source "package/openswan/Config.in"
source "package/shfs/Config.in"
source "package/asterisk/Config.in"
+source "package/snort/Config.in"
comment "Libraries"
source "package/libgcc/Config.in"
package-$(BR2_PACKAGE_SER) += ser
package-$(BR2_PACKAGE_SETSERIAL) += setserial
package-$(BR2_PACKAGE_SHFS) += shfs
+package-$(BR2_PACKAGE_SNORT) += snort
package-$(BR2_PACKAGE_SPEEX) += speex
package-$(BR2_PACKAGE_STRACE) += strace
package-$(BR2_PACKAGE_TCPDUMP) += tcpdump
mysql-compile: ncurses-compile zlib-compile
postgresql-compile: zlib-compile
+snort-compile: libnet-compile libpcap-compile pcre-compile
+ifeq ($(BR2_PACKAGE_SNORT_MYSQL),y)
+snort-compile: mysql-compile
+endif
+ifeq ($(BR2_PACKAGE_SNORT_PGSQL),y)
+snort-compile: postgresql-compile
+endif
+
sdk-compile: $(DEV_LIBS_COMPILE)
$(patsubst %,%-prepare,$(package-y) $(package-m) $(package-)): linux-install
--- /dev/null
+choice
+ prompt "snort"
+ tristate
+ default n
+ optional
+ help
+ A ligthweight Network Intrusion Detection System (NIDS)
+
+ http://www.snort.org/
+
+ Depends: libnet, libpcap, libpcre
+
+
+ config BR2_PACKAGE_SNORT_BASIC
+ prompt "snort: without database support"
+ tristate
+ select BR2_PACKAGE_LIBNET
+ select BR2_PACKAGE_LIBPCAP
+ select BR2_PACKAGE_LIBPCRE
+
+ config BR2_PACKAGE_SNORT_MYSQL
+ prompt "snort-mysql: with MySQL database support"
+ tristate
+ select BR2_PACKAGE_LIBNET
+ select BR2_PACKAGE_LIBPCAP
+ select BR2_PACKAGE_LIBPCRE
+ select BR2_PACKAGE_LIBMYSQLCLIENT
+
+ config BR2_PACKAGE_SNORT_PGSQL
+ prompt "snort-pgsql: with PostgreSQL database support"
+ tristate
+ select BR2_PACKAGE_LIBNET
+ select BR2_PACKAGE_LIBPCAP
+ select BR2_PACKAGE_LIBPCRE
+ select BR2_PACKAGE_LIBPQ
+
+ config BR2_PACKAGE_SNORT_CUSTOM
+ prompt "snort-custom: customized to your needs"
+ tristate
+ select BR2_PACKAGE_LIBNET
+ select BR2_PACKAGE_LIBPCAP
+ select BR2_PACKAGE_LIBPCRE
+
+ config BR2_PACKAGE_SNORT_WITH_MYSQL
+ prompt "MySQL database support"
+ bool
+ default y
+ depends BR2_PACKAGE_SNORT_CUSTOM
+ select BR2_PACKAGE_LIBMYSQLCLIENT
+
+ config BR2_PACKAGE_SNORT_WITH_PGSQL
+ prompt "PostgreSQL database support"
+ bool
+ default y
+ depends BR2_PACKAGE_SNORT_CUSTOM
+ select BR2_PACKAGE_LIBPQ
+
+endchoice
+
+config BR2_PACKAGE_SNORT
+ tristate
+ default BR2_PACKAGE_SNORT_BASIC || BR2_PACKAGE_SNORT_MYSQL || BR2_PACKAGE_SNORT_PGSQL
+
--- /dev/null
+# $Id$
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=snort
+PKG_VERSION:=2.3.2
+PKG_RELEASE:=1
+PKG_MD5SUM:=692602827ce9d1a611630149f8e50ec8
+
+PKG_SOURCE_URL:= \
+ http://www.snort.org/dl/current/ \
+ http://nthill.free.fr/openwrt/sources/$(PKG_NAME)/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(TOPDIR)/package/templates.mk
+
+PKG_CONFIGURE_OPTS := \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --program-prefix="" \
+ --program-suffix="" \
+ --prefix=/usr \
+ --exec-prefix=/usr \
+ --bindir=/usr/sbin \
+ --datadir=/usr/share \
+ --includedir=/usr/include \
+ --infodir=/usr/share/info \
+ --libdir=/usr/lib \
+ --libexecdir=/usr/lib/locate \
+ --localstatedir=/var/lib \
+ --mandir=/usr/share/man \
+ --sbindir=/usr/sbin \
+ --sysconfdir=/etc \
+ $(DISABLE_LARGEFILE) \
+ $(DISABLE_NLS) \
+ --enable-shared \
+ --disable-static \
+ --enable-flexresp \
+ --disable-smbalerts \
+ --with-libnet-includes="$(STAGING_DIR)/usr/include" \
+ --with-libnet-libraries="$(STAGING_DIR)/usr/lib" \
+ --with-libpcap-includes="$(STAGING_DIR)/usr/include" \
+ --with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \
+ --with-libpcre-includes="$(STAGING_DIR)/usr/include" \
+ --with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \
+ --without-odbc \
+ --without-openssl \
+ --without-oracle \
+ --without-snmp \
+
+SNORT_BASIC_CONFIGURE_OPTS := \
+ --without-mysql \
+ --without-postgresql \
+
+SNORT_MYSQL_CONFIGURE_OPTS := \
+ --with-mysql=$(STAGING_DIR)/usr \
+ --without-postgresql \
+
+SNORT_PGSQL_CONFIGURE_OPTS := \
+ --without-mysql \
+ --with-postgresql=$(STAGING_DIR)/usr \
+
+SNORT_CUSTOM_CONFIGURE_OPTS := \
+
+ifeq ($(BR2_PACKAGE_SNORT_WITH_MYSQL),y)
+SNORT_CUSTOM_CONFIGURE_OPTS += --with-mysql="$(STAGING_DIR)/usr"
+else
+SNORT_CUSTOM_CONFIGURE_OPTS += --without-mysql
+endif
+ifeq ($(BR2_PACKAGE_SNORT_WITH_PGSQL),y)
+SNORT_CUSTOM_CONFIGURE_OPTS += --with-postgresql="$(STAGING_DIR)/usr"
+else
+SNORT_CUSTOM_CONFIGURE_OPTS += --without-postgresql
+endif
+
+define PKG_build
+
+ifneq ($(BR2_PACKAGE_$(1)),)
+BUILD_TARGETS += $(PKG_BUILD_DIR)/$(2)
+endif
+
+$(PKG_BUILD_DIR)/$(2): $(PKG_BUILD_DIR)/.prepared
+ -$(MAKE) -C $(PKG_BUILD_DIR) distclean
+ (cd $(PKG_BUILD_DIR); rm -rf config.{cache,status} ; \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ CPPFLAGS="-I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/usr/include/mysql" \
+ LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/usr/lib/mysql" \
+ ./configure \
+ $(PKG_CONFIGURE_OPTS) \
+ $$($(1)_CONFIGURE_OPTS) \
+ );
+ $(MAKE) -C $(PKG_BUILD_DIR)
+ mv $(PKG_BUILD_DIR)/src/snort $(PKG_BUILD_DIR)/$(2)
+
+$(PKG_INSTALL_DIR)/usr/sbin/$(2): $(PKG_BUILD_DIR)/$(2)
+ install -m0755 $(PKG_BUILD_DIR)/$(2) $(PKG_INSTALL_DIR)/usr/sbin/
+
+$$(IPKG_$(1)): $(PKG_BUILD_DIR)/.installed $(PKG_INSTALL_DIR)/usr/sbin/$(2)
+ rm -rf $$(IDIR_$(1))
+ $(SCRIPT_DIR)/make-ipkg-dir.sh $$(IDIR_$(1)) ./ipkg/$(2).control $(3) $(4)
+ install -m0644 ./ipkg/snort.conffiles $$(IDIR_$(1))/CONTROL/conffiles
+ install -d -m0755 $$(IDIR_$(1))/etc/default
+ install -m0644 ./ipkg/snort.default $$(IDIR_$(1))/etc/default/snort
+ install -d -m0755 $$(IDIR_$(1))/etc/init.d
+ install -m0755 ./ipkg/snort.init $$(IDIR_$(1))/etc/init.d/snort
+ install -d -m0755 $$(IDIR_$(1))/etc/snort
+ install -m0644 $(PKG_BUILD_DIR)/etc/snort.conf $$(IDIR_$(1))/etc/snort/
+ install -m0644 $(PKG_BUILD_DIR)/etc/classification.config $$(IDIR_$(1))/etc/snort/
+ install -m0644 $(PKG_BUILD_DIR)/etc/gen-msg.map $$(IDIR_$(1))/etc/snort/
+ install -m0644 $(PKG_BUILD_DIR)/etc/reference.config $$(IDIR_$(1))/etc/snort/
+ install -m0644 $(PKG_BUILD_DIR)/etc/sid-msg.map $$(IDIR_$(1))/etc/snort/
+ install -m0644 $(PKG_BUILD_DIR)/etc/threshold.conf $$(IDIR_$(1))/etc/snort/
+ install -m0644 $(PKG_BUILD_DIR)/etc/unicode.map $$(IDIR_$(1))/etc/snort/
+ install -d -m0755 $$(IDIR_$(1))/usr/sbin
+ cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/$(2) $$(IDIR_$(1))/usr/sbin/snort
+ $(RSTRIP) $$(IDIR_$(1))
+ mkdir -p $(PACKAGE_DIR)
+ $(IPKG_BUILD) $$(IDIR_$(1)) $(PACKAGE_DIR)
+
+endef
+
+$(eval $(call PKG_template,SNORT_BASIC,snort,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,SNORT_MYSQL,snort-mysql,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,SNORT_PGSQL,snort-pgsql,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,SNORT_CUSTOM,snort-custom,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+$(eval $(call PKG_build,SNORT_BASIC,snort,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_build,SNORT_MYSQL,snort-mysql,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_build,SNORT_PGSQL,snort-pgsql,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_build,SNORT_CUSTOM,snort-custom,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+include $(TOPDIR)/package/rules.mk
+
+$(PKG_BUILD_DIR)/.built: $(BUILD_TARGETS)
+ touch $(PKG_BUILD_DIR)/.built
+
+$(PKG_BUILD_DIR)/.installed: $(PKG_BUILD_DIR)/.built
+ mkdir -p $(PKG_INSTALL_DIR)
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ install
+ touch $(PKG_BUILD_DIR)/.installed
+
--- /dev/null
+Package: snort
+Priority: optional
+Section: net
+Version: [TBDL]
+Architecture: [TBDL]
+Maintainer: Nico <nthill@free.fr>
+Source: http://nthill.free.fr/openwrt/sources/snort/
+Description: a flexible Network Intrusion Detection System (NIDS),
+ built with custom options
+Depends: libnet, libpcap, libpcre
--- /dev/null
+Package: snort-mysql
+Priority: optional
+Section: net
+Version: [TBDL]
+Architecture: [TBDL]
+Maintainer: Nico <nthill@free.fr>
+Source: http://nthill.free.fr/openwrt/sources/snort/
+Description: a flexible Network Intrusion Detection System (NIDS),
+ built with MySQL database logging support
+Depends: libnet, libpcap, libpcre, libmysqlclient
--- /dev/null
+Package: snort-pgsql
+Priority: optional
+Section: net
+Version: [TBDL]
+Architecture: [TBDL]
+Maintainer: Nico <nthill@free.fr>
+Source: http://nthill.free.fr/openwrt/sources/snort/
+Description: a flexible Network Intrusion Detection System (NIDS),
+ built with PostgreSQL database logging support
+Depends: libnet, libpcap, libpcre, libpq
--- /dev/null
+/etc/default/snort
+/etc/snort/snort.conf
+/etc/snort/threshold.conf
--- /dev/null
+Package: snort
+Priority: optional
+Section: net
+Version: [TBDL]
+Architecture: [TBDL]
+Maintainer: Nico <nthill@free.fr>
+Source: http://nthill.free.fr/openwrt/sources/snort/
+Description: a flexible Network Intrusion Detection System (NIDS),
+ built without database logging support
+Depends: libnet, libpcap, libpcre
--- /dev/null
+INTERFACE="vlan1" # WAN
+OPTIONS="-i $INTERFACE -c /etc/snort/snort.conf -D -N -q -s"
--- /dev/null
+#!/bin/sh
+
+DEFAULT=/etc/default/snort
+LOG_D=/var/log/snort
+RUN_D=/var/run
+[ -f $DEFAULT ] && . $DEFAULT
+PID_F=$RUN_D/snort_$INTERFACE.pid
+
+case $1 in
+ start)
+ [ -d $LOG_D ] || mkdir -p $LOG_D
+ [ -d $RUN_D ] || mkdir -p $RUN_D
+ snort $OPTIONS
+ ;;
+ stop)
+ [ -f $PID_F ] && kill $(cat $PID_F)
+ ;;
+ *)
+ echo "usage: $0 (start|stop)"
+ exit 1
+esac
+
+exit $?
--- /dev/null
+--- snort-2.3.2-orig/src/snort.c 2005-01-13 21:36:20.000000000 +0100
++++ snort-2.3.2-1/src/snort.c 2005-04-04 20:03:34.000000000 +0200
+@@ -1949,7 +1949,7 @@
+ {
+ struct stat st;
+ int i;
+- char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};
++ char *conf_files[]={"/etc/snort/snort.conf", NULL};
+ char *fname = NULL;
+ char *home_dir = NULL;
+ char *rval = NULL;
+@@ -1970,23 +1970,6 @@
+ i++;
+ }
+
+- /* search for .snortrc in the HOMEDIR */
+- if(!rval)
+- {
+- if((home_dir = getenv("HOME")))
+- {
+- /* create the full path */
+- fname = (char *)malloc(strlen(home_dir) + strlen("/.snortrc") + 1);
+- if(!fname)
+- FatalError("Out of memory searching for config file\n");
+-
+- if(stat(fname, &st) != -1)
+- rval = fname;
+- else
+- free(fname);
+- }
+- }
+-
+ return rval;
+ }
+
--- /dev/null
+--- snort-2.3.2-orig/etc/snort.conf 2005-03-10 23:04:38.000000000 +0100
++++ snort-2.3.2-1/etc/snort.conf 2005-04-04 20:01:41.000000000 +0200
+@@ -6,6 +6,7 @@
+ #
+ ###################################################
+ # This file contains a sample snort configuration.
++# Most preprocessors and rules were disabled to save memory.
+ # You can take the following steps to create your own custom configuration:
+ #
+ # 1) Set the network variables for your network
+@@ -41,10 +42,10 @@
+ # or you can specify the variable to be any IP address
+ # like this:
+
+-var HOME_NET any
++var HOME_NET 192.168.1.0/24
+
+ # Set up the external network addresses as well. A good start may be "any"
+-var EXTERNAL_NET any
++var EXTERNAL_NET !$HOME_NET
+
+ # Configure your server lists. This allows snort to only look for attacks to
+ # systems that have a service up. Why look for HTTP attacks if you are not
+@@ -106,7 +107,7 @@
+ # Path to your rules files (this can be a relative path)
+ # Note for Windows users: You are advised to make this an absolute path,
+ # such as: c:\snort\rules
+-var RULE_PATH ../rules
++var RULE_PATH /etc/snort/rules
+
+ # Configure the snort decoder
+ # ============================
+@@ -297,11 +298,11 @@
+ # lots of options available here. See doc/README.http_inspect.
+ # unicode.map should be wherever your snort.conf lives, or given
+ # a full path to where snort can find it.
+-preprocessor http_inspect: global \
+- iis_unicode_map unicode.map 1252
++#preprocessor http_inspect: global \
++# iis_unicode_map unicode.map 1252
+
+-preprocessor http_inspect_server: server default \
+- profile all ports { 80 8080 8180 } oversize_dir_length 500
++#preprocessor http_inspect_server: server default \
++# profile all ports { 80 8080 8180 } oversize_dir_length 500
+
+ #
+ # Example unique server configuration
+@@ -335,7 +336,7 @@
+ # no_alert_incomplete - don't alert when a single segment
+ # exceeds the current packet size
+
+-preprocessor rpc_decode: 111 32771
++#preprocessor rpc_decode: 111 32771
+
+ # bo: Back Orifice detector
+ # -------------------------
+@@ -347,7 +348,7 @@
+ # ----- -------------------
+ # 1 Back Orifice traffic detected
+
+-preprocessor bo
++#preprocessor bo
+
+ # telnet_decode: Telnet negotiation string normalizer
+ # ---------------------------------------------------
+@@ -359,7 +360,7 @@
+ # This preprocessor requires no arguments.
+ # Portscan uses Generator ID 109 and does not generate any SID currently.
+
+-preprocessor telnet_decode
++#preprocessor telnet_decode
+
+ # Flow-Portscan: detect a variety of portscans
+ # ---------------------------------------
+@@ -455,9 +456,9 @@
+ # are still watched as scanner hosts. The 'ignore_scanned' option is
+ # used to tune alerts from very active hosts such as syslog servers, etc.
+ #
+-preprocessor sfportscan: proto { all } \
+- memcap { 10000000 } \
+- sense_level { low }
++#preprocessor sfportscan: proto { all } \
++# memcap { 10000000 } \
++# sense_level { low }
+
+ # arpspoof
+ #----------------------------------------
+@@ -642,41 +643,41 @@
+ include $RULE_PATH/bad-traffic.rules
+ include $RULE_PATH/exploit.rules
+ include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
+
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
+ # include $RULE_PATH/web-attacks.rules
+ # include $RULE_PATH/backdoor.rules
+ # include $RULE_PATH/shellcode.rules
+@@ -684,11 +685,11 @@
+ # include $RULE_PATH/porn.rules
+ # include $RULE_PATH/info.rules
+ # include $RULE_PATH/icmp-info.rules
+- include $RULE_PATH/virus.rules
++# include $RULE_PATH/virus.rules
+ # include $RULE_PATH/chat.rules
+ # include $RULE_PATH/multimedia.rules
+ # include $RULE_PATH/p2p.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/experimental.rules
+
+ # Include any thresholding or suppression commands. See threshold.conf in the
+ # <snort src>/etc directory for details. Commands don't necessarily need to be