Pinkbyte/pinkbyte-overlay
1
Fork 0
Code Releases Activity

Drop outdated Snort and Snortsam

Browse Source
This commit is contained in:
Sergey Popov 2020-12-28 13:19:49 +03:00
parent 1d053c10e5
commit 27ebbf6263
10 changed files with 0 additions and 1928 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

915
net-analyzer/snort/ChangeLog
View File

@ -1,915 +0,0 @@
# ChangeLog for net-analyzer/snort
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.192 2012/04/04 09:39:53 patrick Exp $
*snort-2.9.2.2 (04 Apr 2012)
04 Apr 2012; Patrick Lauer <patrick@gentoo.org> +snort-2.9.2.2.ebuild:
Bump
11 Mar 2012; Joshua Kinard <kumba@gentoo.org> snort-2.9.1.ebuild,
snort-2.9.2.1.ebuild:
Both 2.9.1 and 2.9.2* should be using daq-0.6 or greater.
*snort-2.9.2.1 (11 Mar 2012)
11 Mar 2012; Joshua Kinard <kumba@gentoo.org>
-files/snort-2.8.4-libnet.patch, -snort-2.8.5.1.ebuild,
-snort-2.8.5.3.ebuild, -snort-2.8.6.ebuild, -snort-2.8.6.1.ebuild,
-snort-2.9.0.4-r1.ebuild, snort-2.9.0.5.ebuild, snort-2.9.1.ebuild,
-snort-2.9.2.ebuild, +snort-2.9.2.1.ebuild, -files/pcap_memory.patch,
-files/snort.rc9, -files/snort.reload.rc1, metadata.xml:
Drop old versions and associated files, add 2.9.2.1, and tweak SRC_URI to use
a download URL specified on the Snort website that doesn't require manual
updating for each new release.
11 Mar 2012; Tim Harder <radhermit@gentoo.org> snort-2.9.2.ebuild:
Fix multilib issue (bug #403725, patch by Rick Farina).
*snort-2.9.2 (11 Jan 2012)
11 Jan 2012; Patrick Lauer <patrick@gentoo.org> +snort-2.9.2.ebuild:
Bump
29 Sep 2011; Peter Volkov <pva@gentoo.org> snort-2.9.1.ebuild:
Fix inability to remove .la files, bug 384443 thank Juergen Rose for report
and Jason Wallace for fix.
*snort-2.9.1 (22 Sep 2011)
22 Sep 2011; Patrick Lauer <patrick@gentoo.org> +snort-2.9.1.ebuild,
+files/snort.confd.2, +files/snort.rc11, metadata.xml:
Bump for #382851, thanks to Jason Wallace
21 Sep 2011; Tony Vroon <chainsaw@gentoo.org> snort-2.9.0.5.ebuild:
Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo &
Elijah "Armageddon" El Lazkani in bug #382857.
24 Jul 2011; Kacper Kowalik <xarthisius@gentoo.org> snort-2.9.0.5.ebuild:
Marked ~ppc/~ppc64 wrt #351551
24 Apr 2011; Raúl Porcel <armin76@gentoo.org> snort-2.9.0.4-r1.ebuild,
snort-2.9.0.5.ebuild:
Add ~sparc wrt #351551
*snort-2.9.0.5 (13 Apr 2011)
13 Apr 2011; Patrick Lauer <patrick@gentoo.org> +snort-2.9.0.5.ebuild:
Bump for #362417
02 Apr 2011; Samuli Suominen <ssuominen@gentoo.org> snort-2.8.5.1.ebuild,
snort-2.8.5.3.ebuild, snort-2.8.6.ebuild, snort-2.8.6.1.ebuild:
Use net-libs/libpcap instead of virtual/libpcap wrt #358835.
17 Mar 2011; Patrick Lauer <patrick@gentoo.org> snort-2.9.0.4-r1.ebuild:
amd64 stable as I accidentally dropped .3 with stable keyword
17 Mar 2011; Patrick Lauer <patrick@gentoo.org> -snort-2.9.0.1.ebuild,
-snort-2.9.0.2.ebuild, -snort-2.9.0.3.ebuild, -snort-2.9.0.4.ebuild,
snort-2.9.0.4-r1.ebuild:
Push alpha keyword to .4 and remove old 2.9 versions
13 Mar 2011; Markus Meier <maekke@gentoo.org> snort-2.9.0.4-r1.ebuild:
add ~arm, bug #351551
07 Mar 2011; Tobias Klausmann <klausman@gentoo.org> snort-2.9.0.3.ebuild:
Keyworded on alpha, bug #351551
*snort-2.9.0.4-r1 (01 Mar 2011)
01 Mar 2011; Joshua Kinard <kumba@gentoo.org> +snort-2.9.0.4-r1.ebuild:
Fix #356905, upstream released a patch to address a bug with partial HTTP URI
decoding and incremented the internal build number, but did not bump the
version number on the available tarball. Build is now 111 from 110.
28 Feb 2011; Jeroen Roovers <jer@gentoo.org> snort-2.9.0.4.ebuild:
Do not install temporary log files (bug #356547).
26 Feb 2011; Thomas Kahle <tomka@gentoo.org> snort-2.9.0.4.ebuild:
x86 stable per bug 351549
25 Feb 2011; Patrick Lauer <patrick@gentoo.org> files/disabledynamic.patch:
Fixing patch
25 Feb 2011; Patrick Lauer <patrick@gentoo.org> files/disabledynamic.patch:
Fixing confused patch
*snort-2.9.0.4 (24 Feb 2011)
24 Feb 2011; Patrick Lauer <patrick@gentoo.org> +snort-2.9.0.4.ebuild,
+files/disabledynamic.patch, metadata.xml:
Bump for #355865, thanks to Jason Wallace
14 Jan 2011; Markos Chandras <hwoarang@gentoo.org> snort-2.9.0.3.ebuild:
Stable on amd64 wrt bug #351549
*snort-2.9.0.3 (13 Jan 2011)
13 Jan 2011; Patrick Lauer <patrick@gentoo.org> snort-2.8.5.1.ebuild,
+snort-2.9.0.3.ebuild:
Bump for #351459, dropping x86 stable keyword as libprelude dropped it.
*snort-2.9.0.2 (03 Dec 2010)
03 Dec 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.9.0.2.ebuild:
Bump for #347459
*snort-2.9.0.1 (02 Nov 2010)
02 Nov 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.9.0.1.ebuild,
+files/snort.rc10, metadata.xml:
Bump for #341013, many ebuild improvements by Jason Wallace and pva
*snort-2.8.6.1 (13 Aug 2010)
13 Aug 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.8.6.1.ebuild:
Bump, ebuild cleanups by Jason Wallace, fixes #331069
19 Jul 2010; Markus Meier <maekke@gentoo.org> snort-2.8.6.ebuild:
add ~arm, bug #301080
11 Jul 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.8.5.3.ebuild:
Readding last 2.8.5 release by popular request
18 Jun 2010; Patrick Lauer <patrick@gentoo.org> -snort-2.8.4.1.ebuild,
-snort-2.8.5.2.ebuild, -snort-2.8.5.3.ebuild:
Remove old
17 Jun 2010; Patrick Lauer <patrick@gentoo.org> snort-2.8.4.1.ebuild,
snort-2.8.5.1.ebuild, snort-2.8.5.2.ebuild, snort-2.8.5.3.ebuild,
snort-2.8.6.ebuild:
Migrating away from deprecated postgres virtuals
*snort-2.8.6 (02 Jun 2010)
02 Jun 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.8.6.ebuild,
metadata.xml:
Bump, fixes #319279. Thanks to Jason Wallace and Brett Edgar
*snort-2.8.5.3 (02 Mar 2010)
02 Mar 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.8.5.3.ebuild:
Bump for #307351, thanks to Jason Wallace
*snort-2.8.5.2 (04 Jan 2010)
04 Jan 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.8.5.2.ebuild:
Bump, thanks to Jason Wallace
26 Dec 2009; Raúl Porcel <armin76@gentoo.org> snort-2.8.5.1.ebuild:
Add ~sparc wrt #268620
26 Nov 2009; Joseph Jezak <josejx@gentoo.org> snort-2.8.5.1.ebuild:
Marked ppc stable for bug #291357.
17 Nov 2009; Brent Baude <ranger@gentoo.org> snort-2.8.5.1.ebuild:
Marking snort-2.8.5.1 ppc64 for bug 291357
07 Nov 2009; Tobias Klausmann <klausman@gentoo.org> snort-2.8.5.1.ebuild:
Stable on alpha, bug #291357
04 Nov 2009; Markus Meier <maekke@gentoo.org> snort-2.8.5.1.ebuild:
amd64/x86 stable, bug #291357
*snort-2.8.5.1 (02 Nov 2009)
02 Nov 2009; Patrick Lauer <patrick@gentoo.org> +snort-2.8.5.1.ebuild,
+files/snort.reload.rc1, metadata.xml:
Bump, thanks to Jason Wallace. Fixes #291558 #291604 #291357
12 Sep 2009; Víctor Ostorga <vostorga@gentoo.org>
-files/snort-2.6.1.1-libnet.patch, -files/snort-2.6.1.2-libdir.patch,
-files/snort-2.6.1.2-react.patch, -files/snort-2.6.1.4-libdnet-ip6.patch,
-files/snort-2.6.1.4-server_stats.patch,
-files/snort-2.8.3.1-libnet.patch, -files/snort.rc7, -files/snort.rc8,
-files/spo_database_fix.patch:
Cleaning out unused files
17 Aug 2009; Patrick Lauer <patrick@gentoo.org> snort-2.8.4.1.ebuild:
Small typo fix, closes #279926
31 May 2009; Patrick Lauer <patrick@gentoo.org> -snort-2.6.1.3-r1.ebuild,
-snort-2.6.1.4.ebuild, -snort-2.6.1.4-r1.ebuild, -snort-2.7.0.1.ebuild,
-snort-2.8.3.1.ebuild, -snort-2.8.4-r2.ebuild, metadata.xml:
Removing old
31 May 2009; Patrick Lauer <patrick@gentoo.org> -snort-2.4.5.ebuild:
Removing old for #271680
25 May 2009; Peter Volkov <pva@gentoo.org> snort-2.8.4.1.ebuild:
emake should have die at the end.
21 May 2009; Brent Baude <ranger@gentoo.org> snort-2.8.4.1.ebuild:
stable ppc, bug 268620
13 May 2009; Markus Meier <maekke@gentoo.org> snort-2.8.4.1.ebuild:
amd64/x86 stable, bug #268620
11 May 2009; Peter Volkov <pva@gentoo.org> metadata.xml:
Added Jason Wallace to maintainers.
11 May 2009; Brent Baude <ranger@gentoo.org> snort-2.8.4.1.ebuild:
stable ppc64, bug 268620
09 May 2009; Tobias Klausmann <klausman@gentoo.org> snort-2.8.4.1.ebuild:
Stable on alpha, bug #268620
*snort-2.8.4.1 (05 May 2009)
05 May 2009; Patrick Lauer <patrick@gentoo.org> +snort-2.8.4.1.ebuild:
Bump to 2.8.4.1, thanks to Jason Wallace. Closes #268620
*snort-2.8.4-r2 (30 Apr 2009)
30 Apr 2009; Patrick Lauer <patrick@gentoo.org> -snort-2.8.4.ebuild,
-snort-2.8.4-r1.ebuild, +snort-2.8.4-r2.ebuild:
Lots of small fixes thanks to Jason Wallace. Fixes #266930.
*snort-2.8.4-r1 (18 Apr 2009)
18 Apr 2009; Patrick Lauer <patrick@gentoo.org> +snort-2.8.4-r1.ebuild:
Small compilation fix for ipv6+prelude useflag combo. Thanks to Jason
Wallace.
*snort-2.8.4 (17 Apr 2009)
17 Apr 2009; Patrick Lauer <patrick@gentoo.org>
+files/snort-2.8.4-libnet.patch, +files/pcap_memory.patch,
files/snort.confd, +files/snort.rc9, +files/spo_database_fix.patch,
metadata.xml, +snort-2.8.4.ebuild:
Bump to 2.8.4. Reworked ebuild thanks to Jason Wallace. Lots of changes,
see bug #266288 for details.
*snort-2.6.1.4-r1 (01 Mar 2009)
01 Mar 2009; Patrick Lauer <patrick@gentoo.org>
+files/snort-2.6.1.4-server_stats.patch, +snort-2.6.1.4-r1.ebuild:
Fixing snort 2.6.1.4 for gcc 4.3.3 / foritfy_sources. Fixes #258487. Patch
by Attila Fazekas.
26 Jan 2009; Mike Frysinger <vapier@gentoo.org> snort-2.8.3.1.ebuild:
Drop usage of USE=pic here.
02 Jan 2009; Tobias Scherbaum <dertobi123@gentoo.org>
snort-2.8.3.1.ebuild:
Fix postgres dep, #253429
31 Dec 2008; Tobias Scherbaum <dertobi123@gentoo.org> metadata.xml,
snort-2.8.3.1.ebuild:
Various QA fixes, as requested by Mr_Bones_. Also describe local use-flags
(and switch pthreads to just threads), though those local use-flags do need
some better descriptions. Hey, at least I do care ...
*snort-2.8.3.1 (23 Nov 2008)
23 Nov 2008; Marcelo Goes <vanquirius@gentoo.org>
+files/snort-2.8.3.1-libnet.patch, +snort-2.8.3.1.ebuild:
2.8.3.1 version bump with many changes for bug 245752. Thanks to Jason
Wallace <jason.r.wallace at gmail dot com> and Antixrict <antixrict at
inbox.lv> for the rewrite. Currently in package.mask for testing.
04 Aug 2008; Jeroen Roovers <jer@gentoo.org> metadata.xml:
Describe local USE flags for GLEP 56.
21 May 2008; Tiziano Müller <dev-zero@gentoo.org> snort-2.4.5.ebuild,
snort-2.6.1.3-r1.ebuild, snort-2.6.1.4.ebuild, snort-2.7.0.1.ebuild:
Changed dependency for postgresql from dev-db/postgresql to
virtual/postgresql-server
19 May 2008; Tiziano Müller <dev-zero@gentoo.org> snort-2.4.5.ebuild,
snort-2.6.1.3-r1.ebuild, snort-2.6.1.4.ebuild, snort-2.7.0.1.ebuild:
Changed dependency for postgresql to virtual/postgresql-base
13 May 2008; Ferris McCormick <fmccor@gentoo.org> snort-2.6.1.3-r1.ebuild,
snort-2.6.1.4.ebuild:
Making ~sparc again for testing, Bug #221917
*snort-2.7.0.1 (05 Sep 2007)
05 Sep 2007; Markus Ullmann <jokey@gentoo.org> +snort-2.7.0.1.ebuild:
Version bump wrt bug #185501, needs more testing
22 Apr 2007; Daniel Black <dragonheart@gentoo.org> +files/snort.rc7,
-files/snort.rc9, +snort-2.4.5.ebuild, snort-2.6.1.4.ebuild,
-snort-2.6.1.4-r1.ebuild:
snort.conf default to install to /etc/snort/snort.conf.distrib like the init
script says. No includes proper amd64 library paths too
07 Apr 2007; Raphael Marichez <falco@gentoo.org>
+files/snort-2.6.1.4-libdnet-ip6.patch, snort-2.6.1.4.ebuild:
Fix #173594, ip6 header redeclaration if libdnet.
*snort-2.6.1.4 (06 Apr 2007)
06 Apr 2007; Marcelo Goes <vanquirius@gentoo.org> +snort-2.6.1.4.ebuild:
2.6.1.4 version bump.
28 Feb 2007; Daniel Black <dragonheart@gentoo.org>
snort-2.6.1.3-r1.ebuild:
ewarn fixed as per bug #168714 thanks to Toralf
*snort-2.6.1.3-r1 (28 Feb 2007)
28 Feb 2007; Daniel Black <dragonheart@gentoo.org> -snort-2.6.1.3.ebuild,
+snort-2.6.1.3-r1.ebuild:
-m better default config thanks to Mike Gualtieri as per bug #166874
27 Feb 2007; Tobias Scherbaum <dertobi123@gentoo.org>
snort-2.6.1.3.ebuild:
Stable on ppc wrt bug #167730.
27 Feb 2007; Steve Dibb <beandog@gentoo.org> snort-2.6.1.3.ebuild:
amd64 stable, security bug 167730
21 Feb 2007; Daniel Black <dragonheart@gentoo.org> snort-2.6.1.2.ebuild,
snort-2.6.1.3.ebuild:
gre patches included in the latest. Fix ebuild error with USE=gre too.
Thanks Tobias bug #167730
20 Feb 2007; Markus Rothe <corsair@gentoo.org> snort-2.6.1.3.ebuild:
Stable on ppc64; bug #167730
20 Feb 2007; Markus Ullmann <jokey@gentoo.org> snort-2.6.1.3.ebuild:
Stable on x86 for bug #167730
*snort-2.6.1.3 (20 Feb 2007)
20 Feb 2007; Markus Ullmann <jokey@gentoo.org> +snort-2.6.1.3.ebuild:
Security bump wrt bug #167730
11 Feb 2007; Simon Stelling <blubb@gentoo.org>
+files/snort-2.6.1.2-libdir.patch, snort-2.6.1.2.ebuild:
fix multilib-strict and mark stable on amd64; security bug 161632
01 Feb 2007; Markus Ullmann <jokey@gentoo.org>
+files/snort-2.6.1.2-react.patch, snort-2.6.1.2.ebuild:
Add patch for react failure, see bug #162598 for details, thanks to
perry@csk.pl
31 Jan 2007; Tobias Scherbaum <dertobi123@gentoo.org>
snort-2.6.1.2.ebuild:
Stable on ppc wrt bug #161632.
27 Jan 2007; Raúl Porcel <armin76@gentoo.org> snort-2.6.1.2.ebuild:
x86 stable wrt bug 161632
27 Jan 2007; Markus Rothe <corsair@gentoo.org> snort-2.6.1.2.ebuild:
Stable on ppc64; bug #161632
*snort-2.6.1.2 (17 Jan 2007)
17 Jan 2007; Markus Ullmann <jokey@gentoo.org>
+files/snort-2.6.1.1-gre.patch, -snort-2.6.0.ebuild,
-snort-2.6.1.1.ebuild, +snort-2.6.1.2.ebuild:
Fix for security bug #161632 and bug #161750
25 Nov 2006; Cedric Krier <cedk@gentoo.org> snort-2.4.5.ebuild:
Fix bug #149496
*snort-2.6.1.1 (25 Nov 2006)
25 Nov 2006; Cedric Krier <cedk@gentoo.org>
+files/snort-2.6.1.1-libnet.patch, +files/snort.rc8,
+snort-2.6.1.1.ebuild:
Version bump thanks to Jason Wallace
23 Nov 2006; Francesco Riosa <vivo@gentoo.org> snort-2.4.5.ebuild,
snort-2.6.0.ebuild:
dev-db/mysql => virtual/mysql
31 Oct 2006; Markus Ullmann <jokey@gentoo.org> snort-2.6.0.ebuild:
Adding -j1 o fix parallel make issue
09 Oct 2006; Markus Ullmann <jokey@gentoo.org> snort-2.4.5.ebuild,
snort-2.6.0.ebuild:
Updating deps wrt bug #143033
20 Sep 2006; Stefaan De Roeck <stefaan@gentoo.org> snort-2.6.0.ebuild:
Keyworded ~alpha, as there seems to be no reason to keep -alpha
*snort-2.6.0 (08 Jul 2006)
08 Jul 2006; Marcelo Goes <vanquirius@gentoo.org> +snort-2.6.0.ebuild:
2.6.0 version bump for bug 136250. Thanks to Ed Davison <ed.davison at
mccombs dot utexas dot edu>, Andrew Ross <aross at westnet dot com dot au>,
Jason Wallace <jason.r.wallace at gmail dot com> and Brett Edgar <bedgar at
desasecurity dot com>. Currently in package.mask for testing.
08 Jul 2006; Marcelo Goes <vanquirius@gentoo.org>
-files/2.3.0-libnet-1.0.patch, -files/snort-2.3.3-log.c.diff,
-files/snort-2.4.4-demarc-patch.diff, -files/snort.rc6,
-snort-2.3.3.ebuild, -snort-2.3.3-r1.ebuild, -snort-2.4.3.ebuild,
-snort-2.4.3-r1.ebuild, -snort-2.4.3-r2.ebuild, -snort-2.4.4.ebuild,
-snort-2.4.4-r1.ebuild:
Remove old ebuilds and unused files.
10 Jun 2006; Thomas Cort <tcort@gentoo.org> snort-2.4.5.ebuild:
Stable on amd64 wrt security Bug #135112.
07 Jun 2006; Mark Loeser <halcy0n@gentoo.org> snort-2.4.5.ebuild:
Stable on x86; bug #135112
06 Jun 2006; Tobias Scherbaum <dertobi123@gentoo.org> snort-2.4.5.ebuild:
ppc stable, bug #135112
06 Jun 2006; Markus Rothe <corsair@gentoo.org> snort-2.4.5.ebuild:
Stable on ppc64; bug #135112
06 Jun 2006; Markus Ullmann <jokey@gentoo.org> snort-2.3.3.ebuild,
snort-2.3.3-r1.ebuild, snort-2.4.3.ebuild, snort-2.4.3-r1.ebuild,
snort-2.4.3-r2.ebuild, snort-2.4.4.ebuild, snort-2.4.4-r1.ebuild,
snort-2.4.5.ebuild:
Changing dep to virtual/libpcap wrt bug #117898
*snort-2.4.5 (06 Jun 2006)
06 Jun 2006; Markus Ullmann <jokey@gentoo.org> +snort-2.4.5.ebuild:
Version bump wrt bug #135112
*snort-2.4.4-r1 (01 Jun 2006)
01 Jun 2006; Markus Ullmann <jokey@gentoo.org> +snort-2.4.4-r1.ebuild:
Applying security patch from bug #135112
30 Apr 2006; Simon Stelling <blubb@gentoo.org> snort-2.4.3-r1.ebuild:
stable on amd64
*snort-2.4.4 (09 Mar 2006)
09 Mar 2006; Marcelo Goes <vanquirius@gentoo.org> +snort-2.4.4.ebuild:
2.4.4 version bump for bug 125607, requested by Ken Garland <garlandkr at
gmail dot com>.
20 Feb 2006; Markus Rothe <corsair@gentoo.org> snort-2.4.3-r1.ebuild:
Stable on ppc64
17 Feb 2006; Michael Hanselmann <hansmi@gentoo.org> snort-2.4.3-r1.ebuild:
Stable on ppc.
*snort-2.4.3-r2 (17 Feb 2006)
17 Feb 2006; Marcelo Goes <vanquirius@gentoo.org> +files/snort.rc7,
+snort-2.4.3-r2.ebuild:
Add --pidfile option to init script for bug 123169. Thanks to Eric Brown
<bigwhitecow at hotmail dot com>.
15 Feb 2006; Markus Ullmann <jokey@gentoo.org> snort-2.3.3.ebuild,
snort-2.3.3-r1.ebuild, snort-2.4.3.ebuild, snort-2.4.3-r1.ebuild:
Removing virtual/libpcap wrt bug #117898
14 Feb 2006; Mark Loeser <halcy0n@gentoo.org> snort-2.4.3-r1.ebuild:
Stable on x86; bug #118708
*snort-2.4.3-r1 (27 Jan 2006)
27 Jan 2006; Marcelo Goes <vanquirius@gentoo.org> -snort-2.4.1.ebuild,
-snort-2.4.1-r1.ebuild, +snort-2.4.3-r1.ebuild:
Install basic rules for bug 110103. Thanks to Mark Conway <mark dot conway
at themobiusprojectdot com> and Donald R. Gray Jr <donaldgray at dslextreme
dot com>.
03 Dec 2005; Tom Gall <tgall@gentoo.org> snort-2.3.3-r1.ebuild:
stable on ppc64
26 Nov 2005; Benjamin Smee <strerror@gentoo.org> files/snort.rc6:
Change to init script to accept CONF
*snort-2.4.3 (19 Oct 2005)
19 Oct 2005; Benjamin Smee <strerror@gentoo.org> +snort-2.4.3.ebuild:
revbump for bug #109730
*snort-2.4.1-r1 (08 Oct 2005)
08 Oct 2005; Benjamin Smee <strerror@gentoo.org> +snort-2.4.1-r1.ebuild:
New conf.d and init.d files as well as sguil integration
25 Sep 2005; Marcelo Goes <vanquirius@gentoo.org> -snort-2.3.0-r1.ebuild,
-snort-2.3.2.ebuild, snort-2.3.3-r1.ebuild, snort-2.4.1.ebuild:
Remove old ebuilds, depend on >=dev-libs/libprelude-0.9.0.
21 Sep 2005; Mark Loeser <halcy0n@gentoo.org> snort-2.3.3.ebuild:
Stable on x86
17 Sep 2005; Michael Hanselmann <hansmi@gentoo.org> snort-2.3.3.ebuild:
Stable on ppc.
*snort-2.4.1 (17 Sep 2005)
17 Sep 2005; Marcelo Goes <vanquirius@gentoo.org>
+files/snort-2.3.3-log.c.diff, snort-2.3.3.ebuild, snort-2.3.3-r1.ebuild,
-snort-2.4.0.ebuild, +snort-2.4.1.ebuild:
Add patch and 2.4.1 version bump for bug 105852.
03 Sep 2005; <soulse@gentoo.org> snort-2.4.0.ebuild:
Fixed ebuild as per bug #103482 thanks to yoann@prelude-ids.org
23 Aug 2005; Aaron Walker <ka0ttic@gentoo.org> snort-2.3.0-r1.ebuild,
snort-2.3.2.ebuild, snort-2.3.3.ebuild, snort-2.3.3-r1.ebuild,
snort-2.4.0.ebuild:
Use -1 instead of /bin/false, bug #103421.
03 Aug 2005; Marcelo Goes <vanquirius@gentoo.org> snort-2.4.0.ebuild:
Install community rules.
01 Aug 2005; Marcelo Goes <vanquirius@gentoo.org> snort-2.4.0.ebuild:
In Soviet Russia, prelude enables you. Using use_enable instead of use_with
for prelude. Thanks to BaSS and dragonheart for pointing this out.
29 Jul 2005; Daniel Black <dragonheart@gentoo.org> snort-2.3.0-r1.ebuild,
snort-2.3.2.ebuild, snort-2.3.3.ebuild, snort-2.3.3-r1.ebuild,
snort-2.4.0.ebuild:
removed die from epatch || die.
29 Jul 2005; Marcelo Goes <vanquirius@gentoo.org> snort-2.4.0.ebuild:
Use Gentoo mirrors for patches instead of my dev space.
*snort-2.4.0 (29 Jul 2005)
29 Jul 2005; Marcelo Goes <vanquirius@gentoo.org>
-files/2.0.6-libnet-1.0.patch, -files/2.1.2-libnet-1.0.patch,
-files/snort-2.0.6-gcc3.patch, -files/snort-2.1.2-gcc3.patch,
-files/snort-2.1.3-gcc3.patch, -files/snort-drop-calculation.diff,
-snort-2.0.6.ebuild, -snort-2.1.3.ebuild, -snort-2.2.0.ebuild,
-snort-2.3.0_rc2.ebuild, -snort-2.3.0.ebuild, +snort-2.4.0.ebuild,
-snort-2.4.20050508.ebuild:
Removing ebuilds prior to 2.3.0 and 2.4.0 version bump.
25 Jul 2005; Marcelo Goes <vanquirius@gentoo.org> snort-2.3.3-r1.ebuild:
Move snort user code from pkg_preinst to pkg_setup, changed it a bit. Fixes
bug 94161. Thanks to kakou <kakou@kakou.org> and Marco Morales
<soulse@gmail.com>.
24 Jul 2005; Marcelo Goes <vanquirius@gentoo.org> snort-2.3.3-r1.ebuild:
Fix RULEPATH in example config. Fixes bug 99397. Thanks to Marco Morales
<soulse@gmail.com>.
27 Jun 2005; Markus Rothe <corsair@gentoo.org> snort-2.3.3-r1.ebuild,
snort-2.4.20050508.ebuild:
Added ~ppc64
25 Jun 2005; Marcelo Goes <vanquirius@gentoo.org> snort-2.3.3-r1.ebuild:
Install rules in /etc/snort/rules for cleaner layout. Fixes bug 95368.
Thanks to Greg Watson <bugs@linuxlogin.com>.
26 May 2005; Marcelo Goes <vanquirius@gentoo.org> :
Took snort-2.3.3-r1 out of package.mask.
*snort-2.3.3-r1 (08 May 2005)
08 May 2005; Marcelo Goes <vanquirius@gentoo.org> +snort-2.3.3-r1.ebuild,
+snort-2.4.20050508.ebuild:
Prelude patching fun. Making snort-2.3.3-r1 depend on >=libprelude-0.9.0_rc1
and using patch from their mailing list, as pointed out by Yoann
Vandoorselaere <yoann@prelude-ids.org>. Also, I made a cvs snapshot of
snort-2.4, which does not require patching anymore, since prelude patches were
accepted in snort. Of course, both new ebuilds are in package.mask for testing
- I expect unexpected borks. This hopefully fixes bug 91820. Thanks to dago
<dago158@bluewin.ch> for reporting.
*snort-2.3.3 (07 May 2005)
07 May 2005; Aaron Walker <ka0ttic@gentoo.org> +snort-2.3.3.ebuild:
Version bump for bug 91673.
19 Apr 2005; Aaron Walker <ka0ttic@gentoo.org> snort-2.3.2.ebuild:
Marked stable on x86.
22 Mar 2005; Aaron Walker <ka0ttic@gentoo.org> snort-2.3.2.ebuild:
Fix missing patch for bug 86219.
*snort-2.3.2 (19 Mar 2005)
19 Mar 2005; Aaron Walker <ka0ttic@gentoo.org> snort-2.3.0-r1.ebuild,
+snort-2.3.2.ebuild:
Version bump; marked 2.3.0-r1 stable on x86.
09 Feb 2005; Aaron Walker <ka0ttic@gentoo.org> snort-2.3.0-r1.ebuild,
snort-2.3.0.ebuild, snort-2.3.0_rc2.ebuild:
Fix typo in pkg_postinst for bug 81415.
07 Feb 2005; Daniel Black <dragonheart@gentoo.org> snort-2.3.0-r1.ebuild:
ppc stable
*snort-2.3.0-r1 (06 Feb 2005)
06 Feb 2005; Aaron Walker <ka0ttic@gentoo.org> +snort-2.3.0-r1.ebuild,
snort-2.3.0.ebuild:
Revision bump for bug 80831; added sguil support. Marked 2.3.0 stable on x86.
29 Jan 2005; Daniel Black <dragonheart@gentoo.org> snort-2.0.6.ebuild,
snort-2.1.3.ebuild, snort-2.2.0.ebuild, snort-2.3.0.ebuild,
snort-2.3.0_rc2.ebuild:
changed net-libs/libpcap depend to virtual/libcap
*snort-2.3.0 (27 Jan 2005)
27 Jan 2005; Aaron Walker <ka0ttic@gentoo.org>
+files/2.3.0-libnet-1.0.patch, -files/2.3.0_rc2-libnet-1.0.patch,
+snort-2.3.0.ebuild, snort-2.3.0_rc2.ebuild:
2.3.0 final; added support for snort-inline via USE=inline. Updated
libnet-1.0 patch to also patch inline.c. Closes bugs 79708 and 79664.
25 Jan 2005; Daniel Black <dragonheart@gentoo.org> snort-2.0.6.ebuild,
snort-2.1.3.ebuild, snort-2.2.0.ebuild, snort-2.3.0_rc2.ebuild:
change shell of snort user to /bin/false as per bug #79216. Thanks to Sascha
Nitsch <gentoobugs@linuxhowtos.org>
25 Jan 2005; Aaron Walker <ka0ttic@gentoo.org> snort-2.3.0_rc2.ebuild:
Run autoreconf since it looks like autogen.sh is no longer provided; fixes
bug 79389.
11 Jan 2005; Jason Wever <weeve@gentoo.org> snort-2.0.6.ebuild,
snort-2.1.3.ebuild, snort-2.2.0.ebuild, snort-2.3.0_rc2.ebuild:
Masked on sparc wrt bugs #29661 and #75395.
11 Jan 2005; Daniel Black <dragonheart@gentoo.org> snort-2.3.0_rc2.ebuild:
unmasked and x86, ppc stable
*snort-2.3.0_rc2 (11 Jan 2005)
11 Jan 2005; Daniel Black <dragonheart@gentoo.org>
+files/2.3.0_rc2-libnet-1.0.patch, +snort-2.3.0_rc2.ebuild:
Version bump as per security bug #75395. Still masked pending
further testing
28 Nov 2004; Eldad Zack <eldad@gentoo.org> snort-2.1.3.ebuild,
snort-2.2.0.ebuild:
Small post install info error. Thanks to John Barton
<jbarton@technicalworks.net> for reporting. Closes #72570.
30 Oct 2004; Eldad Zack <eldad@gentoo.org> -snort-2.1.2.ebuild,
snort-2.2.0.ebuild:
x86 stable.
29 Oct 2004; Eldad Zack <eldad@gentoo.org> snort-2.1.3.ebuild,
snort-2.2.0.ebuild:
Added einfo for MySQL/PostgreSQL usage. Closes #68922.
16 Aug 2004; Eldad Zack <eldad@gentoo.org> snort-2.1.3.ebuild,
snort-2.2.0.ebuild:
x86 stable. added ~ppc which was omitted between 2.1.2 and 2.1.3.
*snort-2.2.0 (15 Aug 2004)
15 Aug 2004; Eldad Zack <eldad@gentoo.org> -snort-2.1.0-r1.ebuild,
-snort-2.1.0.ebuild, +snort-2.2.0.ebuild:
Version bump
01 Jul 2004; Jon Hood <squinky86@gentoo.org> snort-2.0.6.ebuild,
snort-2.1.0-r1.ebuild, snort-2.1.0.ebuild, snort-2.1.1.ebuild,
snort-2.1.2.ebuild, snort-2.1.3.ebuild:
change virtual/glibc to virtual/libc
*snort-2.1.3 (01 Jul 2004)
01 Jul 2004; Eldad Zack <eldad@gentoo.org> +files/snort-2.1.3-gcc3.patch,
+snort-2.1.3.ebuild:
Version bump, added snortsam support.
19 Jun 2004; Michael Hanselmann <hansmi@gentoo.org> snort-2.0.6.ebuild:
Marked snort 2.0.6 as ~ppc
19 Jun 2004; David Holm <dholm@gentoo.org> snort-2.1.2.ebuild:
Added to ~ppc.
19 May 2004; Michael Boman <mboman@gentoo.org> snort-1.9.1-r3.ebuild,
snort-2.0.0.ebuild, snort-2.0.1-r1.ebuild, snort-2.0.2.ebuild,
snort-2.0.5-r1.ebuild, snort-2.0.5-r2.ebuild, snort-2.0.5.ebuild,
files/1.9.1-libnet-1.0.patch, files/2.0.0-libnet-1.0.patch,
files/2.0.1-libnet-1.0.patch, files/2.0.2-libnet-1.0.patch,
files/2.0.5-libnet-1.0.patch, files/snort-1.9.0-gentoo.diff,
files/snort-1.9.1-alpha-core_vuln.diff, files/snort-1.9.1-alpha.patch,
files/snort-1.9.1-configure.patch, files/snort-2.0.2-gcc3.patch,
files/snort-2.0.5-gcc3.patch:
Cleaning out old ebuilds
17 May 2004; Michael Boman <mboman@gentoo.org> snort-2.1.2.ebuild:
Mark 2.1.2 stable on x86
14 Apr 2004; Jon Hood <squinky86@gentoo.org> files/2.1.2-libnet-1.0.patch:
added patch, fixes #47229
06 Apr 2004; Joshua Brindle <method@gentoo.org> snort-2.1.1.ebuild,
snort-2.1.2.ebuild:
added selinux policy to rdepend
01 Apr 2004; Michael Boman <mboman@gentoo.org> snort-2.1.1.ebuild:
Marked stable on x86
*snort-2.1.2 (01 Apr 2004)
01 Apr 2004; Michael Boman <mboman@gentoo.org> snort-2.1.2.ebuild,
files/snort-2.1.2-gcc3.patch:
New upstream version.
16 Mar 2004; Michael Boman <mboman@gentoo.org> snort-2.0.0.ebuild,
snort-2.0.1-r1.ebuild, snort-2.0.2.ebuild, snort-2.0.5-r1.ebuild,
snort-2.0.5.ebuild, snort-2.1.0.ebuild, snort-2.1.1.ebuild:
Changed ebuilds to use 'sed -i ...' instead of 'sed ... < file > file.new'
syntax.
*snort-2.1.1 (09 Mar 2004)
09 Mar 2004; Michael Boman <mboman@gentoo.org> snort-2.1.1.ebuild,
files/2.1.1-libnet-1.0.patch, files/snort-2.1.1-gcc3.patch,
files/snort-2.1.1-pgsql.patch:
New upstream version. Closes #44067.
08 Mar 2004; Michael Boman <mboman@gentoo.org> files/2.0.6-libnet-1.0.patch:
Added missing file. Closing bug #43990.
04 Mar 2004; Jason Wever <weeve@gentoo.org> snort-2.0.6.ebuild:
Marked stable on sparc. If you have any problems on sparc, check gentoo bug
#29661.
*snort-2.1.0-r1 (08 Jan 2004)
08 Jan 2004; Michael Boman <mboman@gentoo.org> snort-2.1.0-r1.ebuild,
files/snort-2.1.0-pgsql.patch:
Made use of 'doc' USE flag to install signature documentation. Patched
configure.in to solve bug #37436.
07 Jan 2004; Michael Boman <mboman@gentoo.org> snort-2.1.0.ebuild:
Forgot to include the threshold.conf file in the installation process.
*snort-2.1.0 (06 Jan 2004)
06 Jan 2004; Michael Boman <mboman@gentoo.org> snort-2.1.0.ebuild,
files/2.1.0-libnet-1.0.patch, files/snort-2.1.0-gcc3.patch:
New upstream version. Breaks prelude support, samba support is now
obsoleted by upstream. Ebuild with prelude support will follow once
a updated patch is made availble.
*snort-2.0.6 (21 Dec 2003)
21 Dec 2003; Michael Boman <mboman@gentoo.org> snort-2.0.6.ebuild:
New upstream version
20 Dec 2003; Michael Boman <mboman@gentoo.org> snort-2.0.5-r2.ebuild:
Bump to stable on x86
Added ~amd64 to KEYWORDS (fixes bug #36098)
16 Dec 2003; Mike Frysinger <vapier@gentoo.org> :
Port the libnet-1.0 patch to snort-2.0.0 to help out the sparc peeps.
*snort-2.0.5-r2 (09 Dec 2003)
09 Dec 2003; Michael Boman <mboman@gentoo.org> snort-2.0.5-r2.ebuild:
Forgot to add etc/prelude-classification.config to the files that should be in
/etc/snort if you are using prelude
09 Dec 2003; Michael Boman <mboman@gentoo.org> snort-2.0.5-r2.ebuild:
Added patch to fix drop packet calculations
*snort-2.0.5-r1 (28 Nov 2003)
28 Nov 2003; Michael Boman <mboman@gentoo.org> snort-2.0.5-r1.ebuild:
- Made flexresp optional (controlled by "flexresp" local USE flag), closes #34150.
- Made smbalert optional (controlled by "samba" USE flag).
- Threading support was never officially supported in Snort, and has
been removed from ebuild now as the code is, if not already has been,
cleaned from the source tree.
- Updated prelude patch.
- Assigned myself as the primary maintainer of this ebuild, with the
hardened as the herd.
*snort-2.0.5 (24 Nov 2003)
24 Nov 2003; Daniel Ahlberg <aliz@gentoo.org> snort-2.0.5.ebuild :
Version bump. Closing #29609 and #32950.
28 Oct 2003; Martin Holzer <mholzer@gentoo.org> snort-2.0.2.ebuild:
adding gcc3 patch. Closes #30540.
08 Oct 2003; Jason Wever <weeve@gentoo.org> snort-2.0.2.ebuild:
masked on sparc until bug #30540 is fixed.
*snort-2.0.2 (06 Oct 2003)
06 Oct 2003; Daniel Ahlberg <aliz@gentoo.org> snort-2.0.2.ebuild:
Version bump
*snort-2.0.1-r1 (21 Aug 2003)
21 Aug 2003; Mike Frysinger <vapier@gentoo.org> :
Patch to compile against SLOT-ed libnet-1.0.x #17772.
Also fix user adding to enewuser/enewgroup and switch use
flags over to `use_enable`.
*snort-1.9.1-r3 (21 Aug 2003)
21 Aug 2003; Mike Frysinger <vapier@gentoo.org> :
Patch to compile against SLOT-ed libnet-1.0.x #17772.
Also fix user adding to enewuser/enewgroup and switch use
flags over to `use_enable`.
*snort-2.0.1 (09 Aug 2003)
11 Aug 2003; <solar@gentoo.org> snort-2.0.1.ebuild,
files/snort-2.0.1+prelude.patch:
Snort 2.0.x does not support snmp bug #26310, Moved large prelude patch to
mirror://
09 Aug 2003; <mboman@gentoo.org> snort-2.0.1.ebuild,
files/snort-2.0.1+prelude.patch:
Added libprelude support to snort. Closes bug 19672.
Upgraded to new upstream version (2.0.1)
*snort-1.9.1-r2 (22 Apr 2003)
22 Apr 2003; Tavis Ormandy <taviso@gentoo.org> snort-1.9.1-r2.ebuild,
snort-2.0.0.ebuild, files/snort-1.9.1-alpha-core_vuln.diff:
snort 2.0.0 is broken on Alpha, backporting the integer overflow fix to snort
1.9.1 while its being fixed, and bumping version
22 Apr 2003; Daniel Ahlberg <aliz@gentoo.org> snort-2.0.0.ebuild files/snort.confd :
Closing #11643. Unmasking becuse of GLSA.
*snort-2.0.0 (16 Apr 2003)
16 Apr 2003; Joshua Brindle <method@gentoo.org> Manifest,
snort-2.0.0.ebuild:
2.0.0 released, yay
*snort-1.9.1-r1 (29 Mar 2003)
29 Mar 2003; Aron Griffis <agriffis@gentoo.org> snort-1.9.1-r1.ebuild,
files/snort-1.9.1-alpha.patch:
Add patch and bump revision for alpha. Thanks to Tavis Ormandy for providing
this in bug #18258
*snort-1.9.1 (04 Mar 2003)
04 Mar 2003; Daniel Ahlberg <aliz@gentoo.org> :
Security update.
06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
*snort-1.9.0 (24 Oct 2002)
24 Oct 2002; Daniel Ahlberg <aliz@gentoo.org> :
Version bump. Found by Torgeir Hansen <torgeir@trenger.ro> in #8925.
Added support for specifying listening interface. Closes #6822.
Addes support for snmp, closes #7299.
Locked down dependency on libnet some more.
*snort-1.8.7 (23 Jul 2002)
24 Oct 2002; Daniel Ahlberg <aliz@gentoo.org> files/snort.confd :
Added support for specifying listening interface. Closes #6822.
Locked down dependency on libnet some more.
30 Aug 2002; Seemant Kulleen <seemant@gentoo.org> snort-1.8.7.ebuild :
/var/log/snort now has a .keep in it. Closes bug #7271 by
mcummings@gentoo.org (Michael Cummings)
26 Jul 2002; Daniel Ahlberg <aliz@gentoo.org> snort-1.8.7.ebuild snort-1.8.6.ebuild :
Fix for bug #5592.
23 Jul 2002; Daniel Ahlberg <aliz@gentoo.org> snort-1.8.7.ebuild :
New version.
*snort-1.8.6 (11 Mar 2003)
13 Jul 2003; Daniel Ahlberg <aliz@gentoo.org> :
Added missing changelog entry.
*snort-1.8.5 (6 Apr 2002)
18 Jul 2002; Kyle Manna <nitro@gentoo.org> snort-1.8.6.ebuild :
Added KEYWORDS.
28 Jun 2002; Thilo Bangert <bangert@gentoo.org> :
moved to net-analyzer - added SLOT - added LICENSE
6 Apr 2002; Matthew Kennedy <mkennedy@gentoo.org> ChangeLog,
snort-1.8.5.ebuild, files/digest-snort-1.8.5:
Added dependency for PostgreSQL. Moved netlib dep from RDEPEND to
DEPEND (it is statically linked). Version bump to latest.
*snort-1.8.3-r1 (8 Feb 2002)
8 Feb 2002; Donny Davies <woodchip@gentoo.org> Changelog,
snort-1.8.3-r1.ebuild, files/digest-snort-1.8.3-r1,
files/snort.confd, files/snort.rc6 files/snort.conf :
Fix for nonexistant /etc/conf.d/snort. Make user/group addition
a little smarter.
*snort-1.8.3 (1 Feb 2002)
1 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog :
Added initial ChangeLog which should be updated whenever the package is
updated in any way. This changelog is targetted to users. This means that the
comments should well explained and written in clean English. The details about
writing correct changelogs are explained in the skel.ChangeLog file which you
can find in the root directory of the portage repository.

1
net-analyzer/snort/Manifest
View File

@ -1 +0,0 @@
DIST snort-2.9.2.2.tar.gz 6529966 SHA256 63f4eeee24d79e4a4e4b573e085d0d2fd78fcf3b7ea730c37eab7b47fcd9b954

16
net-analyzer/snort/files/snort.confd.2
View File

@ -1,16 +0,0 @@
# Config file for /etc/init.d/snort
# The following options are now set in your snort.conf file:
# config set_gid:
# config set_uid:
# config snaplen:
# config bpf_file:
# config logdir:
# The only options that should be set here are SNORT_IFACE and SNORT_CONF.
# This tell snort which interface to listen on (any for every interface)
SNORT_IFACE="eth1"
# Probably not this either
SNORT_CONF="/etc/snort/snort.conf"

57
net-analyzer/snort/files/snort.rc11
View File

@ -1,57 +0,0 @@
#!/sbin/runscript
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc11,v 1.1 2011/09/22 17:39:51 patrick Exp $
opts="checkconfig reload"
depend() {
need net
after mysql
after postgresql
}
checkconfig() {
if [ ! -e ${SNORT_CONF} ] ; then
eerror "You need a configuration file to run snort"
eerror "There is an example config in /etc/snort/snort.conf.distrib"
return 1
fi
}
start() {
checkconfig || return 1
ebegin "Starting snort"
start-stop-daemon --start --quiet --exec /usr/bin/snort \
-- --nolock-pidfile --pid-path /var/run/snort -D -i ${SNORT_IFACE} \
-c ${SNORT_CONF} >/dev/null 2>&1
eend $?
}
stop() {
ebegin "Stopping snort"
start-stop-daemon --stop --quiet --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid
# Snort needs a few seconds to fully shutdown
sleep 15
eend $?
}
reload() {
local SNORT_PID="`cat /var/run/snort/snort_${SNORT_IFACE}.pid`"
local SNORT_USER="`ps -p ${SNORT_PID} --no-headers -o user`"
if [ ! -f /var/run/snort/snort_${SNORT_IFACE}.pid ]; then
eerror "Snort isn't running"
return 1
elif [ ${SNORT_USER} != root ]; then
eerror "Snort must be running as root for reload to work!"
return 1
else
checkconfig || return 1
ebegin "Reloading Snort"
start-stop-daemon --signal HUP --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid
fi
}

BIN
net-analyzer/snort/files/snortsam-2.9.2.2.diff.gz
View File

Binary file not shown.

94
net-analyzer/snort/files/snortsam-redirect-2.9.2.2.patch
View File

@ -1,94 +0,0 @@
diff -ur snort-2.9.2.2-snortsam/src/output-plugins/spo_alert_fwsam.c snort-2.9.2.2/src/output-plugins/spo_alert_fwsam.c
--- snort-2.9.2.2-snortsam/src/output-plugins/spo_alert_fwsam.c 2012-05-20 18:33:57.271278999 +0400
+++ snort-2.9.2.2/src/output-plugins/spo_alert_fwsam.c 2012-05-25 15:56:24.138470000 +0400
@@ -456,10 +456,16 @@
/* Parses the duration of the argument, recognizing minutes, hours, etc..
*/
-unsigned long FWsamParseDuration(char *p)
+unsigned long FWsamParseDuration(char *param)
{ unsigned long dur=0,tdu;
char *tok,c1,c2;
+ // Protect input string from overwriting it
+ char tmpp[20];
+ strncpy(tmpp,param,19);
+ tmpp[19]=(char)0;
+ char* p=tmpp;
+
while(*p)
{ tok=p;
while(*p && isdigit(*p))
@@ -515,6 +521,7 @@
optp->how=FWSAM_HOW_INOUT; /* inbound and outbound block */
optp->who=FWSAM_WHO_SRC; /* the source */
optp->loglevel=FWSAM_LOG_LONGALERT; /* the log level default */
+ optp->action = FWSAM_STATUS_BLOCK; /* type of action */
/* parse the fwsam keywords */
#ifdef FWSAMDEBUG
@@ -566,6 +573,17 @@
optp->duration=0;
else
possprob=TRUE;
+ if (!possprob)
+ {
+ char* tok = ap;
+ char* action = strtok(tok, ",");
+ action = strtok(NULL, ",");
+ if (action != NULL)
+ {
+ // set our custom action for redirecting traffic instead of blocking
+ optp->action = FWSAM_STATUS_REDIRECT;
+ }
+ }
}
else if(!*ap)
possprob=TRUE;
@@ -879,7 +897,7 @@
sampacket.snortseqno[1]=(char)(station->myseqno>>8);
sampacket.fwseqno[0]=(char)station->stationseqno;/* fill station seqno */
sampacket.fwseqno[1]=(char)(station->stationseqno>>8);
- sampacket.status=FWSAM_STATUS_BLOCK; /* set block mode */
+ sampacket.status=optp->action; /* set action mode */
sampacket.version=FWSAM_PACKETVERSION; /* set packet version */
sampacket.duration[0]=(char)optp->duration; /* set duration */
sampacket.duration[1]=(char)(optp->duration>>8);
@@ -912,10 +930,13 @@
sampacket.sig_id[3]=(char)(event->sig_id>>24);
#ifdef FWSAMDEBUG
- LogMessage("DEBUG => [Alert_FWsam] Sending BLOCK\n");
+ if (optp->action==FWSAM_STATUS_REDIRECT)
+ LogMessage("DEBUG => [Alert_FWsam] Sending REDIRECT\n");
+ else
+ LogMessage("DEBUG => [Alert_FWsam] Sending BLOCK\n");
LogMessage("DEBUG => [Alert_FWsam] Snort SeqNo: %x\n",station->myseqno);
LogMessage("DEBUG => [Alert_FWsam] Mgmt SeqNo : %x\n",station->stationseqno);
- LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",FWSAM_STATUS_BLOCK);
+ LogMessage("DEBUG => [Alert_FWsam] Status : %i\n",optp->action);
LogMessage("DEBUG => [Alert_FWsam] Mode : %i\n",optp->how|optp->who|optp->loglevel);
LogMessage("DEBUG => [Alert_FWsam] Duration : %li\n",optp->duration);
LogMessage("DEBUG => [Alert_FWsam] Protocol : %i\n",GET_IPH_PROTO(p));
diff -ur snort-2.9.2.2-snortsam/src/output-plugins/spo_alert_fwsam.h snort-2.9.2.2/src/output-plugins/spo_alert_fwsam.h
--- snort-2.9.2.2-snortsam/src/output-plugins/spo_alert_fwsam.h 2012-05-20 18:33:57.270278999 +0400
+++ snort-2.9.2.2/src/output-plugins/spo_alert_fwsam.h 2012-05-20 19:02:01.695332482 +0400
@@ -107,6 +107,10 @@
#define FWSAM_STATUS_BLOCK 3
#define FWSAM_STATUS_UNBLOCK 9
+// Custom action to redirect traffic instead of drop
+#define FWSAM_STATUS_REDIRECT 10
+
+
#define FWSAM_STATUS_OK 4 /* fw to snort */
#define FWSAM_STATUS_ERROR 5
#define FWSAM_STATUS_NEWKEY 6
@@ -186,6 +190,7 @@
unsigned char who;
unsigned char how;
unsigned char loglevel;
+ unsigned char action; // type of action
} FWsamOptions;
typedef struct _FWsamlistpointer

272
net-analyzer/snort/snort-2.9.2.2-r9999.ebuild
View File

@ -1,272 +0,0 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.2.ebuild,v 1.1 2012/04/04 09:39:53 patrick Exp $
EAPI="2"
inherit eutils autotools flag-o-matic multilib
DESCRIPTION="The de facto standard for intrusion detection/prevention"
HOMEPAGE="http://www.snort.org/"
SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~mips"
IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules
+ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response
+normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit
aruba mysql odbc postgres selinux
snortsam"
DEPEND=">=net-libs/libpcap-1.0.0
>=net-libs/daq-0.6
>=dev-libs/libpcre-6.0
dev-libs/libdnet
postgres? ( dev-db/postgresql-base )
mysql? ( virtual/mysql )
odbc? ( dev-db/unixODBC )
zlib? ( sys-libs/zlib )"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-snort )"
pkg_setup() {
if use zlib && ! use dynamicplugin; then
eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag."
eerror "'zlib' requires 'dynamicplugin' be enabled."
die
fi
# pre_inst() is a better place to put this
# but we need it here for the 'fowners' statements in src_install()
enewgroup snort
enewuser snort -1 -1 /dev/null snort
}
src_prepare() {
#Multilib fix for the sf_engine
einfo "Applying multilib fix."
sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
|| die "sed for sf_engine failed"
#Multilib fix for the curent set of dynamic-preprocessors
for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do
sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
|| die "sed for $i failed."
done
# Pinkbyte: add patch for snortsam support
if use snortsam; then
epatch "${FILESDIR}/snortsam-${PV}.diff.gz"
epatch "${FILESDIR}/snortsam-redirect-${PV}.patch"
use debug && append-flags "-DFWSAMDEBUG"
fi
#
AT_M4DIR=m4 eautoreconf
}
src_configure() {
econf \
$(use_enable !static shared) \
$(use_enable static) \
$(use_enable static so-with-static-lib) \
$(use_enable dynamicplugin) \
$(use_enable zlib) \
$(use_enable gre) \
$(use_enable mpls) \
$(use_enable targetbased) \
$(use_enable decoder-preprocessor-rules) \
$(use_enable ppm) \
$(use_enable perfprofiling) \
$(use_enable linux-smp-stats) \
$(use_enable inline-init-failopen) \
$(use_enable threads pthread) \
$(use_enable debug) \
$(use_enable debug debug-msgs) \
$(use_enable debug corefiles) \
$(use_enable !debug dlclose) \
$(use_enable active-response) \
$(use_enable normalizer) \
$(use_enable reload-error-restart) \
$(use_enable react) \
$(use_enable flexresp3) \
$(use_enable paf) \
$(use_enable large-pcap-64bit large-pcap) \
$(use_enable aruba) \
$(use_with mysql) \
$(use_with odbc) \
$(use_with postgres postgresql) \
--enable-ipv6 \
--enable-reload \
--disable-prelude \
--disable-build-dynamic-examples \
--disable-profile \
--disable-ppm-test \
--disable-intel-soft-cpm \
--disable-static-daq \
--disable-rzb-saac \
--without-oracle
}
src_install() {
emake DESTDIR="${D}" install || die "emake failed"
dodir /var/log/snort \
/var/run/snort \
/etc/snort/rules \
/etc/snort/so_rules \
/usr/$(get_libdir)/snort_dynamicrules \
|| die "Failed to create core directories"
# config.log and build.log are needed by Sourcefire
# to trouble shoot build problems and bug reports so we are
# perserving them incase the user needs upstream support.
dodoc RELEASE.NOTES ChangeLog \
doc/* \
tools/u2boat/README.u2boat \
schemas/* || die "Failed to install snort docs"
insinto /etc/snort
doins etc/attribute_table.dtd \
etc/classification.config \
etc/gen-msg.map \
etc/reference.config \
etc/threshold.conf \
etc/unicode.map || die "Failed to install docs in etc"
# We use snort.conf.distrib because the config file is complicated
# and the one shipped with snort can change drastically between versions.
# Users should migrate setting by hand and not with etc-update.
newins etc/snort.conf snort.conf.distrib \
|| die "Failed to add snort.conf.distrib"
# config.log and build.log are needed by Sourcefire
# to troubleshoot build problems and bug reports so we are
# perserving them incase the user needs upstream support.
# 'die' was intentionally not added here.
if [ -f "${WORKDIR}/${PF}/config.log" ]; then
dodoc "${WORKDIR}/${PF}/config.log"
fi
if [ -f "${T}/build.log" ]; then
dodoc "${T}/build.log"
fi
insinto /etc/snort/preproc_rules
doins preproc_rules/decoder.rules \
preproc_rules/preprocessor.rules \
preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files"
fowners -R snort:snort \
/var/log/snort \
/var/run/snort \
/etc/snort || die
newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script"
newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file"
# Sourcefire uses Makefiles to install docs causing Bug #297190.
# This removes the unwanted doc directory and rogue Makefiles.
rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"
rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"
#Remove unneeded .la files (Bug #382863)
rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die
rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"
# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the correct rule location in the config
sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the correct preprocessor/decoder rule location in the config
sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Enable the preprocessor/decoder rules
sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \
"${D}etc/snort/snort.conf.distrib" || die
sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Just some clean up of trailing /'s in the config
sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Make it clear in the config where these are...
sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \
"${D}etc/snort/snort.conf.distrib" || die
sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Disable all rule files by default.
sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Disable normalizer preprocessor config if normalizer USE flag not set.
if ! use normalizer; then
sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \
"${D}etc/snort/snort.conf.distrib" || die
fi
# Set the configured DAQ to afpacket
sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the location of the DAQ modules
sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the DAQ mode to passive
sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set snort to run as snort:snort
sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \
"${D}etc/snort/snort.conf.distrib" || die
sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the default log dir
sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the correct so_rule location in the config
sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \
"${D}etc/snort/snort.conf.distrib" || die
}
pkg_postinst() {
einfo "There have been a number of improvements and new features"
einfo "added to ${P}. Please review the RELEASE.NOTES and"
einfo "ChangLog located in /usr/share/doc/${PF}."
einfo
elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
elog "users migrate their snort.conf customizations to the latest config"
elog "file released by the VRT. You can find the latest version of the"
elog "Snort config file in /etc/snort/snort.conf.distrib."
elog
elog "!! It is important that you migrate to this new snort.conf file !!"
elog
elog "This version of the ebuild includes an updated init.d file and"
elog "conf.d file that rely on options found in the latest Snort"
elog "config file provided by the VRT."
if use debug; then
elog "You have the 'debug' USE flag enabled. If this has been done to"
elog "troubleshoot an issue by producing a core dump or a back trace,"
elog "then you need to also ensure the FEATURES variable in make.conf"
elog "contains the 'nostrip' option."
fi
}

2
net-analyzer/snortsam/Manifest
View File

@ -1,2 +0,0 @@
DIST snortsam-2.50-ciscoacl.diff.bz2 7295 SHA256 a4f39789e9f10b95e6db1bbce5f9d26f7393161311f5c955a4b8380186a2cb6b
DIST snortsam-src-2.70.tar.gz 1971624 SHA256 442040a7281a641008f6410b7f6528d709f17d5041fd3752011075f8a38d19bc

513
net-analyzer/snortsam/files/snortsam-2.70-redirect.patch
View File

@ -1,513 +0,0 @@
diff -ur snortsam-2.7.0-orig/src/snortsam.c snortsam/src/snortsam.c
--- snortsam-2.7.0-orig/src/snortsam.c 2012-05-20 20:59:46.277029000 +0400
+++ snortsam/src/snortsam.c 2012-06-15 18:23:29.653032000 +0400
@@ -1971,7 +1971,7 @@
void block(SENSORLIST *snortbox,unsigned long bsip,unsigned short bsport,
unsigned long bdip,unsigned short bdport,
unsigned short bproto,time_t bduration,unsigned char bmode,
- time_t btime,unsigned long bsig_id)
+ time_t btime,unsigned long bsig_id,char packstat)
{ unsigned long peerip,blockip;
unsigned short blockport;
time_t t;
@@ -2022,6 +2022,8 @@
blockdata.blocktime=btime;
blockdata.sig_id=bsig_id;
blockdata.block=TRUE;
+ // Add type of block(simple block or redirect)
+ blockdata.type=packstat;
/* check for and get a blocktime limit out of the limit list based on the sensor*/
blockdata.duration=limit_duration_on_sensor(snortbox->snortip.s_addr,bduration);
@@ -2467,6 +2469,7 @@
printf("Debug: Received Packet: %s\n",packet.status==FWSAM_STATUS_CHECKIN?"CHECKIN":
packet.status==FWSAM_STATUS_CHECKOUT?"CHECKOUT":
packet.status==FWSAM_STATUS_BLOCK?"BLOCK":
+ packet.status==FWSAM_STATUS_REDIRECT?"REDIRECT":
packet.status==FWSAM_STATUS_UNBLOCK?"UNBLOCK":"**UNKNOWN**");
printf("Debug: Snort SeqNo: %x\n",packet.snortseqno[0]|(packet.snortseqno[1]<<8));
printf("Debug: Mgmt SeqNo : %x\n",packet.fwseqno[0]|(packet.fwseqno[1]<<8));
@@ -2512,11 +2515,12 @@
snortbox->toberemoved=TRUE; /* Mark sensor for removal from list. */
ret=FALSE;
}
- else if(packet.status==FWSAM_STATUS_BLOCK || packet.status==FWSAM_STATUS_UNBLOCK) /* if we received a blocking request */
+ else if(packet.status==FWSAM_STATUS_BLOCK || packet.status==FWSAM_STATUS_REDIRECT || packet.status==FWSAM_STATUS_UNBLOCK) /* if we received a blocking or redirecting request */
{ if((( (packet.fwseqno[0]|(packet.fwseqno[1]<<8)) ==snortbox->myseqno) && ( (packet.snortseqno[0]|(packet.snortseqno[1]<<8)) ==((snortbox->snortseqno+snortbox->myseqno)&0xffff) )) || disableseqnocheck)
{ packstat=packet.status;
#ifdef FWSAMDEBUG
- printf("Debug: %s request received...\n",packet.status==FWSAM_STATUS_BLOCK?"Blocking":"Unblocking");
+ printf("Debug: %s request received...\n",packet.status==FWSAM_STATUS_BLOCK?"Blocking":
+ packet.status==FWSAM_STATUS_REDIRECT?"Redirecting":"Unblocking");
#endif
bmode=packet.fwmode; /* save parameters from packet */
if(packet.endiancheck==1) /* Check if peer has the same endianess */
@@ -2604,9 +2608,9 @@
}
else
{
- if(packstat==FWSAM_STATUS_BLOCK)
+ if(packstat==FWSAM_STATUS_BLOCK || packstat==FWSAM_STATUS_REDIRECT)
{ /* call block, which performs checks */
- block(snortbox,bsip,bsport,bdip,bdport,bproto,bduration,bmode,mytime,bsig_id);
+ block(snortbox,bsip,bsport,bdip,bdport,bproto,bduration,bmode,mytime,bsig_id,packstat);
}
else
{
diff -ur snortsam-2.7.0-orig/src/snortsam.h snortsam/src/snortsam.h
--- snortsam-2.7.0-orig/src/snortsam.h 2012-05-20 20:59:46.278524000 +0400
+++ snortsam/src/snortsam.h 2012-06-15 18:30:41.524502000 +0400
@@ -242,6 +242,7 @@
#define FWSAM_STATUS_CHECKOUT 2
#define FWSAM_STATUS_BLOCK 3
#define FWSAM_STATUS_UNBLOCK 9
+#define FWSAM_STATUS_REDIRECT 10
#define FWSAM_STATUS_OK 4 /* fw to snort */
#define FWSAM_STATUS_ERROR 5
@@ -291,6 +292,7 @@
unsigned short proto; /* Protocol (if connection) */
unsigned short mode; /* Blocking mode (src, dst, connection) */
short block; /* block or unblock flag --- this flag is dynamically changed */
+ char type; /* Type of block - simple block or redirect. Taken from incoming packet status */
} BLOCKINFO;
typedef struct _oldblockinfo /* Block info structure */
@@ -495,7 +497,7 @@
void block(SENSORLIST *snortbox,unsigned long bsip,unsigned short bsport,
unsigned long bdip,unsigned short bdport,
unsigned short bproto,time_t bduration,unsigned char bmode,
- time_t btime,unsigned long bsig_id);
+ time_t btime,unsigned long bsig_id,char packstat);
void unblock(BLOCKINFO *bhp,char *comment,unsigned long reqip,int force);
void addtohistory(BLOCKHISTORY *,int);
void clearhistory(void);
diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
--- snortsam-2.7.0-orig/src/ssp_iptables.c 2012-05-20 20:59:46.275601000 +0400
+++ snortsam/src/ssp_iptables.c 2012-06-16 16:53:06.430453000 +0400
@@ -123,204 +123,227 @@
printf("Debug: [iptables][%lx] Plugin Blocking...\n",threadid);
#endif
- if(bd->block)
- { snprintf(msg,sizeof(msg)-1,"Info: Blocking ip %s", inettoa(bd->blockip));
- logmessage(3,msg,"iptables",0);
-
- switch(bd->mode&FWSAM_HOW)
- { case FWSAM_HOW_IN:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_OUT:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_INOUT:
- /* Assemble command - block src*/
- if ((snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
- "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_THIS:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- }
- }
- else
- {
- snprintf(msg,sizeof(msg)-1,"Info: UnBlocking ip %s", inettoa(bd->blockip));
- logmessage(1,msg,"iptables",0);
-switch(bd->mode&FWSAM_HOW)
- { case FWSAM_HOW_IN:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_OUT:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_INOUT:
- /* Assemble command - block src*/
- if ((snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
- "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
- iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- case FWSAM_HOW_THIS:
- /* Assemble command */
- if (snprintf(iptcmd,sizeof(iptcmd)-1,
- "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
- logmessage(1,msg,"iptables",0);
- return;
- }
- if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
- "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
- iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
- logmessage(1,msg,"iptables",0);
- return;
- }
- break;
- }
- }
-#ifdef FWSAMDEBUG
- printf("Debug: [iptables][%lx] command %s\n", threadid, iptcmd);
- printf("Debug: [iptables][%lx] command2 %s\n", threadid, iptcmd2);
-#endif
- /* Run the command */
- if (system(iptcmd) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd);
- logmessage(3,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd);
- logmessage(3,msg,"iptables",0);
- }
- if (system(iptcmd2) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd2);
- logmessage(1,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd2);
- logmessage(3,msg,"iptables",0);
- }
-
-/*inventiva-recorte*/
- if((bd->mode&FWSAM_HOW)==FWSAM_HOW_INOUT)
- {
- if (system(iptcmd1) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd1);
- logmessage(3,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd1);
- logmessage(3,msg,"iptables",0);
- }
- if (system(iptcmd4) != 0) {
- snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd4);
- logmessage(1,msg,"iptables",0);
- } else {
- snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd4);
- logmessage(3,msg,"iptables",0);
- }
- }
-
-
+ if(bd->block)
+ { snprintf(msg,sizeof(msg)-1,"Info: Blocking ip %s", inettoa(bd->blockip));
+ logmessage(3,msg,"iptables",0);
+
+ switch(bd->mode&FWSAM_HOW)
+ { case FWSAM_HOW_IN:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -I FORWARD -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_OUT:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_INOUT:
+{
+ char* cmdstr_fwd;
+ char cmdstr_fwd_redirect[]="/sbin/iptables -t mangle -I PREROUTING -i %s -s %s -j MARK --set-mark 255";
+ char cmdstr_fwd_block[]="/sbin/iptables -I FORWARD -i %s -s %s -j DROP";
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ cmdstr_fwd=cmdstr_fwd_block;
+ else
+ cmdstr_fwd=cmdstr_fwd_redirect;
+ /* Assemble command - block src*/
+ if ((snprintf(iptcmd,sizeof(iptcmd)-1,
+ cmdstr_fwd,
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
+ "/sbin/iptables -I FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
+ "/sbin/iptables -I INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+}
+ break;
+ case FWSAM_HOW_THIS:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ }
+ }
+ else
+ {
+ snprintf(msg,sizeof(msg)-1,"Info: UnBlocking ip %s", inettoa(bd->blockip));
+ logmessage(1,msg,"iptables",0);
+
+switch(bd->mode&FWSAM_HOW)
+ { case FWSAM_HOW_IN:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -D FORWARD -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_OUT:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ case FWSAM_HOW_INOUT:
+{
+ char* cmdstr_fwd;
+ char cmdstr_fwd_unredirect[]="/sbin/iptables -t mangle -D PREROUTING -i %s -s %s -j MARK --set-mark 255";
+ char cmdstr_fwd_unblock[]="/sbin/iptables -D FORWARD -i %s -s %s -j DROP";
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ cmdstr_fwd=cmdstr_fwd_unblock;
+ else
+ cmdstr_fwd=cmdstr_fwd_unredirect;
+ /* Assemble command - block src*/
+ if ((snprintf(iptcmd,sizeof(iptcmd)-1,
+ cmdstr_fwd,
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
+ "/sbin/iptables -D FORWARD -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -s %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
+ "/sbin/iptables -D INPUT -i %s -d %s -j DROP",
+ iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+}
+ break;
+ case FWSAM_HOW_THIS:
+ /* Assemble command */
+ if (snprintf(iptcmd,sizeof(iptcmd)-1,
+ "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ if (snprintf(iptcmd2,sizeof(iptcmd2)-1,
+ "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP",
+ iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ return;
+ }
+ break;
+ }
+ }
+#ifdef FWSAMDEBUG
+ printf("Debug: [iptables][%lx] command %s\n", threadid, iptcmd);
+ printf("Debug: [iptables][%lx] command2 %s\n", threadid, iptcmd2);
+#endif
+ /* Run the command */
+ if (system(iptcmd) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd);
+ logmessage(3,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd);
+ logmessage(3,msg,"iptables",0);
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if (system(iptcmd2) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd2);
+ logmessage(1,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd2);
+ logmessage(3,msg,"iptables",0);
+ }
+
+/*inventiva-recorte*/
+ if((bd->mode&FWSAM_HOW)==FWSAM_HOW_INOUT)
+ {
+ if (system(iptcmd1) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command %s Failed", iptcmd1);
+ logmessage(3,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd1);
+ logmessage(3,msg,"iptables",0);
+ }
+ if (bd->type==FWSAM_STATUS_BLOCK)
+ if (system(iptcmd4) != 0) {
+ snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd4);
+ logmessage(1,msg,"iptables",0);
+ } else {
+ snprintf(msg,sizeof(msg)-1,"Info: Command2 %s Executed Successfully", iptcmd4);
+ logmessage(3,msg,"iptables",0);
+ }
+ }
+
+
#ifdef SAVETABLES
/* Save command */
if (system(savecmd) != 0) {

58
net-analyzer/snortsam/snortsam-2.70-r9999.ebuild
View File

@ -1,58 +0,0 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snortsam/snortsam-2.70.ebuild,v 1.3 2011/11/18 05:09:16 jer Exp $
EAPI="4"
inherit eutils toolchain-funcs
MY_P="${PN}-src-${PV}"
DESCRIPTION="Snort plugin that allows automated blocking of IP addresses on several firewalls"
HOMEPAGE="http://www.snortsam.net/"
SRC_URI="http://www.snortsam.net/files/snortsam/${MY_P}.tar.gz
mirror://gentoo/${PN}-2.50-ciscoacl.diff.bz2"
LICENSE="as-is"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="debug"
S=${WORKDIR}/${PN}
src_prepare() {
sed -i makesnortsam.sh \
-e "s:sbin/functions.sh:etc/init.d/functions.sh:" \
-e "s:-O2 : ${CFLAGS} :" \
-e "s:gcc :$(tc-getCC) :" \
-e "/^LDFLAGS=/d" \
-e "s:\( -o ../snortsam\): ${LDFLAGS}\1:" \
-e "s:\${SSP_LINUX_SRC} -o \${SNORTSAM}:& \${LINUX_LDFLAGS}:" \
|| die "sed failed"
find "${S}" -depth -type d -name CVS -exec rm -rf \{\} \;
}
src_compile() {
# Pinkbyte: patch for traffic redirection support
epatch "${FILESDIR}/${P}-redirect.patch"
#
sh makesnortsam.sh || die "makesnortsam.sh failed"
}
src_install() {
if use debug; then
newbin snortsam-debug snortsam
else
dobin snortsam
fi
find "${S}" -depth -type f -name "*.asc" -exec rm -f {} \;
dodoc -r docs/ conf/
}
pkg_postinst() {
elog
elog "To use snortsam with snort, you'll have to compile snort with USE=snortsam."
elog "Read the INSTALL file to configure snort for snortsam, and configure"
elog "snortsam for your particular firewall."
elog
}