diff options
author | Amish | 2017-06-07 10:23:03 +0530 |
---|---|---|
committer | Amish | 2017-06-07 10:23:03 +0530 |
commit | cf7e70fccb33264be03aec40ce5e74781a54cf69 (patch) | |
tree | 21fa86791e4382e7e2b2bcd37fc86d6c6a0394c3 | |
parent | 01aa9e55049d72a7020c9cba95d433ada63a4d7d (diff) | |
download | aur-cf7e70fccb33264be03aec40ce5e74781a54cf69.tar.gz |
Dont package emergingthreats rules as many antiviruses detect them as trojan.
Use pulledpork to download rules instead.
-rw-r--r-- | .SRCINFO | 9 | ||||
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | PKGBUILD | 11 | ||||
-rw-r--r-- | snort.conf | 4 | ||||
-rw-r--r-- | snort.install | 5 |
5 files changed, 13 insertions, 17 deletions
@@ -1,7 +1,9 @@ +# Generated by mksrcinfo v8 +# Wed Jun 7 04:49:21 UTC 2017 pkgbase = snort-nfqueue pkgdesc = A lightweight network intrusion detection system. pkgver = 2.9.9.0 - pkgrel = 2 + pkgrel = 3 url = http://www.snort.org install = snort.install arch = i686 @@ -13,6 +15,7 @@ pkgbase = snort-nfqueue depends = libpcap depends = openssl depends = pcre + depends = pulledpork depends = zlib provides = snort conflicts = snort @@ -27,15 +30,13 @@ pkgbase = snort-nfqueue backup = etc/snort/classification.config backup = etc/logrotate.d/snort source = https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz - source = http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz source = snort.conf source = homenet.conf source = local.rules source = logrotate source = snort.service sha256sums = 71b147125e96390a12f3d55796ed5073df77206bd3563d84d3e5a1f19e7d7a56 - sha256sums = 8ba237d55d753af880db217811ff0fad3812caf014b7b239a1cd067f58e61883 - sha256sums = c947dcf8b243647537ca998bd6271fc06f9e6a33af29aff7ff0951430bebcff4 + sha256sums = d6ae35120698353a6066088401d945fd94e6fed6ae9370d0fba4d5436d71cc16 sha256sums = b65d8d8e37f686244dfb7293b1ea378f1dfd8141c14dbaf5e83dba9440152808 sha256sums = ec4d81936b3905ba980ee694ae77ad15d5adda45c9f87fa0c27adc38f11bca08 sha256sums = 4df93871c41f94d688a6c8b9762fa221a703b54d309ee1436c90eebbd3fb8c9d diff --git a/.gitignore b/.gitignore index 42c71345f35e..be4d269efa68 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,3 @@ src pkg *x86_64.pkg.tar.xz snort-*.tar.gz -emerging.rules.tar.gz @@ -9,14 +9,14 @@ pkgname=snort-nfqueue _pkgname=snort pkgver=2.9.9.0 -pkgrel=2 +pkgrel=3 pkgdesc='A lightweight network intrusion detection system.' arch=('i686' 'x86_64') url='http://www.snort.org' license=('GPL') provides=('snort') conflicts=('snort') -depends=('libdaq-nfqueue' 'libdnet' 'libnetfilter_queue' 'libpcap' 'openssl' 'pcre' 'zlib') +depends=('libdaq-nfqueue' 'libdnet' 'libnetfilter_queue' 'libpcap' 'openssl' 'pcre' 'pulledpork' 'zlib') backup=('etc/snort/snort.conf' 'etc/snort/homenet.conf' 'etc/snort/rules/local.rules' @@ -28,15 +28,13 @@ backup=('etc/snort/snort.conf' options=('!makeflags' '!libtool') install='snort.install' source=("https://www.snort.org/downloads/snort/${_pkgname}-${pkgver}.tar.gz" - "http://rules.emergingthreats.net/open/${_pkgname}-2.9.0/emerging.rules.tar.gz" 'snort.conf' 'homenet.conf' 'local.rules' 'logrotate' 'snort.service') sha256sums=('71b147125e96390a12f3d55796ed5073df77206bd3563d84d3e5a1f19e7d7a56' - '8ba237d55d753af880db217811ff0fad3812caf014b7b239a1cd067f58e61883' - 'c947dcf8b243647537ca998bd6271fc06f9e6a33af29aff7ff0951430bebcff4' + 'd6ae35120698353a6066088401d945fd94e6fed6ae9370d0fba4d5436d71cc16' 'b65d8d8e37f686244dfb7293b1ea378f1dfd8141c14dbaf5e83dba9440152808' 'ec4d81936b3905ba980ee694ae77ad15d5adda45c9f87fa0c27adc38f11bca08' '4df93871c41f94d688a6c8b9762fa221a703b54d309ee1436c90eebbd3fb8c9d' @@ -67,7 +65,4 @@ package() { install -D -m644 ../snort.service "${pkgdir}/usr/lib/systemd/system/snort.service" sed -i 's#/usr/local/lib/#/usr/lib/#' "${pkgdir}/etc/snort/snort.conf" install -Dm644 ../logrotate "${pkgdir}/etc/logrotate.d/snort" - - # emergingthreats rules - cp ${srcdir}/rules/* "${pkgdir}/etc/snort/rules" } diff --git a/snort.conf b/snort.conf index c027f5e6a7b9..c8205b9b39a2 100644 --- a/snort.conf +++ b/snort.conf @@ -10,7 +10,7 @@ # Snort bugs: bugs@snort.org # # Compatible with Snort Versions: -# VERSIONS : 2.9.8 +# VERSIONS : 2.9.9.0 # # Snort build options: # OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 @@ -557,7 +557,7 @@ include $RULE_PATH/snort.rules # emergingthreats rules (all rules are disabled by default) # enable rules that you want inside conf file -include $RULE_PATH/emerging.conf +#include $RULE_PATH/emerging.conf # site specific rules include $RULE_PATH/local.rules diff --git a/snort.install b/snort.install index 4a06663022c9..b4afaa027f45 100644 --- a/snort.install +++ b/snort.install @@ -4,12 +4,13 @@ post_install() { usr/bin/passwd -l snort &>/dev/null [ -f var/log/snort/alert ] || : >var/log/snort/alert - chown snort.snort var/log/snort/ -R + chown -R snort.snort var/log/snort/ + + /usr/bin/nohup /usr/bin/pulledpork_update.sh /etc/snort/rules/snort.rules > /dev/null 2>&1 & cat << _EOF >>> EDIT /etc/snort/homenet.conf file to match your local network. ->>> Also EDIT /etc/snort/rules/emerging.conf as per your requirement. >>> Add local rules to /etc/snort/rules/local.rules >>> TIP: iptables rule to monitor all FORWARDed traffic: |