summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO10
-rw-r--r--PKGBUILD26
-rw-r--r--cstdint.patch2
-rw-r--r--local.lua14
-rw-r--r--snort.install2
-rw-r--r--snort.service4
-rw-r--r--tcmjem.patch11
7 files changed, 56 insertions, 13 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 9565e7cf9e11..c87ba752ff7e 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = snort
pkgdesc = A lightweight network IDS /IPS with OpenAppID support.
pkgver = 3.1.64.0
- pkgrel = 1
+ pkgrel = 2
url = https://www.snort.org
install = snort.install
arch = i686
@@ -40,6 +40,7 @@ pkgbase = snort
source = snort3-3.1.64.0.tar.gz::https://github.com/snort3/snort3/archive/refs/tags/3.1.64.0.tar.gz
source = snort-openappid-33380.tar.gz::https://snort.org/downloads/openappid/33380
source = cstdint.patch
+ source = tcmjem.patch
source = local.lua
source = snort.logrotate
source = snort.sysusers
@@ -47,11 +48,12 @@ pkgbase = snort
source = snort.service
sha256sums = 57be62557178526059ded86d0bebf8a57aa4a46db9390a48ae030b6e45f1dc61
sha256sums = 3046c5af1dd81a104f13d8e895226ef64bca7fa358238fb5f29c659081eaee2a
- sha256sums = 502fbfe78bbacc8d6d3384b70b8e6f0343c537532360cee755d7be8f30eab39c
- sha256sums = 2e60695f90e7cb3f1faad5aa90b3ad351f2175268fb31d6fa9601f11fca22d1c
+ sha256sums = b3d86ffa12207afa0f2d3a2349cf4746711e71b8a43bdc593b1527eda972f8ea
+ sha256sums = 7fbf5c1b1ca10fba73350e563cafeb8ea4db7eb5d69ef62c067df602f27678f2
+ sha256sums = b61d6492f86c7d79c1a76d1394d099403981aac7f371b1fe22ddd8a4bb15c87c
sha256sums = a8a7684a676da5cd55c2b5ab012dac3d14c5a6c62f6e37c4913ba1dbe506088e
sha256sums = ae3245c5de527fb487c459f2f4a9c78803ae6341e9c81b9a404277679cdee051
sha256sums = bc4a02d184601faba5cd0f6cb454097a3b04a0c8fe56f5f8b36d24513484faa2
- sha256sums = e1ff858e2cb062d76f72757746c4f87410151b06221255ca827b7279fee0d5df
+ sha256sums = cb1108ab0a6ad38981a6f308b0ae2b276b68d08bfa0e38c036eae277b38b28d8
pkgname = snort
diff --git a/PKGBUILD b/PKGBUILD
index d05f123b4a11..aeb505dffad2 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -11,7 +11,7 @@ pkgname=snort
_pkgname=snort3
_openappid=33380
pkgver=3.1.64.0
-pkgrel=1
+pkgrel=2
pkgdesc='A lightweight network IDS /IPS with OpenAppID support.'
arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64' 'arm')
url='https://www.snort.org'
@@ -31,6 +31,7 @@ install='snort.install'
source=("${_pkgname}-${pkgver}.tar.gz::https://github.com/snort3/snort3/archive/refs/tags/${pkgver}.tar.gz"
"snort-openappid-${_openappid}.tar.gz::https://snort.org/downloads/openappid/${_openappid}"
'cstdint.patch'
+ 'tcmjem.patch'
'local.lua'
'snort.logrotate'
'snort.sysusers'
@@ -40,6 +41,9 @@ source=("${_pkgname}-${pkgver}.tar.gz::https://github.com/snort3/snort3/archive/
prepare() {
cd "${_pkgname}-${pkgver}"
patch -p0 < "${srcdir}"/cstdint.patch
+ patch -p0 < "${srcdir}"/tcmjem.patch
+ # Workaround https://github.com/intel/hyperscan/issues/388
+ sed -i '/HAVE_HS_COMPILE_LIT/d' config.cmake.h.in cmake/sanity_checks.cmake
}
build() {
@@ -65,6 +69,19 @@ package() {
echo -e '#pulledpork will put rules here in snort.rules\n#alert icmp any any -> any any ( msg:"ICMP Traffic Detected"; sid:10000001; metadata:policy security-ips alert; )' >"${pkgdir}"/etc/snort/rules/local.rules
chmod 0644 "${pkgdir}"/etc/snort/{homenet.lua,rules/{local,snort}.rules}
+ # rule files and other settings
+ sed -i -e "/^EXTERNAL_NET\\s\\+=/ a include 'homenet.lua'" \
+ -e "/^HOME_NET\\s\\+=/ i -- we set HOME_NET and EXTERNAL_NET here or via an included file" \
+ -e 's/^\(HOME_NET\s\+=\)/--\1/g' \
+ -e 's/^\(EXTERNAL_NET\s\+=\)/--\1/g' \
+ "${pkgdir}"/etc/snort/snort.lua
+ sed -i -e "s/^\\(RULE_PATH\\s\\+=\\).*/\\1 'rules'/g" \
+ -e "s/^\\(BUILTIN_RULE_PATH\\s\\+=\\).*/\\1 'builtin_rules'/g" \
+ -e "s/^\\(PLUGIN_RULE_PATH\\s\\+=\\).*/\\1 'so_rules'/g" \
+ -e "s/^\\(WHITE_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
+ -e "s/^\\(BLACK_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
+ "${pkgdir}"/etc/snort/snort_defaults.lua
+
# OpenAppID files
install -d -m755 "${pkgdir}"/usr/lib/openappid/custom/{libs,lua,port}
cp -a --no-preserve=ownership -t "${pkgdir}"/usr/lib/openappid/ "${srcdir}"/odp
@@ -73,9 +90,10 @@ package() {
sha256sums=('57be62557178526059ded86d0bebf8a57aa4a46db9390a48ae030b6e45f1dc61'
'3046c5af1dd81a104f13d8e895226ef64bca7fa358238fb5f29c659081eaee2a'
- '502fbfe78bbacc8d6d3384b70b8e6f0343c537532360cee755d7be8f30eab39c'
- '2e60695f90e7cb3f1faad5aa90b3ad351f2175268fb31d6fa9601f11fca22d1c'
+ 'b3d86ffa12207afa0f2d3a2349cf4746711e71b8a43bdc593b1527eda972f8ea'
+ '7fbf5c1b1ca10fba73350e563cafeb8ea4db7eb5d69ef62c067df602f27678f2'
+ 'b61d6492f86c7d79c1a76d1394d099403981aac7f371b1fe22ddd8a4bb15c87c'
'a8a7684a676da5cd55c2b5ab012dac3d14c5a6c62f6e37c4913ba1dbe506088e'
'ae3245c5de527fb487c459f2f4a9c78803ae6341e9c81b9a404277679cdee051'
'bc4a02d184601faba5cd0f6cb454097a3b04a0c8fe56f5f8b36d24513484faa2'
- 'e1ff858e2cb062d76f72757746c4f87410151b06221255ca827b7279fee0d5df')
+ 'cb1108ab0a6ad38981a6f308b0ae2b276b68d08bfa0e38c036eae277b38b28d8')
diff --git a/cstdint.patch b/cstdint.patch
index 9896a4f221ed..095843d86714 100644
--- a/cstdint.patch
+++ b/cstdint.patch
@@ -18,7 +18,7 @@
using DaqVar = std::pair<std::string, std::string>;
using DaqVarList = std::vector<DaqVar>;
---- src/service_inspectors/wizard/magic.h.amm 2023-05-24 09:16:41.121404348 +0530
+--- src/service_inspectors/wizard/magic.h 2023-05-24 09:16:41.121404348 +0530
+++ src/service_inspectors/wizard/magic.h 2023-05-24 09:17:13.008321620 +0530
@@ -23,6 +23,7 @@
#include <cassert>
diff --git a/local.lua b/local.lua
index e83fd12ba1c4..45ecb3fcc62a 100644
--- a/local.lua
+++ b/local.lua
@@ -1,3 +1,9 @@
+-- use this file for local configuration
+snort =
+{
+ ['-Q'] = true, -- inline mode
+}
+
daq =
{
modules =
@@ -25,8 +31,14 @@ ips =
{
mode = inline,
+ -- disable rules which cause excessive logging
+ --states = [[
+ -- alert ( gid:116; sid: 150; enable:no; )
+ -- alert ( gid:116; sid: 151; enable:no; )
+ --]],
+
-- use this to enable decoder and inspector alerts
- enable_builtin_rules = true,
+ --enable_builtin_rules = true,
-- use include for rules files; be sure to set your path
-- note that rules files can include other rules files
diff --git a/snort.install b/snort.install
index 5a5f727a7a1d..cd25b823338c 100644
--- a/snort.install
+++ b/snort.install
@@ -1,7 +1,7 @@
post_install() {
/usr/bin/nohup /usr/bin/pulledpork_update.sh /etc/snort/rules/snort.rules > /dev/null 2>&1 &
cat << EOF
->>> EDIT /etc/snort/homenet.conf file to match your local network.
+>>> EDIT /etc/snort/homenet.lua file to match your local network.
>>> Add local rules to /etc/snort/rules/local.rules
>>> Note: ALERTs are automatically deleted after 60 days
diff --git a/snort.service b/snort.service
index 26b89f319ad7..2d21f3a49f3a 100644
--- a/snort.service
+++ b/snort.service
@@ -1,8 +1,8 @@
[Unit]
-Description=Snort IDS daemon in NFQUEUE mode
+Description=Snort IDS / IPS daemon
[Service]
-ExecStart=/usr/bin/snort -Q -c /etc/snort/snort.lua -l /var/log/snort --tweaks local
+ExecStart=/usr/bin/snort -M -c /etc/snort/snort.lua -l /var/log/snort --tweaks local
ExecReload=kill -HUP $MAINPID
[Install]
diff --git a/tcmjem.patch b/tcmjem.patch
new file mode 100644
index 000000000000..1206937b693f
--- /dev/null
+++ b/tcmjem.patch
@@ -0,0 +1,11 @@
+--- configure_cmake.sh 2023-06-05 17:30:25.919291388 +0530
++++ configure_cmake.sh 2023-06-05 17:32:39.363142785 +0530
+@@ -154,6 +154,8 @@
+ build_type=""
+ [ -z "$CFLAGS" ] && [ -z "$CXXFLAGS" ] && build_type="RelWithDebInfo"
+
++tcm=0
++jem=0
+
+ # parse arguments
+ while [ $# -ne 0 ]; do