diff options
| author | M0Rf30 | 2015-06-17 16:31:17 +0200 |
|---|---|---|
| committer | M0Rf30 | 2015-06-17 16:31:17 +0200 |
| commit | 285c55ad7ff85d1018abd0e6050de7dc0a39c158 (patch) | |
| tree | c66212be470596e4e74e1ed0f9898cab6be39769 | |
| download | aur-285c55ad7ff85d1018abd0e6050de7dc0a39c158.tar.gz | |
Initial import
| -rw-r--r-- | .SRCINFO | 31 | ||||
| -rw-r--r-- | PKGBUILD | 57 | ||||
| -rw-r--r-- | snort.install | 26 | ||||
| -rw-r--r-- | snort@.service | 10 |
4 files changed, 124 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..317c702bef6e --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,31 @@ +pkgbase = snort + pkgdesc = A lightweight network intrusion detection system. + pkgver = 2.9.7.3 + pkgrel = 1 + url = http://www.snort.org + install = snort.install + arch = i686 + arch = x86_64 + license = GPL + depends = libdaq + depends = libdnet + depends = libpcap + depends = openssl + depends = pcre + depends = zlib + options = !makeflags + options = !libtool + backup = etc/snort/snort.conf + backup = etc/snort/threshold.conf + backup = etc/snort/reference.config + backup = etc/snort/classification.config + backup = etc/snort/rules/emerging.conf + source = https://www.snort.org/downloads/snort/snort-2.9.7.3.tar.gz + source = http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz + source = snort@.service + md5sums = 839e648607fd32726b2f7965134bf0a4 + md5sums = SKIP + md5sums = 49c7e8dbde680322ff5c4e0883f2b908 + +pkgname = snort + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..3aecb9701cea --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,57 @@ +# Maintainer: M0Rf30 +# Contributor: Lukas Fleischer <archlinux at cryptocrack dot de> +# Contributor: Hugo Doria <hugo@archlinux.org> +# Contributor: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com> +# Contributor: dorphell <dorphell@archlinux.org> +# Contributor: Gregor Ibic <gregor.ibic@intelicom.si> + +pkgname=snort +pkgver=2.9.7.3 +pkgrel=1 +pkgdesc='A lightweight network intrusion detection system.' +arch=('i686' 'x86_64') +url='http://www.snort.org' +license=('GPL') +depends=('libdaq' 'libdnet' 'libpcap' 'openssl' 'pcre' 'zlib') +backup=('etc/snort/snort.conf' + 'etc/snort/threshold.conf' + 'etc/snort/reference.config' + 'etc/snort/classification.config' + 'etc/snort/rules/emerging.conf') +options=('!makeflags' '!libtool') +install='snort.install' +source=("https://www.snort.org/downloads/snort/${pkgname}-${pkgver}.tar.gz" + "http://rules.emergingthreats.net/open/${pkgname}-2.9.0/emerging.rules.tar.gz" + 'snort@.service') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure --prefix=/usr --sysconfdir=/etc/snort --with-libpcap-includes=/usr/include/pcap \ + --with-daq-includes=/usr/include --with-daq-libraries=/usr/lib/daq/ \ + --disable-static-daq + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + + make DESTDIR="${pkgdir}" install + + mkdir -p "${pkgdir}/"{etc/rc.d,etc/snort/rules} + + install -d -m755 "${pkgdir}/var/log/snort" + install -D -m644 etc/{*.conf*,*.map} "${pkgdir}/etc/snort/" + +# init service file + install -D -m644 ../snort@.service $pkgdir/usr/lib/systemd/system/snort@.service + + sed -i 's#/usr/local/lib/#/usr/lib/#' "${pkgdir}/etc/snort/snort.conf" + +# emerginthreats rules + echo 'include $RULE_PATH/emerging.conf' >> "${pkgdir}/etc/snort/snort.conf" + cp ${srcdir}/rules/* "${pkgdir}/etc/snort/rules" +} + +md5sums=('839e648607fd32726b2f7965134bf0a4' + 'SKIP' + '49c7e8dbde680322ff5c4e0883f2b908') diff --git a/snort.install b/snort.install new file mode 100644 index 000000000000..673f22c6c6b2 --- /dev/null +++ b/snort.install @@ -0,0 +1,26 @@ +post_install() { + getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort + getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort + usr/bin/passwd -l snort &>/dev/null + + [ -f var/log/snort/alert ] || : >var/log/snort/alert + chown snort.snort var/log/snort/ -R + +cat << _EOF + +>>> You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network. +>>> If you do not change it, snort may not work. + +_EOF +} + +post_upgrade() { + post_install $1 +} + +pre_remove() { + usr/sbin/userdel snort &>/dev/null + usr/sbin/groupdel snort &>/dev/null +} + +# vim:set ts=2 sw=2 et: diff --git a/snort@.service b/snort@.service new file mode 100644 index 000000000000..b78d543d4815 --- /dev/null +++ b/snort@.service @@ -0,0 +1,10 @@ +[Unit] +Description=Snort IDS system listening on '%I' + +[Service] +Type=simple +ExecStartPre=/usr/sbin/ip link set up dev %I +ExecStart=/usr/bin/snort --daq-dir /usr/lib/daq/ -A fast -b -p -u snort -g snort -c /etc/snort/snort.conf -i %I + +[Install] +Alias=multi-user.target.wants/snort@eth0.service |