diff options
author | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
---|---|---|
committer | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
commit | f97ff910471fb3ae2c8ea69befecaae8cbf6dbea (patch) | |
tree | 297ea34dee3ae68d71ca4a5175d1d478ce69be76 /pcr/snort | |
parent | 9cce2f098d5d77a2748952e1221127b9f0614566 (diff) |
+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons
Diffstat (limited to 'pcr/snort')
-rw-r--r-- | pcr/snort/PKGBUILD | 51 | ||||
-rw-r--r-- | pcr/snort/snort | 41 | ||||
-rw-r--r-- | pcr/snort/snort.conf.d | 21 | ||||
-rw-r--r-- | pcr/snort/snort.install | 26 |
4 files changed, 139 insertions, 0 deletions
diff --git a/pcr/snort/PKGBUILD b/pcr/snort/PKGBUILD new file mode 100644 index 000000000..2439a1c73 --- /dev/null +++ b/pcr/snort/PKGBUILD @@ -0,0 +1,51 @@ +# $Id: PKGBUILD 78820 2012-10-25 06:47:28Z foutrelis $ +# Contributor: Lukas Fleischer <archlinux at cryptocrack dot de> +# Contributor: Hugo Doria <hugo@archlinux.org> +# Contributor: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com> +# Contributor: dorphell <dorphell@archlinux.org> +# Contributor: Gregor Ibic <gregor.ibic@intelicom.si> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io> + +pkgname=snort +pkgver=2.9.3.1 +pkgrel=1 +pkgdesc='A lightweight network intrusion detection system.' +arch=('i686' 'x86_64') +url='http://www.snort.org' +license=('GPL') +depends=('libdaq' 'libdnet' 'libpcap' 'pcre' 'zlib') +makedepends=('ca-certificates') +backup=('etc/conf.d/snort' + 'etc/snort/snort.conf' + 'etc/snort/threshold.conf' + 'etc/snort/confreference.config' + 'etc/snort/classification.config') +options=('!makeflags' '!libtool') +install='snort.install' +source=("http://www.snort.org/dl/snort-current/${pkgname}-${pkgver}.tar.gz"{,.sig} + 'snort' + 'snort.conf.d') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + ./configure --prefix=/usr --sysconfdir=/etc/snort --with-libpcap-includes=/usr/include/pcap \ + --without-mysql --without-postgresql --without-oracle --without-odbc --enable-zlib \ + --enable-ipv6 + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + + make DESTDIR="${pkgdir}" install + + mkdir -p "${pkgdir}/"{etc/rc.d,etc/snort/rules} + + install -d -m755 "${pkgdir}/var/log/snort" + install -D -m644 etc/{*.conf*,*.map} "${pkgdir}/etc/snort/" + install -D -m644 "${srcdir}/snort.conf.d" "${pkgdir}/etc/conf.d/snort" + install -D -m755 "${srcdir}/snort" "${pkgdir}/etc/rc.d/snort" + + sed -i 's#/usr/local/lib/#/usr/lib/#' "${pkgdir}/etc/snort/snort.conf" +} diff --git a/pcr/snort/snort b/pcr/snort/snort new file mode 100644 index 000000000..5dfa72fbf --- /dev/null +++ b/pcr/snort/snort @@ -0,0 +1,41 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions + +# source application-specific settings +[ -f /etc/conf.d/snort ] && . /etc/conf.d/snort + +PID=`pidof -o %PPID /usr/bin/snort` +case "$1" in + start) + stat_busy "Starting Intrusion Database System: SNORT" + [ -z "$PID" ] && /usr/bin/snort ${SNORT_OPTIONS} -u ${USER} -g ${GROUP} \ + -i ${INTERFACE} -c ${SNORT_CONF} + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon snort + stat_done + fi + ;; + + stop) + stat_busy "Stopping Intrusion Database System: SNORT" + [ ! -z "$PID" ] && kill $PID &> /dev/null + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon snort + stat_done + fi + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" +esac +exit 0 diff --git a/pcr/snort/snort.conf.d b/pcr/snort/snort.conf.d new file mode 100644 index 000000000..86b566abc --- /dev/null +++ b/pcr/snort/snort.conf.d @@ -0,0 +1,21 @@ +# +# Parameters to be passed to snort +# + +# options taken from Fedora +# http://cvs.fedoraproject.org/viewcvs/devel/snort/sysconfig.snort?rev=1.2&view=markup + +# Where is the snort.conf file. +SNORT_CONF="/etc/snort/snort.conf" + +# What user account should we run under. +USER="snort" + +# What group account should we run under. +GROUP="snort" + +# define the interface we listen on +INTERFACE="eth0" + +# If you are using prelude, delete the '-A fast' option +SNORT_OPTIONS="-A fast -b -l /var/log/snort -D -p" diff --git a/pcr/snort/snort.install b/pcr/snort/snort.install new file mode 100644 index 000000000..673f22c6c --- /dev/null +++ b/pcr/snort/snort.install @@ -0,0 +1,26 @@ +post_install() { + getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort + getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort + usr/bin/passwd -l snort &>/dev/null + + [ -f var/log/snort/alert ] || : >var/log/snort/alert + chown snort.snort var/log/snort/ -R + +cat << _EOF + +>>> You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network. +>>> If you do not change it, snort may not work. + +_EOF +} + +post_upgrade() { + post_install $1 +} + +pre_remove() { + usr/sbin/userdel snort &>/dev/null + usr/sbin/groupdel snort &>/dev/null +} + +# vim:set ts=2 sw=2 et: |