summaryrefslogtreecommitdiff
path: root/pcr/snort
diff options
context:
space:
mode:
authoraurelien <aurelien@cwb.io>2012-11-22 10:59:05 +0100
committeraurelien <aurelien@cwb.io>2012-11-22 10:59:05 +0100
commitf97ff910471fb3ae2c8ea69befecaae8cbf6dbea (patch)
tree297ea34dee3ae68d71ca4a5175d1d478ce69be76 /pcr/snort
parent9cce2f098d5d77a2748952e1221127b9f0614566 (diff)
+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons
Diffstat (limited to 'pcr/snort')
-rw-r--r--pcr/snort/PKGBUILD51
-rw-r--r--pcr/snort/snort41
-rw-r--r--pcr/snort/snort.conf.d21
-rw-r--r--pcr/snort/snort.install26
4 files changed, 139 insertions, 0 deletions
diff --git a/pcr/snort/PKGBUILD b/pcr/snort/PKGBUILD
new file mode 100644
index 000000000..2439a1c73
--- /dev/null
+++ b/pcr/snort/PKGBUILD
@@ -0,0 +1,51 @@
+# $Id: PKGBUILD 78820 2012-10-25 06:47:28Z foutrelis $
+# Contributor: Lukas Fleischer <archlinux at cryptocrack dot de>
+# Contributor: Hugo Doria <hugo@archlinux.org>
+# Contributor: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com>
+# Contributor: dorphell <dorphell@archlinux.org>
+# Contributor: Gregor Ibic <gregor.ibic@intelicom.si>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=snort
+pkgver=2.9.3.1
+pkgrel=1
+pkgdesc='A lightweight network intrusion detection system.'
+arch=('i686' 'x86_64')
+url='http://www.snort.org'
+license=('GPL')
+depends=('libdaq' 'libdnet' 'libpcap' 'pcre' 'zlib')
+makedepends=('ca-certificates')
+backup=('etc/conf.d/snort'
+ 'etc/snort/snort.conf'
+ 'etc/snort/threshold.conf'
+ 'etc/snort/confreference.config'
+ 'etc/snort/classification.config')
+options=('!makeflags' '!libtool')
+install='snort.install'
+source=("http://www.snort.org/dl/snort-current/${pkgname}-${pkgver}.tar.gz"{,.sig}
+ 'snort'
+ 'snort.conf.d')
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ ./configure --prefix=/usr --sysconfdir=/etc/snort --with-libpcap-includes=/usr/include/pcap \
+ --without-mysql --without-postgresql --without-oracle --without-odbc --enable-zlib \
+ --enable-ipv6
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ make DESTDIR="${pkgdir}" install
+
+ mkdir -p "${pkgdir}/"{etc/rc.d,etc/snort/rules}
+
+ install -d -m755 "${pkgdir}/var/log/snort"
+ install -D -m644 etc/{*.conf*,*.map} "${pkgdir}/etc/snort/"
+ install -D -m644 "${srcdir}/snort.conf.d" "${pkgdir}/etc/conf.d/snort"
+ install -D -m755 "${srcdir}/snort" "${pkgdir}/etc/rc.d/snort"
+
+ sed -i 's#/usr/local/lib/#/usr/lib/#' "${pkgdir}/etc/snort/snort.conf"
+}
diff --git a/pcr/snort/snort b/pcr/snort/snort
new file mode 100644
index 000000000..5dfa72fbf
--- /dev/null
+++ b/pcr/snort/snort
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+# source application-specific settings
+[ -f /etc/conf.d/snort ] && . /etc/conf.d/snort
+
+PID=`pidof -o %PPID /usr/bin/snort`
+case "$1" in
+ start)
+ stat_busy "Starting Intrusion Database System: SNORT"
+ [ -z "$PID" ] && /usr/bin/snort ${SNORT_OPTIONS} -u ${USER} -g ${GROUP} \
+ -i ${INTERFACE} -c ${SNORT_CONF}
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon snort
+ stat_done
+ fi
+ ;;
+
+ stop)
+ stat_busy "Stopping Intrusion Database System: SNORT"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon snort
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+esac
+exit 0
diff --git a/pcr/snort/snort.conf.d b/pcr/snort/snort.conf.d
new file mode 100644
index 000000000..86b566abc
--- /dev/null
+++ b/pcr/snort/snort.conf.d
@@ -0,0 +1,21 @@
+#
+# Parameters to be passed to snort
+#
+
+# options taken from Fedora
+# http://cvs.fedoraproject.org/viewcvs/devel/snort/sysconfig.snort?rev=1.2&view=markup
+
+# Where is the snort.conf file.
+SNORT_CONF="/etc/snort/snort.conf"
+
+# What user account should we run under.
+USER="snort"
+
+# What group account should we run under.
+GROUP="snort"
+
+# define the interface we listen on
+INTERFACE="eth0"
+
+# If you are using prelude, delete the '-A fast' option
+SNORT_OPTIONS="-A fast -b -l /var/log/snort -D -p"
diff --git a/pcr/snort/snort.install b/pcr/snort/snort.install
new file mode 100644
index 000000000..673f22c6c
--- /dev/null
+++ b/pcr/snort/snort.install
@@ -0,0 +1,26 @@
+post_install() {
+ getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort
+ getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort
+ usr/bin/passwd -l snort &>/dev/null
+
+ [ -f var/log/snort/alert ] || : >var/log/snort/alert
+ chown snort.snort var/log/snort/ -R
+
+cat << _EOF
+
+>>> You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network.
+>>> If you do not change it, snort may not work.
+
+_EOF
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+pre_remove() {
+ usr/sbin/userdel snort &>/dev/null
+ usr/sbin/groupdel snort &>/dev/null
+}
+
+# vim:set ts=2 sw=2 et: