I merged your changes for 2.1.7 but
- not sure you want rules files directly in etc, especially as from a security point of view, you will not use default set but other like EmergingThreats (that you can download w oinkmaster) and it includes them
- the jansson header was already added in common.h but an update was needed
- strlcat/copy patch included by upstream and not needed anymore
- destroot/install is fine
but at configuration check, still have
# suricata -c /opt/local/etc/suricata/suricata.yaml -T 2>&1 |grep -v Warning 10/3/2015 -- 19:37:19 - <Info> - Running suricata under test mode 10/3/2015 -- 19:37:19 - <Notice> - This is Suricata version 2.0.7 RELEASE 10/3/2015 -- 19:37:19 - <Error> - [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: File 5.22 supports only version 12 magic files. `/usr/share/file/magic.mgc' is version 7
which I referenced here https://redmine.openinfosecfoundation.org/issues/1268
did you met this issue? solved it?
Thanks
Changed 10 years ago by jul_bsd@…
Attachment: | patch-src-suricata-common.h.diff added |
---|
Changed 10 years ago by jul_bsd@…
Changed 10 years ago by jul_bsd@…
Attachment: | oinkmaster-suricata.2.conf added |
---|
Changed 10 years ago by jul_bsd@…
Attachment: | mp-suricata.conf added |
---|
comment:14 Changed 10 years ago by Schamschula (Marius Schamschula)
Replying to jul_bsd@…:
I merged your changes for 2.1.7 but
- not sure you want rules files directly in etc, especially as from a security point of view, you will not use default set but other like EmergingThreats (that you can download w oinkmaster) and it includes them
- the jansson header was already added in common.h but an update was needed
- strlcat/copy patch included by upstream and not needed anymore
- destroot/install is fine
but at configuration check, still have
# suricata -c /opt/local/etc/suricata/suricata.yaml -T 2>&1 |grep -v Warning 10/3/2015 -- 19:37:19 - <Info> - Running suricata under test mode 10/3/2015 -- 19:37:19 - <Notice> - This is Suricata version 2.0.7 RELEASE 10/3/2015 -- 19:37:19 - <Error> - [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: File 5.22 supports only version 12 magic files. `/usr/share/file/magic.mgc' is version 7which I referenced here https://redmine.openinfosecfoundation.org/issues/1268
did you met this issue? solved it?
Thanks
As you noted, the changes here are not enough to get things working.
1) There currently is no oinkmaster port, so I downloaded it and put the perl script into ~/bin
2) I manually edited a few more things:
Make sure that logging to file is enabled in /opt/local/etc/suricata/suricata.yaml
- file: enabled: yes filename: /opt/local/var/log/suricata/suricata.log
also use MacPort's libmagic:
#magic-file: /opt/local/share/misc/magic magic-file: /usr/share/file/magic
to
magic-file: /opt/local/share/misc/magic #magic-file: /usr/share/file/magic
comment:15 follow-up: 17 Changed 9 years ago by mkae (Marko Käning)
What's the status of this? Stable is by now at 2.0.8...
comment:17 Changed 9 years ago by Schamschula (Marius Schamschula)
Replying to mk@…:
What's the status of this? Stable is by now at 2.0.8 and devel at 2.1beta4.
As this port has not been officially added, I don't run livecheck on it. I just updated my local Portfile to version 2.0.8. It built w/o any problems. My notes from comment:14 still apply.
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-2.0.8.diff added |
---|
comment:18 follow-up: 19 Changed 9 years ago by mkae (Marko Käning)
There is no port oinkmaster
up to now and you copied its perl code into your ~/bin
!?
But org.macports.oinkmaster-suricata.plist seems to assume it being installed below the MacPorts prefix. Obviously I am missing something here.
What about the SC_ERR_MAGIC_LOAD error? Is that fixed?
comment:19 Changed 9 years ago by Schamschula (Marius Schamschula)
Replying to mk@…:
There is no port
oinkmaster
up to now and you copied its perl code into your~/bin
!?
oinkmaster
is just a perl script. I put it in ~/bin
to keep it out of the /usr
and the /opt
trees. Needless to say, once there is a port it will be in /opt/local/bin
But org.macports.oinkmaster-suricata.plist seems to assume it being installed below the MacPorts prefix. Obviously I am missing something here.
There is not such a thing (yet). At least it didn't get installed on my machines.
What about the SC_ERR_MAGIC_LOAD error? Is that fixed?
I don't see that issue with 2.0.7 or 2.0.8. I've got File 5.23. I just ran the 'test' mode and saw no errors.
comment:20 follow-up: 22 Changed 9 years ago by mkae (Marko Käning)
So, it is only missing port oinkmaster
which prevents publishing this port? (Ping.)
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-2.0.9.diff added |
---|
comment:21 Changed 9 years ago by Schamschula (Marius Schamschula)
Updated to suricata 2.0.9:
- stream: retransmission not detected (2.0.x)
- Segmentation Fault at detect-engine-content-inspection.c:438
- defrag: evasion issue
- last_ack update issue leading to stream gaps (2.0.x)
- 2.0.x backport: Leading whitespace in flowbits variable names
- http_host payload validation erroring on uppercase PCRE metacharacters
- 2.0.x backport: Add HUP coverage to output json-log
- 2.0.x: address var parsing issue
- stream_size <= and >= modifiers function as < and > (equality is not functional) (2.0.x)
- Update bundled libhtp to 0.5.18
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-oinkmaster.diff added |
---|
comment:22 Changed 9 years ago by Schamschula (Marius Schamschula)
comment:23 Changed 9 years ago by jul_bsd@…
Hello
Sorry for the delayed answer. not much time for those in past months. oinkmaster port was part of the past submissions (#42859). never committed though.
Need to merge mschamschula@ work. also with brew formula (https://github.com/Homebrew/homebrew/blob/master/Library/Formula/suricata.rb). Magic issue seems fixed with a config change
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-2.0.10.diff added |
---|
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-2.0.11.diff added |
---|
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-3.0.diff added |
---|
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | patch-src-output-json.h-3.0.diff added |
---|
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | patch-src-output-json-alert.h.diff added |
---|
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | patch-src-util-debug.c.diff added |
---|
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | patch-src-util-profiling-rules.c.diff added |
---|
comment:26 Changed 9 years ago by Schamschula (Marius Schamschula)
Updated suricata-devel to the current "stable" branch, which is currently at version 3.0.
Fixed livecheck.
Changed 9 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-suricata-3.0.1.diff added |
---|
comment:27 Changed 9 years ago by Schamschula (Marius Schamschula)
Updated suricata-devel to version 3.0.1.
comment:28 Changed 7 years ago by Schamschula (Marius Schamschula)
I've stopped posting updates here. See
https://github.com/Schamschula/macports/tree/master/net/suricata
for the current version.