# Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.6.ebuild,v 1.3 2010/07/19 21:39:10 maekke Exp $ EAPI="2" inherit eutils autotools multilib DESCRIPTION="The de facto standard for intrusion detection/prevention" HOMEPAGE="http://www.snort.org/" SRC_URI="http://www.snort.org/downloads/269 -> ${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86" IUSE="static dynamicplugin ipv6 zlib gre mpls targetbased decoder-preprocessor-rules ppm perfprofiling linux-smp-stats inline-init-failopen prelude threads debug active-response normalizer reload reload-error-restart react flexresp3 aruba mysql odbc postgres selinux" DEPEND=">=net-libs/libpcap-1.0.0 net-libs/daq >=dev-libs/libpcre-6.0 dev-libs/libdnet postgres? ( dev-db/postgresql-base ) mysql? ( virtual/mysql ) odbc? ( dev-db/unixODBC ) prelude? ( >=dev-libs/libprelude-0.9.0 ) zlib? ( sys-libs/zlib )" RDEPEND="${DEPEND} dev-lang/perl selinux? ( sec-policy/selinux-snort )" pkg_setup() { if use reload-error-restart && ! use reload; then eerror eerror "You have enabled the 'reload-error-restart' USE flag" eerror "but not the 'reload' USE flag." eerror "'reload-error-restart' requires 'reload' be enabled." eerror eerror die fi if use zlib && ! use dynamicplugin; then eerror eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag." eerror "'zlib' requires 'dynamicplugin' be enabled." eerror eerror die fi # pre_inst() is a better place to put this # but we need it here for the 'fowners' statements in src_install() enewgroup snort enewuser snort -1 -1 /dev/null snort } src_unpack() { unpack ${A} cd "${S}" } src_prepare() { # Fix to prevent the docs Makefile from being used. # Fixes #297190. einfo "Applying documentation fix." sed -i -e 's:src doc etc:src etc:g' \ "${WORKDIR}/${P}/Makefile.am" || die "Doc fix Failed" #Multilib fix for the sf_engine einfo "Applying multilib fix." sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ || die "sed for sf_engine failed" #Multilib fix for the curent set of dynamic-preprocessors for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf; do sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ || die "sed for $i failed." done if use prelude; then einfo "Applying prelude fix." sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in fi AT_M4DIR=m4 eautoreconf } src_configure() { local myconf econf \ $(use_enable !static shared) \ $(use_enable static) \ $(use_enable dynamicplugin) \ $(use_enable ipv6) \ $(use_enable zlib) \ $(use_enable gre) \ $(use_enable mpls) \ $(use_enable targetbased) \ $(use_enable decoder-preprocessor-rules) \ $(use_enable ppm) \ $(use_enable perfprofiling) \ $(use_enable linux-smp-stats) \ $(use_enable inline-init-failopen) \ $(use_enable prelude) \ $(use_enable threads pthread) \ $(use_enable debug) \ $(use_enable debug debug-msgs) \ $(use_enable debug corefiles) \ $(use_enable active-response) \ $(use_enable normalizer) \ $(use_enable reload) \ $(use_enable reload-error-restart) \ $(use_enable react) \ $(use_enable flexresp3) \ $(use_enable aruba) \ $(use_with mysql) \ $(use_with odbc) \ $(use_with postgres postgresql) \ --disable-build-dynamic-examples \ --disable-profile \ --disable-ppm-test \ --disable-dlclose \ --disable-intel-soft-cpm \ --disable-static-daq \ --without-oracle \ ${myconf} } src_compile() { emake || die "make failed" } src_install() { emake DESTDIR="${D}" install || die "make install failed" keepdir /var/log/snort/ fowners snort:snort /var/log/snort keepdir /var/run/snort/ fowners snort:snort /var/run/snort/ dodoc ./doc/* dodoc ./RELEASE.NOTES dodoc ./tools/u2boat/README.u2boat docinto schemas dodoc ./schemas/* rm -rf "${D}"usr/share/doc/snort/ rm "${D}"usr/share/doc/"${P}"/Makefile rm "${D}"usr/share/doc/"${P}"/Makefile.* rm "${D}"usr/share/doc/"${P}"/schemas/Makefile rm "${D}"usr/share/doc/"${P}"/schemas/Makefile.* insinto /etc/snort doins etc/attribute_table.dtd \ etc/classification.config \ etc/gen-msg.map \ etc/reference.config \ etc/threshold.conf \ etc/unicode.map \ || die "Failed to add files in /etc/snort" newins etc/snort.conf snort.conf.distrib insinto /etc/snort/preproc_rules doins preproc_rules/decoder.rules \ preproc_rules/preprocessor.rules \ || die "Failed to add files in /etc/snort/preproc_rules" keepdir /etc/snort/rules/ keepdir /usr/$(get_libdir)/snort_dynamicrules fowners -R snort:snort /etc/snort/ if use reload; then newinitd "${FILESDIR}/snort.reload.rc1" snort \ || die "Failed to add snort.reload.rc1" else newinitd "${FILESDIR}/snort.rc9" snort || die "Failed to add snort.rc9" fi newconfd "${FILESDIR}/snort.confd" snort || die "Failed to add snort.confd" # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \ "${D}etc/snort/snort.conf.distrib" #Set the correct rule location in the config sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \ "${D}etc/snort/snort.conf.distrib" #Set the correct preprocessor/decoder rule location in the config sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \ "${D}etc/snort/snort.conf.distrib" #Enable the preprocessor/decoder rules sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \ "${D}etc/snort/snort.conf.distrib" sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \ "${D}etc/snort/snort.conf.distrib" #Just some clean up of trailing /'s in the config sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \ "${D}etc/snort/snort.conf.distrib" #Make it clear in the config where these are... sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \ "${D}etc/snort/snort.conf.distrib" sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \ "${D}etc/snort/snort.conf.distrib" #Disable all rule files by default. #Users need to choose what they want enabled. sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \ "${D}etc/snort/snort.conf.distrib" } pkg_postinst() { einfo einfo "Snort is a libpcap based packet capture tool which can be used in" einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion" einfo "Detection/Prevention System Mode." einfo einfo "To learn more about these modes review the Snort User Manual at..." einfo einfo "http://www.snort.org/docs/" einfo einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for" einfo "information on configuring snort." einfo einfo "Joining the Snort-Users and Snort-Sigs mailing list is highly" einfo "recommended for all users..." einfo einfo "http://www.snort.org/community/mailing-lists/" einfo einfo "To download rules for use with Snort please, see the following" einfo einfo "Sourcefire's VRT Rules and older Community Rules:" einfo "http://www.snort.org/pub-bin/downloads.cgi" einfo einfo "Emerging Threats Rules:" einfo "http://www.emergingthreats.net/" einfo einfo "To manage updates to your rules please visit..." einfo einfo "http://code.google.com/p/pulledpork/" einfo elog elog "Shared Object (SO) rules and registered (non-subscription) rule users:" elog elog "Please note, you can not use ${PF} with the SO rules from" elog "previous versions of Snort!" elog elog "If you do not have a subscription to the VRT rule set and you wish to" elog "continue using SO rules, you will need to downgrade Snort. The SO" elog "rules will be made available to registered (non-subscription) users" elog "on Nov. 05, 2010 (30 days after being released to subscription users)." elog elog "Please see http://www.snort.org/snort-rules/#rules for more details." elog elog "Snort Release Notes:" elog "http://www.snort.org/snort-downloads" elog elog "!!! A lot has changed in Snort-2.9 !!!" elog elog "1) Flexresp and Flexresp2 (and their USE flags) have been removed" elog " and replaced with Flexresp3." elog "2) The 'timestats' USE flag is no longer needed and has been" elog " removed." elog "3) The 'inline' USE flag has been removed (See DAQ info below)." elog "4) The DCRPC preprocessor has been removed and replaced with" elog " DCRPC2. Remember to update your snort.conf accordingly." elog elog "5) Data Acquisition Library (DAQ):" elog elog "Snort 2.9 introduces the DAQ, or Data Acquisition library, for" elog "packet I/O. The DAQ replaces direct calls to PCAP functions with" elog "an abstraction layer that facilitates operation on a variety of" elog "hardware and software interfaces without requiring changes to Snort." elog elog "The only DAQ modules supported with this ebuild are AFpacket, PCAP," elog "and Dump. IPQ nad NFQ will be supported in future versions of this" elog "package." elog elog "For passive (non-inline) Snort deployments you will want to use" elog "either PCAP or AFpacket. For inline deployments you will need" elog "to use AFpacket. The Dump DAQ is used for testing the various inline" elog "features available in Snort 2.9." elog elog "The core DQA libraries are installed in /usr/$(get_libdir)/. The libraries" elog "for the individual DAQ modules (afpacket,pcap,dump) are installed in" elog "/usr/$(get_libdir)/daq. To use these you will need to add the following" elog "lines to your snort.conf:" elog elog "config daq: " elog "config daq_mode: " elog "config daq_dir: /usr/$(get_libdir)/daq" elog elog "Please see the README file for DAQ for information about specific" elog "DAQ modules and README.daq from the Snort 2.9 documentation" elog "reguarding Snort and DAQ configuration information." elog }