Attachment 102138 Details for Bug 155168 – snort-2.6.0.2.ebuild

snort-2.6.0.2.ebuild

snort-2.6.0.2.ebuild (text/plain), 7.29 KB, created by Jason Wallace on 2006-11-16 11:18:07 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Wallace

Created: 2006-11-16 11:18:07 UTC

Size: 7.29 KB

patch

obsolete

># Copyright 1999-2006 Gentoo Foundation
># Distributed under the terms of the GNU General Public License v2
># $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.6.0.ebuild,v 1.4 2006/10/31 19:58:42 jokey Exp $
>
>WANT_AUTOCONF="latest"
>WANT_AUTOMAKE="latest"
>inherit eutils flag-o-matic autotools
>
>DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS"
>HOMEPAGE="http://www.snort.org/"
>SRC_URI="http://www.snort.org/dl/current/${P}.tar.gz
>    mirror://gentoo/snort-2.6.0-genpatches.tar.bz2
>	http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
>	http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
>	snortsam? ( mirror://gentoo/snortsam-20050110.tar.gz )"
>
>LICENSE="GPL-2"
>SLOT="0"
>KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86"
>IUSE="dynamicplugin flexresp flexresp2 inline linux-smp-stats mysql odbc perfprofiling 
>postgres prelude react selinux sguil snortsam timestats"
>
>DEPEND="virtual/libc
>	>=dev-libs/libpcre-4.2-r1
>	virtual/libpcap
>	flexresp? ( ~net-libs/libnet-1.0.2a )
>	flexresp2? ( dev-libs/libdnet )
>	react? ( ~net-libs/libnet-1.0.2a )
>	postgres? ( || ( dev-db/postgresql dev-db/libpq ) )
>	mysql? ( dev-db/mysql )
>	prelude? ( >=dev-libs/libprelude-0.9.0 )
>	odbc? ( dev-db/unixODBC )
>	>=sys-devel/libtool-1.4
>	inline? ( 
>		~net-libs/libnet-1.0.2a
>		net-firewall/iptables
>		)"
>
>RDEPEND="${DEPEND}
>	dev-lang/perl
>	selinux? ( sec-policy/selinux-snort )
>	snortsam? ( net-analyzer/snortsam )"
>
>pkg_setup() {
>	enewgroup snort
>	enewuser snort -1 -1 /dev/null snort
>}
>
>src_unpack() {
>	unpack ${A}
>	cd "${S}"
>
>	if use flexresp || use inline || use react ; then
>		epatch "${WORKDIR}/2.6.0-libnet-1.0.patch"
>	fi
>
>	sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \
>		etc/snort.conf
>
>	if use prelude ; then
>		sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in
>	fi
>
># Removed based on the following...
>#
># "Both of those patches are optional. The stream4 one has been
># depreciated for sancp. You can use the sfportscan processor in snort
># 2.6 for now. I'll put a new spp_portscan patch out for the next Sguil
># release."
>#
># Bammkkkk
>#
># http://article.gmane.org/gmane.comp.security.sguil.general/942
>#
># SGUIL needs to catch up with snort 2.6.x. People that want to use
># sguil and snort should use snort 2.4.5
>#
>#	if use sguil ; then
>#		epatch "${WORKDIR}/spp_portscan_sguil.patch"
>#		epatch "${WORKDIR}/spp_stream4_sguil.patch"
>#	fi
>
>	if use snortsam ; then
>		cd ..
>		einfo "Applying snortsam patch"
>		./patchsnort.sh "${S}" || die "snortsam patch failed"
>		cd "${S}"
>	fi
>
>	if use snortsam && !(grep -E 'PLUGIN_FWSAM,' \
>	${WORKDIR}/snort-2.6.0.2/src/plugin_enum.h) ; then
>		einfo "Applying snortsam snortpatch9 workaround"
>		cd "${WORKDIR}/snort-2.6.0.2/src/"
>		sed -i "s:PLUGIN_FWSAM:PLUGIN_FWSAM,:" plugin_enum.h \
>		|| die "snortsam patch workaround failed"
>		cd "${S}";
>	else
>		einfo "plugin_enum.h looks correct!"
>		cd "${S}";
>	fi
>	
>	einfo "Regenerating autoconf/automake files"
>	AT_M4DIR=m4 eautoreconf
>}
>
>src_compile() {
>	local myconf
>
>	if use inline ; then
>		myconf="${myconf} --enable-inline --with-libipq-includes=/usr/include/libipq" ;
>	else 
>		myconf="${myconf} --disable-inline"
>	fi
>
>	if use flexresp && use flexresp2 ; then
>		ewarn 
>		ewarn "You have both the 'flexresp' and 'flexresp2' USE"
>		ewarn "flags set. You can use 'flexresp' or 'flexresp2'"
>		ewarn "but not both."
>		ewarn
>		ewarn "Defaulting to flexresp2..."
>		sleep 10
>		myconf="${myconf} --enable-flexresp2"
>		
>	# There is no --disable-flexresp, cannot use use_enable	
>	elif use flexresp ; then
>		myconf="${myconf} --enable-flexresp"
>
>	# There is no --disable-flexresp2, cannot use use_enable	
>	elif use flexresp2 ; then
>		myconf="${myconf} --enable-flexresp2"
>	fi
>	
>	# There is no --disable-react, cannot use use_enable
>	if use react ; then
>		myconf="${myconf} --enable-react --with-libipq-includes=/usr/include/libipq"
>	fi
>
>	econf \
>		--without-oracle \
>		$(use_enable ipfw) \
>		$(use_enable prelude) \
>		$(use_enable dynamicplugin) \
>		$(use_enable timestats) \
>		$(use_enable perfprofiling) \
>		$(use_enable linux-smp-stats) \
>		$(use_with postgres) \
>		$(use_with mysql) \
>		$(use_with ssl) \
>		$(use_with odbc) \
>		$(use_with sguil) \
>		${myconf}|| die "econf failed"
>
># limit to single as reported by jforman on irc
>	emake -j1 || die "emake failed"
>}
>
>src_install() {
>	make DESTDIR="${D}" install || die "make install failed"
>
>	keepdir /var/log/snort/
>
>	dodoc doc/*
>	dodoc ./RELEASE.NOTES
>	docinto schemas ; dodoc schemas/*
>
>	insinto /etc/snort
>	doins etc/reference.config etc/classification.config \
>		etc/*.map etc/threshold.conf
>	newins etc/snort.conf snort.conf
>
># See comment above...
>#
>#	if use sguil ; then
>#	sed -i -e "/^# output log_unified/s:# ::" \
>#			-e "s:snort.log:snort_unified.log:" \
>#		"${D}/etc/snort/snort.conf" || die "sed failed"
>#	fi
>#
># I have no idea why this is here...
>#	newinitd "${FILESDIR}/snort.rc7" snort
>#	newconfd "${FILESDIR}/snort.confd" snort
>#
># More SGUIL stuff
>#
>#	if use sguil ; then
>#		sed -i -e "s:/var/log/snort:/var/lib/sguil/$(hostname):" \
>#		-e "/^SNORT_OPTS/s%-u snort%-m 122 -u sguil -g sguil -A none%" \
>#			"${D}/etc/conf.d/snort" || die "sed failed"
>#	fi
>
>	fowners snort:snort /var/log/snort
>	fperms 0770 /var/log/snort
>
>	# install rules
>	dodir /etc/snort/rules
>	mv "${WORKDIR}"/rules/* "${D}/etc/snort/rules/"
>}
>
>pkg_postinst() {
>	ewarn
>	ewarn "Users upgrading from snort 2.4.x should take care when updating"
>	ewarn "their snort.conf. A number of significant changes have been"
>	ewarn "have been added to snort 2.6 including the addition of"
>	ewarn "dynamically loadable preprocessors, detection engine and rules."
>	ewarn "Snort 2.6 also includes the addition of performance profiling"
>	ewarn "for rules & preprocessors and uses a new default pattern matcher"
>	ewarn "which provides faster matching at the expense of being very"
>	ewarn "memory intensive."
>	ewarn
>	ewarn "If you find that snort is using too much memory, your system"
>	ewarn "freezes, or snort crashes after a few minutes try adding the"
>	ewarn "following to your snort.conf..."
>	ewarn
>	ewarn "'config detection: search-method ac-sparsebands'"
>	ewarn
>	ewarn "This will provide high pattern matching performance at a much"
>	ewarn "lower cost to memory. For more information on the new features"
>	ewarn "in snort 2.6, please take a look at the release notes located in..."
>	ewarn
>	ewarn "  /usr/share/doc/${PF}/RELEASE.NOTES.gz"
>	ewarn
>	einfo "To use a database as a backend for snort you will have to"
>	einfo "import the correct tables to the database."
>	einfo "You will have to setup a database called snort before doing the"
>	einfo "following..."
>	einfo
>	einfo "  MySQL: zcat /usr/share/doc/${PF}/schemas/create_mysql.gz | mysql -p snort"
>	einfo
>	einfo "  PostgreSQL: import /usr/share/doc/${PF}/schemas/create_postgresql.gz"
>	einfo
>	einfo "  ODBC: look at /usr/share/doc/${PF}/schemas/"
>	einfo
>	einfo "Users using the unified output plugin and barnyard do not need to"
>	einfo "compile database support into snort, but still need to set up their"
>	einfo "database as shown above."
>	einfo
>	ewarn "Only a basic set of rules was installed."
>	ewarn "Please add your other sets of rules to /etc/snort/rules."
>	ewarn "For more information on rules, visit ${HOMEPAGE}."
>	if use sguil ; then
>	einfo
>	einfo
>	einfo "SGUIL needs to catch up with snort 2.6.x. If you plan on using SGUIL"
>	einfo "you should unmerge snort-2.6.0.2 and emerge snort-2.4.5"
>	fi
>
>}

Actions: View

Attachments on bug 155168: 101949 | 101950 | 101951 | 102129 | 102138