net/snort: missing rules files from default snort.conf

[pixilla (Bradley Giesbrecht)]

$ snort -T -c /opt/local/etc/snort/snort.conf 2>&1 | tail -n3
ERROR: /opt/local/etc/snort//rules/local.rules(0) Unable to open rules file "/opt/local/etc/snort//rules/local.rules": No such file or directory.

Fatal Error, Quitting..

[jul_bsd@…]

Hello Pixilla,

in the 'port notes' is said: "Please download rules from ​https://www.snort.org/snort-rules/#rules either manually or with oinkmaster."

oinkmaster has not been commited for now (Ticket #42859) so need to download it manually or do that with the rules.

Maybe the above line need more highlight.

Also the link changed. it is ​https://www.snort.org/downloads/#rule-downloads now Problem is snort has 3 sets

• unregistered user/community rules
• registered user
• paid user

the first one is pretty outdated but is still kept by debian package for the sake of usability. But as it's a security software, in a same way than an AV, it's pretty useless with outdated rules.

I would prefer to leave user make its choice and if possible use registered set. In Oinkmaster port, I pinpoint on other sets like EmergingThreats or BleedingSnort

Also for this rules file, an alternative would be just touching file in post-activate, but need also white and black_list.rules and change path.

tentative patch joined

[pixilla (Bradley Giesbrecht)]

In general it would be good if this port could install snort with a working configuration file. Would it be a terrible idea to remove or comment the lines in the example conf that point to non-existent files?

[jul_bsd@…]

touching file or commenting lines is our choice. Those are not part of rules set and both are equivalent. I went with touch.

[mf2k (Frank Schima)]

r151665