PKG_NAME:=snort3
PKG_VERSION:=3.1.48.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \
$(1)/usr/share/lua/
- $(INSTALL_DIR) $(1)/etc/snort
+ $(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules}
+
$(INSTALL_CONF) \
$(PKG_INSTALL_DIR)/usr/etc/snort/*.lua \
$(1)/etc/snort
$(INSTALL_CONF) \
./files/snort.config \
$(1)/etc/config/snort
+ $(INSTALL_CONF) \
+ ./files/local.lua \
+ $(1)/etc/snort
+ $(INSTALL_CONF) \
+ ./files/homenet.lua \
+ $(1)/etc/snort
+ sed \
+ -i -e "/^EXTERNAL_NET\\s\\+=/ a include 'homenet.lua'" \
+ -e "/^HOME_NET\\s\\+=/ i -- we set HOME_NET and EXTERNAL_NET here or via an included file" \
+ -e 's/^\(HOME_NET\s\+=\)/--\1/g' \
+ -e 's/^\(EXTERNAL_NET\s\+=\)/--\1/g' \
+ $(1)/etc/snort/snort.lua
+ sed \
+ -i -e "s/^\\(RULE_PATH\\s\\+=\\).*/\\1 'rules'/g" \
+ -e "s/^\\(BUILTIN_RULE_PATH\\s\\+=\\).*/\\1 'builtin_rules'/g" \
+ -e "s/^\\(PLUGIN_RULE_PATH\\s\\+=\\).*/\\1 'so_rules'/g" \
+ -e "s/^\\(WHITE_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
+ -e "s/^\\(BLACK_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
+ $(1)/etc/snort/snort_defaults.lua
endef
$(eval $(call BuildPackage,snort3))
--- /dev/null
+-- setup HOME_NET below with your IP range/ranges to protect
+HOME_NET = [[ 192.168.1.0/24 10.1.0.1/24 ]]
+EXTERNAL_NET = "!$HOME_NET"
--- /dev/null
+-- use ths file to customize any functions defined in /etc/snort/snort.lua
+
+-- switch tap to inline in ips and uncomment the below to run snort in inline mode
+--snort = {}
+--snort["-Q"] = ''
+
+ips = {
+ mode = tap,
+ -- mode = inline,
+ variables = default_variables,
+ -- uncomment and change the below to reflect rules or symlinks to rules on your filesystem
+ -- include = RULE_PATH .. '/snort.rules',
+}
+
+daq = {
+ module_dirs = {
+ '/usr/lib/daq',
+ },
+ modules = {
+ {
+ name = 'afpacket',
+ mode = 'inline',
+ }
+ }
+}
+
+alert_syslog = {
+ level = 'info',
+}
+
+-- To log to a file, uncomment the below and manually create the dir defined in output.logdir
+--output.logdir = '/var/log/snort'
+--alert_fast = {
+-- file = true,
+-- packet = false,
+--}
+
+normalizer = {
+ tcp = {
+ ips = true,
+ }
+}
+
+file_policy = {
+ enable_type = true,
+ enable_signature = true,
+ rules = {
+ use = {
+ verdict = 'log', enable_file_type = true, enable_file_signature = true
+ }
+ }
+}
config snort 'snort'
option config_dir '/etc/snort/'
- option alert_module 'alert_syslog'
option interface 'eth0'
validate_snort_section() {
uci_validate_section snort snort "${1}" \
'config_dir:string' \
- 'alert_module:string' \
'interface:string'
}
}
procd_open_instance
- procd_set_param command $PROG -q --daq-dir /usr/lib/daq/ -i "$interface" -c "$config_dir/snort.lua" -A "$alert_module"
+ procd_set_param command $PROG -q -i "$interface" -c "${config_dir%/}/snort.lua" --tweaks local
procd_set_param env SNORT_LUA_PATH="$config_dir"
procd_set_param file $CONFIGFILE
procd_set_param respawn
projects / feed / packages.git / commitdiff