Ticket #42531: Portfile-snort.diff

Portfile

@@ +1 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
 # $Id: Portfile 125738 2014-09-25 14:43:03Z mf2k@macports.org $
 
 PortSystem 1.0
 
 name             snort
-version          2.9.1.2
+version          2.9.6.2
 categories       net
 maintainers      nomaintainer
 license          GPL-2
@@ -17 +18 @@
     attacks, SMB probes, OS fingerprinting attempts, and much more.
 homepage         http://www.snort.org/
 platforms        darwin freebsd
-master_sites     ${homepage}dl/snort-current/
+master_sites     ${homepage}/downloads/snort/
 
-checksums        rmd160  a28ebd59df80884e1554fb75a4279e97b1dd8b32 \
-                 sha256  eac98be8138f9debdcc8f77061dab1950e88fa40c18311ddbab0a329852375f5
+checksums           rmd160  3c98ec1464e969a78207b85466f95a40d1021764 \
+                    sha256  8e1d7fc5e1523a786d845ca0102cc474abfcebfcc7e964a1653680034b5b5d77
 
 depends_lib      port:daq
 
-startupitem.create  yes
-startupitem.start   "${prefix}/share/${name}/snort.sh"
-startupitem.stop    "/bin/kill \$(cat /var/run/snort_*.pid)"
+patchfiles       patch-src-strlcatu.h.diff patch-src-strlcpyu.h.diff
 
-variant mysql5 description {mysql 5 support} {
-    depends_lib-append    path:bin/mysql_config5:mysql5
-    configure.args-append   --with-mysql-includes=${prefix}/include/mysql5/mysql \
-                            --with-mysql-libraries=${prefix}/lib/mysql5/mysql
-}
+add_users snort group=snort home=${prefix}/var/snort shell=/sbin/nologin realname=Snort\ user
 
-variant mysql4 description {mysql 4 support} {
-    depends_lib-append    port:mysql4
-    configure.args-append --with-mysql=${prefix}
-}
 
+set if en1
+startupitem.create  yes
+startupitem.executable ${prefix}/bin/${name} -i ${if} -c ${prefix}/etc/snort/snort.conf -l ${prefix}/var/log/snort -u snort -g snort --pid-path ${prefix}/var/run
+startupitem.pidfile "${prefix}/var/run/snort_${if}.pid"
+#startupitem.start   "${prefix}/share/${name}/snort.sh"
+#startupitem.stop    "/bin/kill \$(cat ${prefix}/var/run/snort_*.pid)"
+
+destroot.asroot     yes
 post-destroot {
 # Copy the Snort database schemas
-    xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
-    eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
+#    xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
+#    eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
 
 # Copy Snort's etc/ files
     xinstall -d -m 755 ${destroot}${prefix}/etc/${name}
     eval xinstall [glob ${worksrcpath}/etc/*.map] ${destroot}${prefix}/etc/${name}
     eval xinstall [glob ${worksrcpath}/etc/*.conf*] ${destroot}${prefix}/etc/${name}
-    file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/etc/${name}/snort.conf.dist
+    xinstall -d -m 755 ${destroot}${prefix}/share/examples/${name}
+    file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
 
 # fix snort.conf.dist
-    reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/etc/${name}/snort.conf.dist
+    reinplace "s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g" ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
 
+    xinstall -d ${destroot}${prefix}/share/${name}
     xinstall -m 755 ${filespath}/snort.sh \
         ${destroot}${prefix}/share/${name}/snort.sh
     reinplace "s|__PREFIX__|${prefix}|g" \
         ${destroot}${prefix}/share/${name}/snort.sh
+
+    xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules
+    destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules
+    reinplace "s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|" \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace "s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|" \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    xinstall -d ${destroot}${prefix}/etc/snort/rules
+    destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules
+    reinplace "s|var RULE_PATH ../rules|var RULE_PATH /rules|" \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    xinstall -d -o snort ${destroot}${prefix}/var/log/snort
+    destroot.keepdirs-append ${destroot}${prefix}/var/log/snort
+}
+
+post-activate {
+    if ![file exists ${prefix}/etc/snort/snort.conf ] {
+        copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf
+    }
 }
 
 notes "
             ***** File locations *****
 
 The Snort database schemas -> ${prefix}/share/${name}/schemas
-The snort.conf sample file -> ${prefix}/etc/${name}/snort.conf.dist (copy to snort.conf)
+The snort.conf sample file -> ${prefix}/share/examples/${name}/snort.conf.dist
+If it doesn't exist before, the sample config is copied to ${prefix}/etc/snort.conf
 
 NOTE: Make sure you do not change the location of the snort.conf file\
 or the startup scripts will not be able to find it.
+
+Please download rules from https://www.snort.org/snort-rules/#rules either
+manually or with oinkmaster.
+
+Change at least your HOME_NET in snort.conf and Validate your config with
+    $ snort -T -c ${prefix}/etc/snort/snort.conf
+
+By default snort.sh is configured to listen only on en0 interface.
+If you want to listen multiple interface, you need to start one snort
+instance per interface (or bond them)
+
+    $ grep 'Snort rules read' /var/log/system.log
+    $ egrep '^output' ${prefix}/etc/snort/snort.conf
+If you get empty touched logs, try also to set:
+    ipvar EXTERNAL_NET !\$HOME_NET
+instead of any
+
+You can test that snort is functionning by using those tool:
+ftp http://\$EXTERNAL_HOST/cmd.exe
+ftp http://lteo.net/cmd.exe
+http://testmyids.com
+nmap, IDSWakeup, pytbull, metasploit
+
+To use blacklist/whitelist, see
+http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/
+http://systemnoise.com/wordpress/?p=89
+http://labs.snort.org/iplists/
+
 "
 
+if {![variant_isset mysql5] && ![variant_isset mysql51] && ![variant_isset mysql55] && ![variant_isset mariadb] && ![variant_isset percona] && ![variant_isset mysql4] } {
+    default_variants +mysql56
+}
+
+variant mysql4 \
+    conflicts mysql5 mysql51 mysql55 mysql56 mariadb percona \
+    description "Enable MySQL 4 support" {
+
+    depends_lib-append          port:mysql4
+    configure.args-append       --with-mysql=${prefix}
+}
+
+variant mysql5 \
+    conflicts mysql4 mysql51 mysql55 mysql56 mariadb percona \
+    description "Enable MySQL 5.1 support" {
+
+    depends_lib-append          port:mysql5
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql5/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql5/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql5/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql5/mysql"
+}
+
+variant mysql51 \
+    conflicts mysql4 mysql5 mysql55 mysql56 mariadb percona \
+    description "Enable MySQL 5.1 support" {
+
+    depends_lib-append          port:mysql51
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql51/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql51/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql51/mysql"
+}
+
+variant mysql55 \
+    conflicts mysql4 mysql5 mysql51 mysql56 mariadb percona \
+    description "Enable MySQL 5.5 support" {
+
+    depends_lib-append          port:mysql55
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql55/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql55/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql55/mysql"
+}
+
+variant mysql56 \
+    conflicts mysql4 mysql5 mysql51 mysql55 mariadb percona \
+    description "Enable MySQL 5.6 support" {
+
+    depends_lib-append          port:mysql56
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql56/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql56/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mysql56/mysql"
+}
+
+variant mariadb \
+    conflicts mysql4 mysql5 mysql51 mysql55 mysql56 percona \
+    description "Enable MariaDB (MySQL) support" {
+
+    depends_lib-append          port:mariadb
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mariadb/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mariadb/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/mariadb/mysql"
+}
+
+variant percona \
+    conflicts mysql4 mysql5 mysql51 mysql55 mysql56 mariadb \
+    description "Enable Percona (MySQL) support" {
+    depends_lib-append          port:percona
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/percona/mysql \
+                            --with-mysql-libraries=${prefix}/lib/percona/mysql
+    configure.env               CFLAGS="-L${prefix}/lib/percona/mysql"
+}
+
 livecheck.type      regex
-livecheck.url       ${homepage}snort-downloads
+livecheck.url       ${homepage}/downloads
 livecheck.regex     >${name}-(\[0-9.\]+)${extract.suffix}<