diff --git a/net/snort3/Makefile b/net/snort3/Makefile new file mode 100644 index 000000000..f5f3d8807 --- /dev/null +++ b/net/snort3/Makefile @@ -0,0 +1,102 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=snort3 +PKG_VERSION:=3.0.0-beta +PKG_VERSION_SHORT:=3.0.0 +PKG_RELEASE:=1 + +PKG_LICENSE:=GPL-2.0 +PKG_MAINTAINER:=W. Michael Petullo + +PKG_SOURCE:=snort-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://www.snort.org/downloads/snortplus/ +PKG_HASH:=ea4079c551002e4d83586f05b3ecdae72706a46ec223339b87ce60f7ae30b8a2 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/snort-$(PKG_VERSION_SHORT) +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/snort3 + SUBMENU:=Firewall + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libstdcpp +libdaq +libdnet +libopenssl +libpcap +libpcre +libpthread +libuuid +zlib +libhwloc +libtirpc +luajit + TITLE:=Lightweight Network Intrusion Detection System + URL:=http://www.snort.org/ + MENU:=1 +endef + +define Package/snort3/description + Snort is an open source network intrusion detection and prevention system. + It is capable of performing real-time traffic analysis, alerting, blocking + and packet logging on IP networks. It utilizes a combination of protocol + analysis and pattern matching in order to detect anomalies, misuse and + attacks. +endef + +CMAKE_OPTIONS += \ + -DENABLE_STATIC_DAQ:BOOL=NO \ + -DENABLE_COREFILES:BOOL=NO \ + -DENABLE_GDB:BOOL=NO \ + -DMAKE_DOC:BOOL=NO \ + -DMAKE_HTML_DOC:BOOL=NO \ + -DMAKE_PDF_DOC:BOOL=NO \ + -DMAKE_TEXT_DOC:BOOL=NO \ + +TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/tirpc +TARGET_LDFLAGS += -ltirpc + +define Package/snort3/conffiles +/etc/config/snort +endef + +define Package/snort3/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/bin/snort \ + $(1)/usr/bin/ + + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \ + $(1)/usr/bin/ + + $(INSTALL_DIR) $(1)/usr/lib/snort + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/snort/daqs/daq_hext.so \ + $(1)/usr/lib/snort/ + + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/snort/daqs/daq_file.so \ + $(1)/usr/lib/snort/ + + $(INSTALL_DIR) $(1)/usr/share/lua + $(CP) \ + $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \ + $(1)/usr/share/lua/ + + $(CP) \ + $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_config.lua \ + $(1)/usr/share/lua/ + + $(INSTALL_DIR) $(1)/etc/snort + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) \ + ./files/snort.init \ + $(1)/etc/init.d/snort + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) \ + ./files/snort.config \ + $(1)/etc/config/snort +endef + +$(eval $(call BuildPackage,snort3)) diff --git a/net/snort3/files/snort.config b/net/snort3/files/snort.config new file mode 100644 index 000000000..c402ec5a3 --- /dev/null +++ b/net/snort3/files/snort.config @@ -0,0 +1,4 @@ +config snort 'snort' + option config_dir '/etc/snort/etc/' + option alert_module 'alert_syslog' + option interface 'eth0' diff --git a/net/snort3/files/snort.init b/net/snort3/files/snort.init new file mode 100644 index 000000000..4549e26ea --- /dev/null +++ b/net/snort3/files/snort.init @@ -0,0 +1,41 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=10 + +USE_PROCD=1 +PROG=/usr/bin/snort + +validate_snort_section() { + uci_validate_section snort snort "${1}" \ + 'config_dir:string' \ + 'alert_module:string' \ + 'interface:string' +} + +start_service() { + local config_file interface + + validate_snort_section snort || { + echo "validation failed" + return 1 + } + + procd_open_instance + procd_set_param command $PROG -q --daq-dir /usr/lib/daq/ -i "$interface" -c "$config_dir/snort.lua" -A "$alert_module" + procd_set_param env SNORT_LUA_PATH="$config_dir" + procd_set_param file $CONFIGFILE + procd_set_param respawn + procd_close_instance +} + +stop_service() +{ + service_stop ${PROG} +} + +service_triggers() +{ + procd_add_reload_trigger "snort" + procd_add_validation validate_snort_section +} diff --git a/net/snort3/patches/001-compile.patch b/net/snort3/patches/001-compile.patch new file mode 100644 index 000000000..09669a371 --- /dev/null +++ b/net/snort3/patches/001-compile.patch @@ -0,0 +1,52 @@ +diff -u --recursive snort-3.0.0-vanilla/daqs/daq_file.c snort-3.0.0/daqs/daq_file.c +--- snort-3.0.0-vanilla/daqs/daq_file.c 2018-08-28 02:01:02.000000000 -0400 ++++ snort-3.0.0/daqs/daq_file.c 2019-03-28 23:03:25.292770141 -0400 +@@ -33,7 +33,7 @@ + + #include + #include +-#include ++#include + + #include + #include +diff -u --recursive snort-3.0.0-vanilla/daqs/daq_hext.c snort-3.0.0/daqs/daq_hext.c +--- snort-3.0.0-vanilla/daqs/daq_hext.c 2018-08-28 02:01:02.000000000 -0400 ++++ snort-3.0.0/daqs/daq_hext.c 2019-03-28 22:54:15.738207157 -0400 +@@ -35,7 +35,7 @@ + #include + #include + #include +-#include ++#include + #include + + #include +diff -u --recursive snort-3.0.0-vanilla/src/network_inspectors/appid/service_plugins/service_rpc.cc snort-3.0.0/src/network_inspectors/appid/service_plugins/service_rpc.cc +--- snort-3.0.0-vanilla/src/network_inspectors/appid/service_plugins/service_rpc.cc 2018-08-28 02:01:02.000000000 -0400 ++++ snort-3.0.0/src/network_inspectors/appid/service_plugins/service_rpc.cc 2019-03-28 22:32:04.211783669 -0400 +@@ -27,6 +27,7 @@ + + #include + ++#include + #if defined(__FreeBSD__) || defined(__OpenBSD__) + #include + #elif defined(__sun) +diff -u --recursive snort-3.0.0-vanilla/src/utils/util.cc snort-3.0.0/src/utils/util.cc +--- snort-3.0.0-vanilla/src/utils/util.cc 2018-08-28 02:01:02.000000000 -0400 ++++ snort-3.0.0/src/utils/util.cc 2019-03-28 22:16:16.860942230 -0400 +@@ -605,13 +605,8 @@ + { + static THREAD_LOCAL char buf[128]; + +-#if (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE < 200112L && \ +- defined(_XOPEN_SOURCE) && _XOPEN_SOURCE < 600) || _GNU_SOURCE +- return strerror_r(errnum, buf, sizeof(buf)); +-#else + (void)strerror_r(errnum, buf, sizeof(buf)); + return buf; +-#endif + } + + char* snort_strndup(const char* src, size_t dst_size)