mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-25 10:03:03 +01:00
network/snort: Removed (download link broken)
This commit is contained in:
parent
b15ff21f36
commit
b32fe885a5
7 changed files with 0 additions and 303 deletions
|
@ -1,16 +0,0 @@
|
|||
Snort is an open source network intrusion detection and prevention system. It
|
||||
is capable of performing real-time traffic analysis, alerting, blocking and
|
||||
packet logging on IP networks. It utilizes a combination of protocol analysis
|
||||
and pattern matchingin order to detect a anomalies, misuse and attacks.
|
||||
Snort uses a flexible rules language to describe activity that can be considered
|
||||
malicious or anomalous as well as an analysis engine that incorporates a modular
|
||||
plugin architecture. Snort is capable of detecting and responding in real-time,
|
||||
sending alerts, performing session sniping, logging packets, or dropping
|
||||
sessions/packets when deployed in-line.
|
||||
|
||||
Snort has three primary functional modes. It can be used as a packet sniffer
|
||||
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
|
||||
or as a full blown network intrusion detection and prevention system.
|
||||
|
||||
Note that --libdir seems to be ignored on Slackware64; libraries are installed
|
||||
to /usr/lib anyway.
|
|
@ -1,48 +0,0 @@
|
|||
Snort has three primary functional modes. It can be used as a packet sniffer
|
||||
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
|
||||
or as a full blown network intrusion detection and prevention system.
|
||||
|
||||
Please read the snort_manual.pdf file that should be included with this
|
||||
distribution for full documentation on the program as well as a guide to
|
||||
getting started.
|
||||
|
||||
This package builds a very basic snort implimentation useful for monitoring
|
||||
traffic as an IDS or packet logger and as a sort of improved tcpdump (which
|
||||
is what I use it for). MySQL support is included, so you should have little
|
||||
trouble hooking snort up to a database or ACID. For more information on
|
||||
these, check out snort's homepage at:
|
||||
|
||||
http://www.snort.org/
|
||||
http://www.snort.org/docs/
|
||||
|
||||
snort.org has a nasty habit of changing the location of their source
|
||||
code, which means there's no garauntee that the link in snort.info is
|
||||
correct. If you can't get that link to work, look for the source code at:
|
||||
|
||||
http://www.snort.org/dl/old/
|
||||
|
||||
In order for Snort to function properly, you need to provide rule files.
|
||||
I recommend registering for free at http://www.snorg.org so you can get these
|
||||
files. Once you have done that, go to http://snort.org/pub-bin/downloads.cgi
|
||||
and get the latest 2.8 series VRT Certified Rules. You need to untar this
|
||||
file and place follow files from etc in the tarball in to your /etc/snort
|
||||
directory :
|
||||
|
||||
generators
|
||||
gen-msg.map
|
||||
sid
|
||||
sid-msg.map
|
||||
|
||||
If you are going to use a front end like Base, you should copy the
|
||||
dog/signatures directory from the tarball in to
|
||||
/usr/doc/snort-$VERSION/ . Last, but certainly not least, you must
|
||||
copy the contents of the rules/ directory in the tarball to
|
||||
/etc/snort/rules/ . After you've done this, you can safely restart
|
||||
snort or send a HUP to snort to reload the files (killall -HUP snort).
|
||||
|
||||
A rc.snort file has been included for your convenience, but it needs to be
|
||||
added to your init script of choice to run on boot. You should modify the
|
||||
variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor.
|
||||
This Slackbuild is no longer maintained by Alan Hicks, but rather me
|
||||
(Thomas York), so email me instead if you have any questions.
|
||||
--Thomas York (straterra@fuhell.com)
|
|
@ -1,29 +0,0 @@
|
|||
config() {
|
||||
NEW="$1"
|
||||
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||
# If there's no config file by that name, mv it over:
|
||||
if [ ! -r $OLD ]; then
|
||||
mv $NEW $OLD
|
||||
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
|
||||
rm $NEW
|
||||
fi
|
||||
# Otherwise, we leave the .new copy for the admin to consider...
|
||||
}
|
||||
|
||||
# Keep same perms on rc.snort.new:
|
||||
if [ -e etc/rc.d/rc.snort ]; then
|
||||
cp -a etc/rc.d/rc.snort etc/rc.d/rc.snort.new.incoming
|
||||
cat etc/rc.d/rc.snort.new > etc/rc.d/rc.snort.new.incoming
|
||||
mv etc/rc.d/rc.snort.new.incoming etc/rc.d/rc.snort.new
|
||||
fi
|
||||
|
||||
config etc/rc.d/rc.snort.new
|
||||
config etc/snort/snort.conf.new
|
||||
config etc/snort/reference.config.new
|
||||
config etc/snort/threshold.conf.new
|
||||
config etc/snort/attribute_table.dtd.new
|
||||
config etc/snort/classification.config.new
|
||||
config etc/snort/gen-msg.map.new
|
||||
config etc/snort/sid-msg.map.new
|
||||
config etc/snort/unicode.map.new
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
#!/bin/sh
|
||||
# Start/stop/restart snort
|
||||
|
||||
# This tell snort which interface to listen on (any for every interface)
|
||||
IFACE=${IFACE:-any}
|
||||
|
||||
# Make sure this matches your IFACE
|
||||
PIDFILE=/var/run/snort_$IFACE.pid
|
||||
|
||||
# You probably don't want to change this, but in case you do
|
||||
LOGDIR="/var/log/snort"
|
||||
|
||||
# Probably not this either
|
||||
CONF=/etc/snort/snort.conf
|
||||
|
||||
# Start snort:
|
||||
snort_start() {
|
||||
CMDLINE="/usr/bin/snort -d -D -i $IFACE"
|
||||
echo -n "Starting Snort daemon: $CMDLINE"
|
||||
$CMDLINE --pid-path /var/run --create-pidfile -l $LOGDIR -c $CONF
|
||||
echo
|
||||
}
|
||||
|
||||
# Stop snort:
|
||||
snort_stop() {
|
||||
echo -n "Stopping Snort daemon ($IFACE)..."
|
||||
kill $(cat $PIDFILE)
|
||||
echo
|
||||
sleep 1
|
||||
rm -f $PIDFILE
|
||||
}
|
||||
|
||||
# Restart snort:
|
||||
snort_restart() {
|
||||
snort_stop
|
||||
sleep 1
|
||||
snort_start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
'start')
|
||||
snort_start
|
||||
;;
|
||||
'stop')
|
||||
snort_stop
|
||||
;;
|
||||
'restart')
|
||||
snort_restart
|
||||
;;
|
||||
*)
|
||||
echo "usage $0 start|stop|restart"
|
||||
esac
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
# HOW TO EDIT THIS FILE:
|
||||
# The "handy ruler" below makes it easier to edit a package description. Line
|
||||
# up the first '|' above the ':' following the base package name, and the '|'
|
||||
# on the right side marks the last column you can put a character in. You must
|
||||
# make exactly 11 lines for the formatting to be correct. It's also
|
||||
# customary to leave one space after the ':'.
|
||||
|
||||
|-------handy-ruler-----------------------------------------------------|
|
||||
snort: Snort (Intrusion Detection and Prevention System)
|
||||
snort:
|
||||
snort: Snort is an open source network intrusion detection and prevention
|
||||
snort: system. It is capable of performing real-time traffic analysis,
|
||||
snort: alerting, blocking and packet logging on IP networks. It utilizes a
|
||||
snort: combination of protocol analysis and pattern matchingin order to
|
||||
snort: detect anomalies, misuse and attacks.
|
||||
snort: Snort is capable of detecting and responding in real-time, sending
|
||||
snort: alerts, performing session sniping, logging packets, or dropping
|
||||
snort: sessions/packets when deployed in-line.
|
||||
snort:
|
|
@ -1,128 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Copyright 2006-2009, Alan Hicks, Lizella, GA,
|
||||
# Copyright 2009, Thomas York, Beech Grove, In.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use of this script, with or without modification, is
|
||||
# permitted provided that the following conditions are met:
|
||||
#
|
||||
# 1. Redistributions of this script must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
# Modified by the SlackBuilds.org project
|
||||
|
||||
PRGNAM=snort
|
||||
VERSION=2.8.4.1
|
||||
ARCH=${ARCH:-i486}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
|
||||
CWD=$(pwd)
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
if [ "$ARCH" = "i486" ]; then
|
||||
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "i686" ]; then
|
||||
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "x86_64" ]; then
|
||||
SLKCFLAGS="-O2 -fPIC"
|
||||
LIBDIRSUFFIX="64"
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
rm -rf $PKG
|
||||
mkdir -p $TMP $PKG $OUTPUT
|
||||
cd $TMP
|
||||
rm -rf $PRGNAM-$VERSION
|
||||
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
|
||||
cd $PRGNAM-$VERSION
|
||||
|
||||
chown -R root:root .
|
||||
find . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
||||
-exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||
-exec chmod 644 {} \;
|
||||
|
||||
CFLAGS="$SLKCFLAGS" \
|
||||
CXXFLAGS="$SLKCFLAGS" \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
||||
--sysconfdir=/etc \
|
||||
--mandir=/usr/man \
|
||||
--localstatedir=/var \
|
||||
--docdir=/usr/doc/$PRGNAM-$VERSION \
|
||||
--enable-pthread \
|
||||
--enable-linux-smp-stats \
|
||||
--with-mysql-libraries=/usr/lib${LIBDIRSUFFIX}/mysql \
|
||||
--with-mysql-includes=/usr/include/mysql \
|
||||
--build=$ARCH-slackware-linux
|
||||
|
||||
make
|
||||
make install-strip DESTDIR=$PKG
|
||||
|
||||
( cd $PKG/usr/man
|
||||
find . -type f -exec gzip -9 {} \;
|
||||
for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
|
||||
)
|
||||
|
||||
# Set up a sane config directory - snort won't do this on its own
|
||||
mkdir -p $PKG/etc/$PRGNAM
|
||||
# Fix paths for libraries in snort.conf
|
||||
sed -e 's%usr/local%usr%g' etc/snort.conf > $PKG/etc/snort/snort.conf.new
|
||||
cat etc/threshold.conf > $PKG/etc/snort/threshold.conf.new
|
||||
cat etc/reference.config > $PKG/etc/snort/reference.config.new
|
||||
cat etc/classification.config > $PKG/etc/snort/classification.config.new
|
||||
cat etc/attribute_table.dtd > $PKG/etc/snort/attribute_table.dtd.new
|
||||
cat etc/gen-msg.map > $PKG/etc/snort/gen-msg.map.new
|
||||
cat etc/sid-msg.map > $PKG/etc/snort/sid-msg.map.new
|
||||
cat etc/unicode.map > $PKG/etc/snort/unicode.map.new
|
||||
|
||||
# Create default, empty directory for rules
|
||||
mkdir -p $PKG/etc/snort/rules
|
||||
mkdir -p $PKG/etc/snort/preproc_rules
|
||||
|
||||
# Include the rc.snort file
|
||||
mkdir -p $PKG/etc/rc.d
|
||||
cat $CWD/rc.snort > $PKG/etc/rc.d/rc.snort.new
|
||||
chmod 0755 $PKG/etc/rc.d/rc.snort.new
|
||||
|
||||
# Create directory for logging
|
||||
mkdir -p $PKG/var/log/snort
|
||||
|
||||
# Bundle the SQL schemas and install the docs
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/schemas
|
||||
for file in schemas/create_*; do
|
||||
cat $file > $PKG/usr/doc/$PRGNAM-$VERSION/$file
|
||||
done
|
||||
cp -a COPYING ChangeLog LICENSE RELEASE.NOTES doc/* \
|
||||
$PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||
cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
|
||||
find $PKG/usr/doc -name "Makefile*" -exec rm -f {} \;
|
||||
rm -rf $PKG/usr/share
|
||||
|
||||
mkdir -p $PKG/install
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
|
@ -1,10 +0,0 @@
|
|||
PRGNAM="snort"
|
||||
VERSION="2.8.4.1"
|
||||
HOMEPAGE="http://www.snort.org/"
|
||||
DOWNLOAD="http://dl.snort.org/snort-current/snort-2.8.4.1.tar.gz"
|
||||
MD5SUM="63f4e76ae96a2d133f4c7b741bad5458"
|
||||
DOWNLOAD_x86_64=""
|
||||
MD5SUM_x86_64=""
|
||||
MAINTAINER="Thomas_York"
|
||||
EMAIL="straterra@fuhell.com"
|
||||
APPROVED="rworkman"
|
Loading…
Reference in a new issue