From: Nicolas Thill Date: Sat, 29 Oct 2011 13:40:14 +0000 (+0000) Subject: packages/snort: various fixes X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=7ede7a5d23a088391748d2690de2e2d77272ce76;p=openwrt%2Fsvn-archive%2Fpackages.git packages/snort: various fixes * use basic, mysql & pgsql VARIANTs * add a build dependency on librpc when building against uClibc (closes: #10132) * ship empty, useless, but working config & ruleset * ship dynamic engine & preprocessors, disabled by default * make it listen on loopback by default SVN-Revision: 28667 --- diff --git a/net/snort/Makefile b/net/snort/Makefile index 3c86c444a..d3eaeaf47 100644 --- a/net/snort/Makefile +++ b/net/snort/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2010 OpenWrt.org +# Copyright (C) 2006-2011 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,13 +9,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort PKG_VERSION:=2.8.4.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://dl.snort.org/snort-current/ PKG_MD5SUM:=63f4e76ae96a2d133f4c7b741bad5458 -PKG_FIXUP:=libtool +PKG_BUILD_DEPENDS:=USE_UCLIBC:librpc +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk @@ -38,6 +41,7 @@ endef define Package/snort $(call Package/snort/Default) + VARIANT:=basic endef define Package/snort/description @@ -48,6 +52,7 @@ define Package/snort-mysql $(call Package/snort/Default) DEPENDS+= +libmysqlclient TITLE+= (MySQL) + VARIANT:=mysql endef define Package/snort-mysql/description @@ -59,6 +64,7 @@ define Package/snort-pgsql $(call Package/snort/Default) DEPENDS+= +libpq TITLE+= (PostgreSQL) + VARIANT:=pgsql endef define Package/snort-pgsql/description @@ -66,105 +72,84 @@ define Package/snort-pgsql/description This package contains snort with support for logging to a PostgreSQL database. endef -define Compile/Template - -$(PKG_BUILD_DIR)/snort$(1): $(STAMP_CONFIGURED) - touch -r $(PKG_BUILD_DIR)/Makefile.am $(PKG_BUILD_DIR)/configure.in - touch -r $(PKG_BUILD_DIR)/Makefile.in $(PKG_BUILD_DIR)/configure - -$(MAKE) -C $(PKG_BUILD_DIR) distclean - $(call Build/Configure/Default, \ - --enable-flexresp \ - --with-libnet-includes="$(STAGING_DIR)/usr/lib/libnet-1.0.x/include" \ - --with-libnet-libraries="$(STAGING_DIR)/usr/lib/libnet-1.0.x/lib" \ - --with-libpcap-includes="$(STAGING_DIR)/usr/include" \ - --with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \ - --with-libpcre-includes="$(STAGING_DIR)/usr/include" \ - --with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \ - $(2) \ - , \ - CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include/mysql" \ - LDFLAGS="$$$$LDFLAGS -L$(STAGING_DIR)/usr/lib/mysql" \ - PATH="$(STAGING_DIR)/usr/lib/libnet-1.0.x/bin:$$$$PATH" \ - $(3) \ - ); - $(MAKE) -C $(PKG_BUILD_DIR) \ - extra_incl="" \ - all - mv $(PKG_BUILD_DIR)/src/snort $(PKG_BUILD_DIR)/snort$(1) - -$(PKG_BUILD_DIR)/.built: $(PKG_BUILD_DIR)/snort$(1) -endef +CONFIGURE_ARGS += \ + --enable-flexresp \ + --with-libnet-includes="$(STAGING_DIR)/usr/lib/libnet-1.0.x/include" \ + --with-libnet-libraries="$(STAGING_DIR)/usr/lib/libnet-1.0.x/lib" \ + --with-libpcap-includes="$(STAGING_DIR)/usr/include" \ + --with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \ + --with-libpcre-includes="$(STAGING_DIR)/usr/include" \ + --with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \ +CONFIGURE_VARS += \ + CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include/mysql" \ + LDFLAGS="$$$$LDFLAGS -L$(STAGING_DIR)/usr/lib/mysql" \ + PATH="$(STAGING_DIR)/usr/lib/libnet-1.0.x/bin:$$$$PATH" \ -define Install/Template +MAKE_FLAGS += \ + extra_incl="" \ -define Package/snort$(1)/conffiles -/etc/default/snort -/etc/snort/snort.conf -/etc/snort/threshold.conf -endef +ifeq ($(BUILD_VARIANT),basic) -define Package/snort$(1)/install - $(INSTALL_DIR) $$(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/snort$(1) $$(1)/usr/sbin/snort - $(INSTALL_DIR) $$(1)/etc/snort - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/snort.conf $$(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/classification.config $$(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/gen-msg.map $$(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/reference.config $$(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/sid-msg.map $$(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/threshold.conf $$(1)/etc/snort/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/unicode.map $$(1)/etc/snort/ - $(INSTALL_DIR) $$(1)/etc/default - $(INSTALL_DATA) ./files/snort.default $$(1)/etc/default/snort - $(INSTALL_DIR) $$(1)/etc/init.d - $(INSTALL_BIN) ./files/snort.init $$(1)/etc/init.d/snort -endef + CONFIGURE_ARGS += \ + --without-mysql \ + --without-postgresql \ -endef +endif +ifeq ($(BUILD_VARIANT),mysql) + CONFIGURE_ARGS += \ + --with-mysql="$(STAGING_DIR)/usr" \ + --without-postgresql \ -ifneq ($(SDK)$(CONFIG_PACKAGE_snort),) - define Compile/snort - $(call Compile/Template,, \ - --without-mysql \ - --without-postgresql \ - ) - $(call Install/Template,) - endef endif -$(eval $(Compile/snort)) - -ifneq ($(SDK)$(CONFIG_PACKAGE_snort-mysql),) - define Compile/snort-mysql - $(call Compile/Template,-mysql, \ - --with-mysql="$(STAGING_DIR)/usr" \ - --without-postgresql \ - ) - $(call Install/Template,-mysql) - endef -endif -$(eval $(Compile/snort-mysql)) +ifeq ($(BUILD_VARIANT),pgsql) + CONFIGURE_ARGS += \ + --without-mysql \ + --with-postgresql="$(STAGING_DIR)/usr" \ -ifneq ($(SDK)$(CONFIG_PACKAGE_snort-pgsql),) - define Compile/snort-pgsql - $(call Compile/Template,-pgsql, \ - --without-mysql \ - --with-postgresql="$(STAGING_DIR)/usr" \ - ) - $(call Install/Template,-pgsql) - endef endif -$(eval $(Compile/snort-pgsql)) -define Build/Configure + +define Package/snort/conffiles +/etc/default/snort +/etc/snort/snort.conf +/etc/snort/threshold.conf endef -define Build/Compile +define Package/snort/install + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/usr/lib/snort_dynamicengine + $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/libsf_engine.so* $(1)/usr/lib/snort_dynamicengine/ + $(INSTALL_DIR) $(1)/usr/lib/snort_dynamicpreprocessor + $(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/libsf_{dce2,dcerpc,dns,ftptelnet,smtp,ssh,ssl}_preproc.so* $(1)/usr/lib/snort_dynamicpreprocessor/ + $(INSTALL_DIR) $(1)/etc/snort + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/snort.conf $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/classification.config $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/gen-msg.map $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/reference.config $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/sid-msg.map $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/threshold.conf $(1)/etc/snort/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/unicode.map $(1)/etc/snort/ + $(INSTALL_DIR) $(1)/etc/snort/preproc_rules + $(INSTALL_DATA) $(PKG_BUILD_DIR)/preproc_rules/*.rules $(1)/etc/snort/preproc_rules/ + $(INSTALL_DIR) $(1)/etc/snort/rules + $(INSTALL_DATA) ./files/snort.local.rules $(1)/etc/snort/rules/local.rules + $(INSTALL_DIR) $(1)/etc/default + $(INSTALL_DATA) ./files/snort.default $(1)/etc/default/snort + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/snort.init $(1)/etc/init.d/snort endef +Package/snort-mysql/conffiles = $(Package/snort/conffiles) +Package/snort-mysql/install = $(Package/snort/install) + +Package/snort-pgsql/conffiles = $(Package/snort/conffiles) +Package/snort-pgsql/install = $(Package/snort/install) + $(eval $(call BuildPackage,snort)) $(eval $(call BuildPackage,snort-mysql)) $(eval $(call BuildPackage,snort-pgsql)) diff --git a/net/snort/files/snort.default b/net/snort/files/snort.default index 796a893b0..dd506135a 100644 --- a/net/snort/files/snort.default +++ b/net/snort/files/snort.default @@ -1,2 +1,2 @@ -INTERFACE="vlan1" # WAN +INTERFACE="lo" OPTIONS="-i $INTERFACE -c /etc/snort/snort.conf -D -N -q -s" diff --git a/net/snort/files/snort.local.rules b/net/snort/files/snort.local.rules new file mode 100644 index 000000000..13e968412 --- /dev/null +++ b/net/snort/files/snort.local.rules @@ -0,0 +1,5 @@ +# ---------------- +# LOCAL RULES +# ---------------- +# This file intentionally does not come with signatures. Put your local +# additions here. diff --git a/net/snort/patches/750-lightweight-config.patch b/net/snort/patches/750-lightweight-config.patch index 1116202ec..08f410620 100644 --- a/net/snort/patches/750-lightweight-config.patch +++ b/net/snort/patches/750-lightweight-config.patch @@ -32,6 +32,39 @@ # Configure the snort decoder # ============================ +@@ -191,27 +192,27 @@ var PREPROC_RULE_PATH ../preproc_rules + # Load all dynamic preprocessors from the install path + # (same as command line option --dynamic-preprocessor-lib-dir) + # +-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ ++#dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ + # + # Load a specific dynamic preprocessor library from the install path + # (same as command line option --dynamic-preprocessor-lib) + # +-# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so ++# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so + # + # Load a dynamic engine from the install path + # (same as command line option --dynamic-engine-lib) + # +-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so ++#dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so + # + # Load all dynamic rules libraries from the install path + # (same as command line option --dynamic-detection-lib-dir) + # +-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/ ++# dynamicdetection directory /usr/lib/snort_dynamicrules/ + # + # Load a specific dynamic rule library from the install path + # (same as command line option --dynamic-detection-lib) + # +-# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so ++# dynamicdetection file /usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so + # + + ################################################### @@ -307,11 +308,11 @@ preprocessor stream5_tcp: policy first, # lots of options available here. See doc/README.http_inspect. # unicode.map should be wherever your snort.conf lives, or given @@ -157,6 +190,17 @@ # arpspoof #---------------------------------------- +@@ -605,8 +606,8 @@ preprocessor sfportscan: proto { all } + # See doc/README.dcerpc2 for explanations of what the + # preprocessor does and how to configure it. + # +-preprocessor dcerpc2 +-preprocessor dcerpc2_server: default ++#preprocessor dcerpc2 ++#preprocessor dcerpc2_server: default + + + # DNS @@ -623,9 +624,9 @@ preprocessor dcerpc2_server: default # or use commandline option # --dynamic-preprocessor-lib @@ -179,10 +223,13 @@ #################################################################### -@@ -811,41 +812,41 @@ include $RULE_PATH/local.rules - include $RULE_PATH/bad-traffic.rules - include $RULE_PATH/exploit.rules - include $RULE_PATH/scan.rules +@@ -808,44 +809,44 @@ include reference.config + #========================================= + + include $RULE_PATH/local.rules +-include $RULE_PATH/bad-traffic.rules +-include $RULE_PATH/exploit.rules +-include $RULE_PATH/scan.rules -include $RULE_PATH/finger.rules -include $RULE_PATH/ftp.rules -include $RULE_PATH/telnet.rules @@ -215,6 +262,9 @@ -include $RULE_PATH/imap.rules -include $RULE_PATH/pop2.rules -include $RULE_PATH/pop3.rules ++#include $RULE_PATH/bad-traffic.rules ++#include $RULE_PATH/exploit.rules ++#include $RULE_PATH/scan.rules +#include $RULE_PATH/finger.rules +#include $RULE_PATH/ftp.rules +#include $RULE_PATH/telnet.rules