Changeset 28667


Ignore:
Timestamp:
2011-10-29T15:40:14+02:00 (6 years ago)
Author:
nico
Message:

packages/snort: various fixes

  • use basic, mysql & pgsql VARIANTs
  • add a build dependency on librpc when building against uClibc (closes: #10132)
  • ship empty, useless, but working config & ruleset
  • ship dynamic engine & preprocessors, disabled by default
  • make it listen on loopback by default
Location:
packages/net/snort
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • packages/net/snort/Makefile

    r26103 r28667  
    11# 
    2 # Copyright (C) 2006-2010 OpenWrt.org 
     2# Copyright (C) 2006-2011 OpenWrt.org 
    33# 
    44# This is free software, licensed under the GNU General Public License v2. 
     
    1010PKG_NAME:=snort 
    1111PKG_VERSION:=2.8.4.1 
    12 PKG_RELEASE:=2 
     12PKG_RELEASE:=3 
    1313 
    1414PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 
     
    1616PKG_MD5SUM:=63f4e76ae96a2d133f4c7b741bad5458 
    1717 
    18 PKG_FIXUP:=libtool 
     18PKG_BUILD_DEPENDS:=USE_UCLIBC:librpc 
     19PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) 
     20PKG_FIXUP:=autoreconf 
     21PKG_INSTALL:=1 
    1922 
    2023include $(INCLUDE_DIR)/package.mk 
     
    3942define Package/snort 
    4043  $(call Package/snort/Default) 
     44  VARIANT:=basic 
    4145endef 
    4246 
     
    4953  DEPENDS+= +libmysqlclient 
    5054  TITLE+= (MySQL) 
     55  VARIANT:=mysql 
    5156endef 
    5257 
     
    6065  DEPENDS+= +libpq 
    6166  TITLE+= (PostgreSQL) 
     67  VARIANT:=pgsql 
    6268endef 
    6369 
     
    6773endef 
    6874 
    69 define Compile/Template 
    7075 
    71 $(PKG_BUILD_DIR)/snort$(1): $(STAMP_CONFIGURED) 
    72         touch -r $(PKG_BUILD_DIR)/Makefile.am $(PKG_BUILD_DIR)/configure.in  
    73         touch -r $(PKG_BUILD_DIR)/Makefile.in $(PKG_BUILD_DIR)/configure 
    74         -$(MAKE) -C $(PKG_BUILD_DIR) distclean 
    75         $(call Build/Configure/Default, \ 
    76                 --enable-flexresp \ 
    77                 --with-libnet-includes="$(STAGING_DIR)/usr/lib/libnet-1.0.x/include" \ 
    78                 --with-libnet-libraries="$(STAGING_DIR)/usr/lib/libnet-1.0.x/lib" \ 
    79                 --with-libpcap-includes="$(STAGING_DIR)/usr/include" \ 
    80                 --with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \ 
    81                 --with-libpcre-includes="$(STAGING_DIR)/usr/include" \ 
    82                 --with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \ 
    83                 $(2) \ 
    84                 , \ 
    85                 CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include/mysql" \ 
    86                 LDFLAGS="$$$$LDFLAGS -L$(STAGING_DIR)/usr/lib/mysql" \ 
    87                 PATH="$(STAGING_DIR)/usr/lib/libnet-1.0.x/bin:$$$$PATH" \ 
    88                 $(3) \ 
    89         ); 
    90         $(MAKE) -C $(PKG_BUILD_DIR) \ 
    91                 extra_incl="" \ 
    92                 all 
    93         mv $(PKG_BUILD_DIR)/src/snort $(PKG_BUILD_DIR)/snort$(1) 
     76CONFIGURE_ARGS += \ 
     77        --enable-flexresp \ 
     78        --with-libnet-includes="$(STAGING_DIR)/usr/lib/libnet-1.0.x/include" \ 
     79        --with-libnet-libraries="$(STAGING_DIR)/usr/lib/libnet-1.0.x/lib" \ 
     80        --with-libpcap-includes="$(STAGING_DIR)/usr/include" \ 
     81        --with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \ 
     82        --with-libpcre-includes="$(STAGING_DIR)/usr/include" \ 
     83        --with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \ 
    9484 
    95 $(PKG_BUILD_DIR)/.built: $(PKG_BUILD_DIR)/snort$(1) 
     85CONFIGURE_VARS += \ 
     86        CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include/mysql" \ 
     87        LDFLAGS="$$$$LDFLAGS -L$(STAGING_DIR)/usr/lib/mysql" \ 
     88        PATH="$(STAGING_DIR)/usr/lib/libnet-1.0.x/bin:$$$$PATH" \ 
    9689 
    97 endef 
     90MAKE_FLAGS += \ 
     91        extra_incl="" \ 
     92 
     93ifeq ($(BUILD_VARIANT),basic) 
     94 
     95  CONFIGURE_ARGS += \ 
     96        --without-mysql \ 
     97        --without-postgresql \ 
     98 
     99endif 
     100ifeq ($(BUILD_VARIANT),mysql) 
     101 
     102  CONFIGURE_ARGS += \ 
     103        --with-mysql="$(STAGING_DIR)/usr" \ 
     104        --without-postgresql \ 
     105 
     106endif 
     107ifeq ($(BUILD_VARIANT),pgsql) 
     108 
     109  CONFIGURE_ARGS += \ 
     110        --without-mysql \ 
     111        --with-postgresql="$(STAGING_DIR)/usr" \ 
     112 
     113endif 
    98114 
    99115 
    100 define Install/Template 
    101  
    102 define Package/snort$(1)/conffiles 
     116define Package/snort/conffiles 
    103117/etc/default/snort 
    104118/etc/snort/snort.conf 
     
    106120endef 
    107121 
    108 define Package/snort$(1)/install 
    109         $(INSTALL_DIR) $$(1)/usr/sbin 
    110         $(INSTALL_BIN) $(PKG_BUILD_DIR)/snort$(1) $$(1)/usr/sbin/snort 
    111         $(INSTALL_DIR) $$(1)/etc/snort 
    112         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/snort.conf $$(1)/etc/snort/ 
    113         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/classification.config $$(1)/etc/snort/ 
    114         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/gen-msg.map $$(1)/etc/snort/ 
    115         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/reference.config $$(1)/etc/snort/ 
    116         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/sid-msg.map $$(1)/etc/snort/ 
    117         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/threshold.conf $$(1)/etc/snort/ 
    118         $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/unicode.map $$(1)/etc/snort/ 
    119         $(INSTALL_DIR) $$(1)/etc/default 
    120         $(INSTALL_DATA) ./files/snort.default $$(1)/etc/default/snort 
    121         $(INSTALL_DIR) $$(1)/etc/init.d 
    122         $(INSTALL_BIN) ./files/snort.init $$(1)/etc/init.d/snort 
     122define Package/snort/install 
     123        $(INSTALL_DIR) $(1)/usr/bin 
     124        $(CP) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/ 
     125        $(INSTALL_DIR) $(1)/usr/lib/snort_dynamicengine 
     126        $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/libsf_engine.so* $(1)/usr/lib/snort_dynamicengine/ 
     127        $(INSTALL_DIR) $(1)/usr/lib/snort_dynamicpreprocessor 
     128        $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/libsf_{dce2,dcerpc,dns,ftptelnet,smtp,ssh,ssl}_preproc.so* $(1)/usr/lib/snort_dynamicpreprocessor/ 
     129        $(INSTALL_DIR) $(1)/etc/snort 
     130        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/snort.conf $(1)/etc/snort/ 
     131        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/classification.config $(1)/etc/snort/ 
     132        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/gen-msg.map $(1)/etc/snort/ 
     133        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/reference.config $(1)/etc/snort/ 
     134        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/sid-msg.map $(1)/etc/snort/ 
     135        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/threshold.conf $(1)/etc/snort/ 
     136        $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/unicode.map $(1)/etc/snort/ 
     137        $(INSTALL_DIR) $(1)/etc/snort/preproc_rules 
     138        $(INSTALL_DATA) $(PKG_BUILD_DIR)/preproc_rules/*.rules $(1)/etc/snort/preproc_rules/ 
     139        $(INSTALL_DIR) $(1)/etc/snort/rules 
     140        $(INSTALL_DATA) ./files/snort.local.rules $(1)/etc/snort/rules/local.rules 
     141        $(INSTALL_DIR) $(1)/etc/default 
     142        $(INSTALL_DATA) ./files/snort.default $(1)/etc/default/snort 
     143        $(INSTALL_DIR) $(1)/etc/init.d 
     144        $(INSTALL_BIN) ./files/snort.init $(1)/etc/init.d/snort 
    123145endef 
    124146 
    125 endef 
     147Package/snort-mysql/conffiles = $(Package/snort/conffiles) 
     148Package/snort-mysql/install = $(Package/snort/install) 
    126149 
    127  
    128 ifneq ($(SDK)$(CONFIG_PACKAGE_snort),) 
    129   define Compile/snort 
    130     $(call Compile/Template,, \ 
    131                 --without-mysql \ 
    132                 --without-postgresql \ 
    133     ) 
    134     $(call Install/Template,) 
    135   endef 
    136 endif 
    137 $(eval $(Compile/snort)) 
    138  
    139 ifneq ($(SDK)$(CONFIG_PACKAGE_snort-mysql),) 
    140   define Compile/snort-mysql 
    141     $(call Compile/Template,-mysql, \ 
    142                 --with-mysql="$(STAGING_DIR)/usr" \ 
    143                 --without-postgresql \ 
    144     ) 
    145     $(call Install/Template,-mysql) 
    146   endef 
    147 endif 
    148 $(eval $(Compile/snort-mysql)) 
    149  
    150  
    151 ifneq ($(SDK)$(CONFIG_PACKAGE_snort-pgsql),) 
    152   define Compile/snort-pgsql 
    153     $(call Compile/Template,-pgsql, \ 
    154                 --without-mysql \ 
    155                 --with-postgresql="$(STAGING_DIR)/usr" \ 
    156     ) 
    157     $(call Install/Template,-pgsql) 
    158   endef 
    159 endif 
    160 $(eval $(Compile/snort-pgsql)) 
    161  
    162 define Build/Configure 
    163 endef 
    164  
    165 define Build/Compile 
    166 endef 
     150Package/snort-pgsql/conffiles = $(Package/snort/conffiles) 
     151Package/snort-pgsql/install = $(Package/snort/install) 
    167152 
    168153$(eval $(call BuildPackage,snort)) 
  • packages/net/snort/files/snort.default

    r15247 r28667  
    1 INTERFACE="vlan1" # WAN 
     1INTERFACE="lo" 
    22OPTIONS="-i $INTERFACE -c /etc/snort/snort.conf -D -N -q -s" 
  • packages/net/snort/patches/750-lightweight-config.patch

    r24488 r28667  
    3333 # Configure the snort decoder 
    3434 # ============================ 
     35@@ -191,27 +192,27 @@ var PREPROC_RULE_PATH ../preproc_rules 
     36 # Load all dynamic preprocessors from the install path 
     37 # (same as command line option --dynamic-preprocessor-lib-dir) 
     38 # 
     39-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ 
     40+#dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ 
     41 # 
     42 # Load a specific dynamic preprocessor library from the install path 
     43 # (same as command line option --dynamic-preprocessor-lib) 
     44 # 
     45-# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so 
     46+# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so 
     47 # 
     48 # Load a dynamic engine from the install path 
     49 # (same as command line option --dynamic-engine-lib) 
     50 # 
     51-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so 
     52+#dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so 
     53 # 
     54 # Load all dynamic rules libraries from the install path 
     55 # (same as command line option --dynamic-detection-lib-dir) 
     56 # 
     57-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/ 
     58+# dynamicdetection directory /usr/lib/snort_dynamicrules/ 
     59 # 
     60 # Load a specific dynamic rule library from the install path 
     61 # (same as command line option --dynamic-detection-lib) 
     62 # 
     63-# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so 
     64+# dynamicdetection file /usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so 
     65 # 
     66  
     67 ################################################### 
    3568@@ -307,11 +308,11 @@ preprocessor stream5_tcp: policy first,  
    3669 # lots of options available here. See doc/README.http_inspect. 
     
    158191 # arpspoof 
    159192 #---------------------------------------- 
     193@@ -605,8 +606,8 @@ preprocessor sfportscan: proto  { all }  
     194 # See doc/README.dcerpc2 for explanations of what the 
     195 # preprocessor does and how to configure it. 
     196 # 
     197-preprocessor dcerpc2 
     198-preprocessor dcerpc2_server: default 
     199+#preprocessor dcerpc2 
     200+#preprocessor dcerpc2_server: default 
     201  
     202  
     203 # DNS 
    160204@@ -623,9 +624,9 @@ preprocessor dcerpc2_server: default 
    161205 # or use commandline option 
     
    180224  
    181225 #################################################################### 
    182 @@ -811,41 +812,41 @@ include $RULE_PATH/local.rules 
    183  include $RULE_PATH/bad-traffic.rules 
    184  include $RULE_PATH/exploit.rules 
    185  include $RULE_PATH/scan.rules 
     226@@ -808,44 +809,44 @@ include reference.config 
     227 #========================================= 
     228  
     229 include $RULE_PATH/local.rules 
     230-include $RULE_PATH/bad-traffic.rules 
     231-include $RULE_PATH/exploit.rules 
     232-include $RULE_PATH/scan.rules 
    186233-include $RULE_PATH/finger.rules 
    187234-include $RULE_PATH/ftp.rules 
     
    216263-include $RULE_PATH/pop2.rules 
    217264-include $RULE_PATH/pop3.rules 
     265+#include $RULE_PATH/bad-traffic.rules 
     266+#include $RULE_PATH/exploit.rules 
     267+#include $RULE_PATH/scan.rules 
    218268+#include $RULE_PATH/finger.rules 
    219269+#include $RULE_PATH/ftp.rules 
Note: See TracChangeset for help on using the changeset viewer.