summaryrefslogtreecommitdiff
path: root/security/snort/Makefile
blob: b1c9b90407aa5d87112e1975b8e9aceccba6fe5a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

# Created by: Dirk Froemberg <dirk@FreeBSD.org>
# $FreeBSD$

PORTNAME=	snort
PORTVERSION=	2.9.9.0
PORTREVISION=	1
CATEGORIES=	security
MASTER_SITES=	https://snort.org/downloads/snort/ \
		ZI

PATCH_DIST_STRIP=	-p1

MAINTAINER=	zi@FreeBSD.org
COMMENT=	Lightweight network intrusion detection system

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/LICENSE

LIB_DEPENDS=	libpcre.so:devel/pcre \
		libdnet.so:net/libdnet \
		libpcap.so:net/libpcap

BUILD_DEPENDS=	daq>=2.0.0:net/daq
RUN_DEPENDS=	daq>=2.0.0:net/daq

OPTIONS_DEFINE=		IPV6 GRE HA NORMALIZER DOCS APPID \
			PERFPROFILE LRGPCAP SOURCEFIRE NONETHER \
			FILEINSPECT

OPTIONS_GROUP=		ADDONS DEV
OPTIONS_GROUP_ADDONS=	BARNYARD PULLEDPORK
OPTIONS_GROUP_DEV=	DBGSNORT
OPTIONS_SUB=		yes
OPTIONS_DEFAULT=	GRE NORMALIZER BARNYARD \
			PERFPROFILE SOURCEFIRE PULLEDPORK

GRE_DESC=		GRE support
IPV6_DESC=		IPv6 in snort.conf
LRGPCAP_DESC=		Pcaps larger than 2GB
NONETHER_DESC=		Non-Ethernet Decoders
NORMALIZER_DESC=	Normalizer
PERFPROFILE_DESC=	Performance profiling
SOURCEFIRE_DESC=	Sourcefire recommended build options
TARGETBASED_DESC=	Targetbased support
APPID_DESC=		Build with application id support (EXPERIMENTAL)
HA_DESC=		Enable high-availability state sharing (EXPERIMENTAL)
FILEINSPECT_DESC=	Build with extended file inspection features (EXPERIMENTAL)
ADDONS_DESC=		Depend on 3rd party addons
BARNYARD_DESC=		Depend on barnyard2 (supports also snortsam)
PULLEDPORK_DESC=	Depend on pulledpork
DEV_DESC=		Developer options
DBGSNORT_DESC=		Enable debugging symbols+core dumps

DBGSNORT_CONFIGURE_ENABLE=	corefiles debug
DBGSNORT_MAKE_ENV=		DONTSTRIP="yes"
GRE_CONFIGURE_ENABLE=		gre
LRGPCAP_CONFIGURE_ENABLE=	large-pcap
NONETHER_CONFIGURE_ENABLE=	non-ether-decoders
NORMALIZER_CONFIGURE_ENABLE=	normalizer
PERFPROFILE_CONFIGURE_ENABLE=	perfprofiling ppm
SOURCEFIRE_CONFIGURE_ENABLE=	sourcefire
APPID_CONFIGURE_ENABLE=		open-appid
HA_CONFIGURE_ENABLE=		ha
FILEINSPECT_CONFIGURE_ENABLE=	file-inspect

BARNYARD_RUN_DEPENDS=	barnyard2:security/barnyard2
PULLEDPORK_RUN_DEPENDS=	pulledpork.pl:security/pulledpork
APPID_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit
APPID_CONFIGURE_ENV+=	luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.0" \
			luajit_LIBS="-L${LOCALBASE}/lib -lluajit-5.1"

.include <bsd.port.options.mk>

USE_RC_SUBR=	snort
SUB_FILES=	pkg-message

USES=		cpe libtool pathfix shebangfix ssl
SHEBANG_FILES=	tools/appid_detector_builder.sh
GNU_CONFIGURE=	yes
USE_LDCONFIG=	yes
MAKE_JOBS_UNSAFE=	yes

RULES_DIR=		${ETCDIR}/rules
PREPROC_RULE_DIR=	${ETCDIR}/preproc_rules
LOGS_DIR=		/var/log/snort

CONFIG_FILES=	classification.config gen-msg.map reference.config \
		snort.conf threshold.conf unicode.map file_magic.conf

DOCS=		RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \
		doc/README* doc/USAGE doc/*.pdf
PREPROC_RULES=	decoder.rules preprocessor.rules sensitive-data.rules

CFLAGS+=	-fstack-protector
CONFIGURE_ARGS+=--enable-reload \
		--enable-mpls --enable-targetbased \
		--enable-reload-error-restart

post-patch:
	@${REINPLACE_CMD} "s,/etc/snort.conf,${ETCDIR}/snort.conf," \
		${WRKSRC}/src/snort.c ${WRKSRC}/snort.8

	@${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' \
		-e '/ipvar HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' \
		-e '/^# include .PREPROC_RULE/s/# include/include/' \
		${WRKSRC}/etc/snort.conf

# IPv6 is no longer a ./configure option!
.if ! ${PORT_OPTIONS:MIPV6}
	@${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/' \
		-e '/normalize_icmp6/s/^preprocessor/#preprocessor/' \
		${WRKSRC}/etc/snort.conf
.endif

post-build:
	@${FIND} ${WRKSRC}/src -name '*.0' -type f -exec ${STRIP_CMD} {} \;

post-install:
	@${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${RULES_DIR} ${STAGEDIR}${LOGS_DIR} \
		${STAGEDIR}${PREPROC_RULE_DIR} ${STAGEDIR}${DOCSDIR}

.for f in ${CONFIG_FILES}
	${INSTALL_DATA} ${WRKSRC}/etc/${f} ${STAGEDIR}${ETCDIR}/${f}-sample
.endfor

.for f in ${PREPROC_RULES}
	${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${STAGEDIR}${PREPROC_RULE_DIR}/${f}-sample
.endfor
	(cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR})

.include <bsd.port.mk>
generated by cgit debian/1.2.3+git2.25.1-1-2-gaceb0 (git 2.25.1) at 2025-03-27 19:41:33 +0000