summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmish2017-06-07 10:23:03 +0530
committerAmish2017-06-07 10:23:03 +0530
commitcf7e70fccb33264be03aec40ce5e74781a54cf69 (patch)
tree21fa86791e4382e7e2b2bcd37fc86d6c6a0394c3
parent01aa9e55049d72a7020c9cba95d433ada63a4d7d (diff)
downloadaur-cf7e70fccb33264be03aec40ce5e74781a54cf69.tar.gz
Dont package emergingthreats rules as many antiviruses detect them as trojan.
Use pulledpork to download rules instead.
Diffstat
-rw-r--r--.SRCINFO9
-rw-r--r--.gitignore1
-rw-r--r--PKGBUILD11
-rw-r--r--snort.conf4
-rw-r--r--snort.install5
5 files changed, 13 insertions, 17 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 47b4b6f7eaa2..e1d4aa21e71a 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,9 @@
+# Generated by mksrcinfo v8
+# Wed Jun 7 04:49:21 UTC 2017
pkgbase = snort-nfqueue
pkgdesc = A lightweight network intrusion detection system.
pkgver = 2.9.9.0
- pkgrel = 2
+ pkgrel = 3
url = http://www.snort.org
install = snort.install
arch = i686
@@ -13,6 +15,7 @@ pkgbase = snort-nfqueue
depends = libpcap
depends = openssl
depends = pcre
+ depends = pulledpork
depends = zlib
provides = snort
conflicts = snort
@@ -27,15 +30,13 @@ pkgbase = snort-nfqueue
backup = etc/snort/classification.config
backup = etc/logrotate.d/snort
source = https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz
- source = http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz
source = snort.conf
source = homenet.conf
source = local.rules
source = logrotate
source = snort.service
sha256sums = 71b147125e96390a12f3d55796ed5073df77206bd3563d84d3e5a1f19e7d7a56
- sha256sums = 8ba237d55d753af880db217811ff0fad3812caf014b7b239a1cd067f58e61883
- sha256sums = c947dcf8b243647537ca998bd6271fc06f9e6a33af29aff7ff0951430bebcff4
+ sha256sums = d6ae35120698353a6066088401d945fd94e6fed6ae9370d0fba4d5436d71cc16
sha256sums = b65d8d8e37f686244dfb7293b1ea378f1dfd8141c14dbaf5e83dba9440152808
sha256sums = ec4d81936b3905ba980ee694ae77ad15d5adda45c9f87fa0c27adc38f11bca08
sha256sums = 4df93871c41f94d688a6c8b9762fa221a703b54d309ee1436c90eebbd3fb8c9d
diff --git a/.gitignore b/.gitignore
index 42c71345f35e..be4d269efa68 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,3 @@ src
pkg
*x86_64.pkg.tar.xz
snort-*.tar.gz
-emerging.rules.tar.gz
diff --git a/PKGBUILD b/PKGBUILD
index 174986be6758..4373335bee48 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -9,14 +9,14 @@
pkgname=snort-nfqueue
_pkgname=snort
pkgver=2.9.9.0
-pkgrel=2
+pkgrel=3
pkgdesc='A lightweight network intrusion detection system.'
arch=('i686' 'x86_64')
url='http://www.snort.org'
license=('GPL')
provides=('snort')
conflicts=('snort')
-depends=('libdaq-nfqueue' 'libdnet' 'libnetfilter_queue' 'libpcap' 'openssl' 'pcre' 'zlib')
+depends=('libdaq-nfqueue' 'libdnet' 'libnetfilter_queue' 'libpcap' 'openssl' 'pcre' 'pulledpork' 'zlib')
backup=('etc/snort/snort.conf'
'etc/snort/homenet.conf'
'etc/snort/rules/local.rules'
@@ -28,15 +28,13 @@ backup=('etc/snort/snort.conf'
options=('!makeflags' '!libtool')
install='snort.install'
source=("https://www.snort.org/downloads/snort/${_pkgname}-${pkgver}.tar.gz"
- "http://rules.emergingthreats.net/open/${_pkgname}-2.9.0/emerging.rules.tar.gz"
'snort.conf'
'homenet.conf'
'local.rules'
'logrotate'
'snort.service')
sha256sums=('71b147125e96390a12f3d55796ed5073df77206bd3563d84d3e5a1f19e7d7a56'
- '8ba237d55d753af880db217811ff0fad3812caf014b7b239a1cd067f58e61883'
- 'c947dcf8b243647537ca998bd6271fc06f9e6a33af29aff7ff0951430bebcff4'
+ 'd6ae35120698353a6066088401d945fd94e6fed6ae9370d0fba4d5436d71cc16'
'b65d8d8e37f686244dfb7293b1ea378f1dfd8141c14dbaf5e83dba9440152808'
'ec4d81936b3905ba980ee694ae77ad15d5adda45c9f87fa0c27adc38f11bca08'
'4df93871c41f94d688a6c8b9762fa221a703b54d309ee1436c90eebbd3fb8c9d'
@@ -67,7 +65,4 @@ package() {
install -D -m644 ../snort.service "${pkgdir}/usr/lib/systemd/system/snort.service"
sed -i 's#/usr/local/lib/#/usr/lib/#' "${pkgdir}/etc/snort/snort.conf"
install -Dm644 ../logrotate "${pkgdir}/etc/logrotate.d/snort"
-
- # emergingthreats rules
- cp ${srcdir}/rules/* "${pkgdir}/etc/snort/rules"
}
diff --git a/snort.conf b/snort.conf
index c027f5e6a7b9..c8205b9b39a2 100644
--- a/snort.conf
+++ b/snort.conf
@@ -10,7 +10,7 @@
# Snort bugs: bugs@snort.org
#
# Compatible with Snort Versions:
-# VERSIONS : 2.9.8
+# VERSIONS : 2.9.9.0
#
# Snort build options:
# OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
@@ -557,7 +557,7 @@ include $RULE_PATH/snort.rules
# emergingthreats rules (all rules are disabled by default)
# enable rules that you want inside conf file
-include $RULE_PATH/emerging.conf
+#include $RULE_PATH/emerging.conf
# site specific rules
include $RULE_PATH/local.rules
diff --git a/snort.install b/snort.install
index 4a06663022c9..b4afaa027f45 100644
--- a/snort.install
+++ b/snort.install
@@ -4,12 +4,13 @@ post_install() {
usr/bin/passwd -l snort &>/dev/null
[ -f var/log/snort/alert ] || : >var/log/snort/alert
- chown snort.snort var/log/snort/ -R
+ chown -R snort.snort var/log/snort/
+
+ /usr/bin/nohup /usr/bin/pulledpork_update.sh /etc/snort/rules/snort.rules > /dev/null 2>&1 &
cat << _EOF
>>> EDIT /etc/snort/homenet.conf file to match your local network.
->>> Also EDIT /etc/snort/rules/emerging.conf as per your requirement.
>>> Add local rules to /etc/snort/rules/local.rules
>>> TIP: iptables rule to monitor all FORWARDed traffic: