<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[130021] trunk/dports/net/snort/Portfile</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="https://trac.macports.org/changeset/130021">130021</a></dd>
<dt>Author</dt> <dd>pixilla@macports.org</dd>
<dt>Date</dt> <dd>2014-12-24 12:49:31 -0800 (Wed, 24 Dec 2014)</dd>
</dl>

<h3>Log Message</h3>
<pre>net/snort:
- Add maintainer jul_bsd.
- Update version to 2.9.7.0.
- Update master_sites.
- Add mysql variants.
- Fix livecheck.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkdportsnetsnortPortfile">trunk/dports/net/snort/Portfile</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkdportsnetsnortPortfile"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/snort/Portfile (130020 => 130021)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/snort/Portfile        2014-12-24 19:23:25 UTC (rev 130020)
+++ trunk/dports/net/snort/Portfile        2014-12-24 20:49:31 UTC (rev 130021)
</span><span class="lines">@@ -1,3 +1,4 @@
</span><ins>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</ins><span class="cx"> # $Id$
</span><span class="cx"> 
</span><span class="cx"> PortSystem 1.0
</span><span class="lines">@@ -3,7 +4,7 @@
</span><span class="cx"> 
</span><span class="cx"> name             snort
</span><del>-version          2.9.1.2
</del><ins>+version          2.9.7.0
</ins><span class="cx"> categories       net
</span><del>-maintainers      nomaintainer
</del><ins>+maintainers      yahoo.fr:jul_bsd openmaintainer
</ins><span class="cx"> license          GPL-2
</span><span class="cx"> description      Open Source Network Intrusion Detection System
</span><span class="lines">@@ -17,61 +18,164 @@
</span><span class="cx">     attacks, SMB probes, OS fingerprinting attempts, and much more.
</span><span class="cx"> homepage         http://www.snort.org/
</span><span class="cx"> platforms        darwin freebsd
</span><del>-master_sites     ${homepage}dl/snort-current/
</del><ins>+master_sites     ${homepage}/downloads/snort/
</ins><span class="cx"> 
</span><del>-checksums        rmd160  a28ebd59df80884e1554fb75a4279e97b1dd8b32 \
-                 sha256  eac98be8138f9debdcc8f77061dab1950e88fa40c18311ddbab0a329852375f5
</del><ins>+checksums           rmd160  fa49f3660db9ad940c4c9394d823bbb7faf625c1 \
+                    sha256  9738afea45d20b7f77997cc00055e7dd70f6aea0101209d87efec4bc4eace49b
</ins><span class="cx"> 
</span><span class="cx"> depends_lib      port:daq
</span><span class="cx"> 
</span><del>-startupitem.create  yes
-startupitem.start   &quot;${prefix}/share/${name}/snort.sh&quot;
-startupitem.stop    &quot;/bin/kill \$(cat /var/run/snort_*.pid)&quot;
</del><ins>+#patchfiles       patch-src-strlcatu.h.diff patch-src-strlcpyu.h.diff
</ins><span class="cx"> 
</span><del>-variant mysql5 description {mysql 5 support} {
-    depends_lib-append    path:bin/mysql_config5:mysql5
-    configure.args-append   --with-mysql-includes=${prefix}/include/mysql5/mysql \
-                            --with-mysql-libraries=${prefix}/lib/mysql5/mysql
-}
</del><ins>+add_users snort group=snort home=${prefix}/var/snort shell=/sbin/nologin realname=Snort\ user
</ins><span class="cx"> 
</span><del>-variant mysql4 description {mysql 4 support} {
-    depends_lib-append    port:mysql4
-    configure.args-append --with-mysql=${prefix}
-}
</del><span class="cx"> 
</span><ins>+set if en1
+startupitem.create  yes
+startupitem.executable ${prefix}/bin/${name} -i ${if} -c ${prefix}/etc/snort/snort.conf -l ${prefix}/var/log/snort -u snort -g snort --pid-path ${prefix}/var/run
+startupitem.pidfile &quot;${prefix}/var/run/snort_${if}.pid&quot;
+#startupitem.start   &quot;${prefix}/share/${name}/snort.sh&quot;
+#startupitem.stop    &quot;/bin/kill \$(cat ${prefix}/var/run/snort_*.pid)&quot;
+
+destroot.asroot     yes
</ins><span class="cx"> post-destroot {
</span><span class="cx"> # Copy the Snort database schemas
</span><del>-    xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
-    eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
</del><ins>+#    xinstall -d -m 755 ${destroot}${prefix}/share/${name}/schemas
+#    eval xinstall -m 755 [glob ${worksrcpath}/schemas/create*] ${destroot}${prefix}/share/${name}/schemas
</ins><span class="cx"> 
</span><span class="cx"> # Copy Snort's etc/ files
</span><span class="cx">     xinstall -d -m 755 ${destroot}${prefix}/etc/${name}
</span><span class="cx">     eval xinstall [glob ${worksrcpath}/etc/*.map] ${destroot}${prefix}/etc/${name}
</span><span class="cx">     eval xinstall [glob ${worksrcpath}/etc/*.conf*] ${destroot}${prefix}/etc/${name}
</span><del>-    file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/etc/${name}/snort.conf.dist
</del><ins>+    xinstall -d -m 755 ${destroot}${prefix}/share/examples/${name}
+    file rename ${destroot}${prefix}/etc/${name}/snort.conf ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
</ins><span class="cx"> 
</span><span class="cx"> # fix snort.conf.dist
</span><del>-    reinplace &quot;s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g&quot; ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace &quot;s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g&quot; ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace &quot;s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g&quot; ${destroot}${prefix}/etc/${name}/snort.conf.dist
-    reinplace &quot;s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g&quot; ${destroot}${prefix}/etc/${name}/snort.conf.dist
</del><ins>+    reinplace &quot;s|dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/|dynamicpreprocessor directory ${prefix}/lib/snort_dynamicpreprocessor/|g&quot; ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace &quot;s|dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|g&quot; ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace &quot;s|dynamicdetection directory /usr/local/lib/snort_dynamicrule/|dynamicdetection directory ${prefix}/lib/snort_dynamicrule/|g&quot; ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace &quot;s|dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so|dynamicdetection file ${prefix}/lib/snort_dynamicrule/libdynamicexamplerule.dylib|g&quot; ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
</ins><span class="cx"> 
</span><ins>+    xinstall -d ${destroot}${prefix}/share/${name}
</ins><span class="cx">     xinstall -m 755 ${filespath}/snort.sh \
</span><span class="cx">         ${destroot}${prefix}/share/${name}/snort.sh
</span><span class="cx">     reinplace &quot;s|__PREFIX__|${prefix}|g&quot; \
</span><span class="cx">         ${destroot}${prefix}/share/${name}/snort.sh
</span><ins>+
+    xinstall -d ${destroot}${prefix}/lib/snort_dynamicrules
+    destroot.keepdirs-append ${destroot}${prefix}/lib/snort_dynamicrules
+    reinplace &quot;s|/usr/local/lib/snort_dynamicrules|${prefix}/lib/snort_dynamicrules|&quot; \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    reinplace &quot;s|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.dylib|dynamicengine ${prefix}/lib/snort_dynamicengine/libsf_engine.so|&quot; \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    xinstall -d ${destroot}${prefix}/etc/snort/rules
+    destroot.keepdirs-append ${destroot}${prefix}/etc/snort/rules
+    reinplace &quot;s|var RULE_PATH ../rules|var RULE_PATH /rules|&quot; \
+        ${destroot}${prefix}/share/examples/${name}/snort.conf.dist
+    xinstall -d -o snort ${destroot}${prefix}/var/log/snort
+    destroot.keepdirs-append ${destroot}${prefix}/var/log/snort
</ins><span class="cx"> }
</span><span class="cx"> 
</span><ins>+post-activate {
+    if ![file exists ${prefix}/etc/snort/snort.conf ] {
+        copy ${prefix}/share/examples/${name}/snort.conf.dist ${prefix}/etc/snort/snort.conf
+    }
+}
+
</ins><span class="cx"> notes &quot;
</span><span class="cx">             ***** File locations *****
</span><span class="cx"> 
</span><span class="cx"> The Snort database schemas -&gt; ${prefix}/share/${name}/schemas
</span><del>-The snort.conf sample file -&gt; ${prefix}/etc/${name}/snort.conf.dist (copy to snort.conf)
</del><ins>+The snort.conf sample file -&gt; ${prefix}/share/examples/${name}/snort.conf.dist
+If it doesn't exist before, the sample config is copied to ${prefix}/etc/snort.conf
</ins><span class="cx"> 
</span><del>-NOTE: Make sure you do not change the location of the snort.conf file\
-or the startup scripts will not be able to find it.
</del><ins>+NOTE: Make sure you do not change the location of the snort.conf file or the startup scripts will not be able to find it.
+
+Please download rules from https://www.snort.org/snort-rules/#rules either manually or with oinkmaster.
+
+Change at least your HOME_NET in snort.conf and Validate your config with
+    $ snort -T -c ${prefix}/etc/snort/snort.conf
+
+By default ${prefix}/share/${name}/snort.sh is configured to listen only on ${if} interface.
+If you want to listen multiple interface, you need to start one snort instance per interface (or bond them)
+
+    $ grep 'Snort rules read' /var/log/system.log
+    $ egrep '^output' ${prefix}/etc/snort/snort.conf
+If you get empty touched logs, try also to set:
+    ipvar EXTERNAL_NET !\$HOME_NET
+instead of any
+
+You can test that snort is functionning by using those tool:
+ftp http://\$EXTERNAL_HOST/cmd.exe
+ftp http://lteo.net/cmd.exe
+http://testmyids.com
+nmap, IDSWakeup, pytbull, metasploit
+
+To use blacklist/whitelist, see
+http://blog.securitymonks.com/2009/07/19/blacklisting-with-snort/
+http://systemnoise.com/wordpress/?p=89
+http://labs.snort.org/iplists/
+
</ins><span class="cx"> &quot;
</span><span class="cx"> 
</span><ins>+if {![variant_isset mysql51] &amp;&amp; ![variant_isset mysql55] &amp;&amp; ![variant_isset mariadb] &amp;&amp; ![variant_isset percona] } {
+    default_variants +mysql56
+}
+
+variant mysql51 \
+    conflicts mysql55 mysql56 mariadb percona \
+    description &quot;Enable MySQL 5.1 support&quot; {
+
+    depends_lib-append          port:mysql51
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql51/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql51/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql51/mysql
+    configure.env               CFLAGS=&quot;-L${prefix}/lib/mysql51/mysql&quot;
+}
+
+variant mysql55 \
+    conflicts mysql51 mysql56 mariadb percona \
+    description &quot;Enable MySQL 5.5 support&quot; {
+
+    depends_lib-append          port:mysql55
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql55/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql55/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql55/mysql
+    configure.env               CFLAGS=&quot;-L${prefix}/lib/mysql55/mysql&quot;
+}
+
+variant mysql56 \
+    conflicts mysql51 mysql55 mariadb percona \
+    description &quot;Enable MySQL 5.6 support&quot; {
+
+    depends_lib-append          port:mysql56
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mysql56/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mysql56/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mysql56/mysql
+    configure.env               CFLAGS=&quot;-L${prefix}/lib/mysql56/mysql&quot;
+}
+
+variant mariadb \
+    conflicts mysql51 mysql55 mysql56 percona \
+    description &quot;Enable MariaDB (MySQL) support&quot; {
+
+    depends_lib-append          port:mariadb
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/mariadb/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/mariadb/mysql \
+                            --with-mysql-libraries=${prefix}/lib/mariadb/mysql
+    configure.env               CFLAGS=&quot;-L${prefix}/lib/mariadb/mysql&quot;
+}
+
+variant percona \
+    conflicts mysql51 mysql55 mysql56 mariadb \
+    description &quot;Enable Percona (MySQL) support&quot; {
+    depends_lib-append          port:percona
+    configure.env-append        MYSQL_CONFIG=${prefix}/lib/percona/bin/mysql_config
+    configure.args-append   --with-mysql-includes=${prefix}/include/percona/mysql \
+                            --with-mysql-libraries=${prefix}/lib/percona/mysql
+    configure.env               CFLAGS=&quot;-L${prefix}/lib/percona/mysql&quot;
+}
+
</ins><span class="cx"> livecheck.type      regex
</span><del>-livecheck.url       ${homepage}snort-downloads
</del><ins>+livecheck.url       ${homepage}/downloads
</ins><span class="cx"> livecheck.regex     &gt;${name}-(\[0-9.\]+)${extract.suffix}&lt;
</span></span></pre>
</div>
</div>

</body>
</html>