# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 # $Id$ PortSystem 1.0 name oinkmaster version 2.0 categories-append security net platforms darwin maintainers yahoo.fr:jul_bsd openmaintainer license BSD description help you keep your Snort signatures current long_description ${description} homepage http://oinkmaster.sourceforge.net/ master_sites sourceforge checksums md5 d2a1b56f51cf40e919c63206ca4ec8f8 \ rmd160 a3292cfc2e6b175008a7172be5809ca6e2fc85b7 \ sha256 3d52f0426aa7c81b122cef22b80d708d8bb8337537e48754a065804f46c46162 depends_run port:perl5.16 port:snort use_configure no build {} post-configure { addgroup oinkmaster add_users oinkmaster gid=[existsgroup oinkmaster] home=/var/empty shell=/sbin/nologin realname=oinkmaster\ user } ### trying to do without install.sh: OK destroot { xinstall -m 755 ${worksrcpath}/oinkmaster.pl ${destroot}${prefix}/bin/ ## FIXME! "Error: reinplace: sed: RE error: illegal byte sequence" #reinplace "s|/usr/bin/perl -w|${prefix}/bin/perl5.16 -w|g" ${destroot}${prefix}/bin/oinkmaster.pl xinstall -d ${destroot}${prefix}/share/examples/${name} xinstall ${worksrcpath}/oinkmaster.conf ${destroot}${prefix}/share/examples/${name}/ reinplace "s|path = /bin:/usr/bin:/usr/local/bin|path = /bin:/usr/bin:/usr/local/bin:${prefix}/bin|g" \ ${destroot}${prefix}/share/examples/${name}/oinkmaster.conf xinstall -d -m 755 ${destroot}${prefix}/share/examples/${name}/contrib xinstall ${worksrcpath}/contrib/README.contrib ${destroot}${prefix}/share/examples/${name}/contrib/ foreach f { addmsg.pl addsid.pl create-sidmap.pl makesidex.pl oinkgui.pl } { xinstall -m 755 ${worksrcpath}/contrib/${f} ${destroot}${prefix}/share/examples/${name}/contrib/ } xinstall -d ${destroot}${prefix}/share/doc/${name} copy ${worksrcpath}/README ${destroot}${prefix}/share/doc/${name}/ copy ${worksrcpath}/FAQ ${destroot}${prefix}/share/doc/${name}/ xinstall -d ${destroot}${prefix}/share/man/man1 xinstall ${worksrcpath}/oinkmaster.1 ${destroot}${prefix}/share/man/man1/ xinstall -d ${destroot}${prefix}/libexec/${name} xinstall -m 0755 ${filespath}/oinkmaster-run.sh ${destroot}${prefix}/libexec/${name}/ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/libexec/${name}/oinkmaster-run.sh xinstall -d ${destroot}${prefix}/Library/LaunchDaemons/ copy ${filespath}/org.macports.oinkmaster.plist ${destroot}${prefix}/Library/LaunchDaemons/ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.oinkmaster.plist xinstall -d -u oinkmaster ${destroot}${prefix}/var/log/${name} destroot.keepdirs ${destroot}${prefix}/var/log/${name} } post-activate { if ![file exists ${prefix}/etc/oinkmaster.conf ] { copy ${prefix}/share/examples/${name}/oinkmaster.conf ${prefix}/etc/ } } notes " *** To finish oinkmaster install *** 1) If not existing, a default config has been copied in ${prefix}/etc/oinkmaster.conf Edit and adapt to your setup You need to register on snort to get latest rules http://www.snort.org/snort-rules/ and get the corresponding oinkcode to report in oinkmaster.conf Some free sets: url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz url = http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz and also: http://rules.emergingthreats.net/blockrules/emerging-rbn.rules http://mtc.sri.com/live_data/signatures/ 2) A user oinkmaster has been created to run the script. In order to modify snort rules # chown -R oinkmaster ${prefix}/etc/snort/rules # install -d -o oinkmaster -m 755 ${prefix}/etc/snort/backup If you are using the joined oinkmaster-run.sh script, you also need those # install -d -o oinkmaster -m 755 ${prefix}/etc/snort/community # install -d -o oinkmaster -m 755 ${prefix}/etc/snort/backup.community # install -d -o oinkmaster -m 755 ${prefix}/etc/snort/ET # install -d -o oinkmaster -m 755 ${prefix}/etc/snort/backup.ET 3) Test script $ sudo -u oinkmaster ${prefix}/bin/oinkmaster.pl -o ${prefix}/etc/snort/rules -C ${prefix}/etc/oinkmaster.conf 4) Scheduled task: a default file has been created as ${prefix}/libexec/${name}/oinkmaster-run.sh ${prefix}/Library/LaunchDaemons/org.macports.${name}.plist Check if it fit you and start it like # ln -s ${prefix}/Library/LaunchDaemons/org.macports.${name}.plist /Library/LaunchDaemons/ # launchctl load -w /Library/LaunchDaemons/org.macports.${name}.plist The provided task is using rules from oinkmaster.conf (most probably VRT registered) and additional free community rules and emergingthreats. " livecheck.type regex livecheck.url ${homepage}/download.shtml livecheck.regex "Latest release is (\\d+(?:\\.\\d+)*)"