diff options
author | Chunrong Guo <B40290@freescale.com> | 2013-11-04 10:39:56 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2013-11-20 16:28:42 -0500 |
commit | 881eb77ac627a1a64be0efa81ce074ecc362b4c7 (patch) | |
tree | 93efa0df2686dc9546f9b9a9c065eef26cf26833 /meta-networking/recipes-connectivity | |
parent | 8265d2bbc2342ceafe381143baa45f04dfafd45a (diff) | |
download | meta-openembedded-881eb77ac627a1a64be0efa81ce074ecc362b4c7.tar.gz |
snort: add recipe
*snort - a free lightweight network intrusion detection
system for UNIX and Windows
Signed-off-by: Chunrong Guo <B40290@freescale.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'meta-networking/recipes-connectivity')
5 files changed, 340 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch b/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch new file mode 100644 index 000000000..54c2a9521 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From 4d7ebe3ed6cee72bc7db98bd408d22c10ef5dd82 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe@deserted.net> | ||
3 | Date: Wed, 20 Nov 2013 16:06:07 -0500 | ||
4 | Subject: [PATCH] libpcap: search sysroot for headers | ||
5 | |||
6 | Configure hard-coded host header paths when building with libpcap. Point | ||
7 | the search path at the sysroot instead. | ||
8 | |||
9 | Upstream-Status: Pending | ||
10 | |||
11 | Signed-off-by: Joe MacDonald <joe@deserted.net> | ||
12 | --- | ||
13 | configure.in | 2 +- | ||
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/configure.in b/configure.in | ||
17 | index e52bb6c..8ded35d 100644 | ||
18 | --- a/configure.in | ||
19 | +++ b/configure.in | ||
20 | @@ -78,7 +78,7 @@ case "$host" in | ||
21 | linux="yes" | ||
22 | AC_DEFINE([LINUX],[1],[Define if Linux]) | ||
23 | AC_SUBST(extra_incl) | ||
24 | - extra_incl="-I/usr/include/pcap" | ||
25 | + extra_incl="-I=/usr/include/pcap" | ||
26 | ;; | ||
27 | *-hpux10*|*-hpux11*) | ||
28 | AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11]) | ||
29 | -- | ||
30 | 1.7.10.4 | ||
31 | |||
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch new file mode 100644 index 000000000..39e5c9c03 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | Upstream-Status:Inappropriate [embedded specific] | ||
2 | |||
3 | fix the below error: | ||
4 | checking for dap address space id... configure: | ||
5 | configure: error: cannot run test program while cross compiling | ||
6 | |||
7 | |||
8 | Signed-off-by: Chunrong Guo <B40290@freescale.com> | ||
9 | |||
10 | --- a/configure.in 2013-08-23 00:06:37.239361932 -0500 | ||
11 | +++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 | ||
12 | @@ -679,23 +679,23 @@ | ||
13 | |||
14 | AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) | ||
15 | |||
16 | -AC_MSG_CHECKING([for daq address space ID]) | ||
17 | -AC_RUN_IFELSE( | ||
18 | -[AC_LANG_PROGRAM( | ||
19 | -[[ | ||
20 | -#include <daq.h> | ||
21 | -]], | ||
22 | -[[ | ||
23 | - DAQ_PktHdr_t hdr; | ||
24 | - hdr.address_space_id = 0; | ||
25 | -]])], | ||
26 | -[have_daq_address_space_id="yes"], | ||
27 | -[have_daq_address_space_id="no"]) | ||
28 | -AC_MSG_RESULT($have_daq_address_space_id) | ||
29 | -if test "x$have_daq_address_space_id" = "xyes"; then | ||
30 | - AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], | ||
31 | - [DAQ version supports address space ID in header.]) | ||
32 | -fi | ||
33 | +#AC_MSG_CHECKING([for daq address space ID]) | ||
34 | +#AC_RUN_IFELSE( | ||
35 | +#[AC_LANG_PROGRAM( | ||
36 | +#[[ | ||
37 | +##include <daq.h> | ||
38 | +#]], | ||
39 | +#[[ | ||
40 | +# DAQ_PktHdr_t hdr; | ||
41 | +# hdr.address_space_id = 0; | ||
42 | +#]])], | ||
43 | +have_daq_address_space_id="yes" | ||
44 | +#[have_daq_address_space_id="no"]) | ||
45 | +#AC_MSG_RESULT($have_daq_address_space_id) | ||
46 | +#if test "x$have_daq_address_space_id" = "xyes"; then | ||
47 | +# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], | ||
48 | +# [DAQ version supports address space ID in header.]) | ||
49 | +#fi | ||
50 | |||
51 | # any sparc platform has to have this one defined. | ||
52 | AC_MSG_CHECKING(for sparc) | ||
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch new file mode 100644 index 000000000..9dafe6345 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch | |||
@@ -0,0 +1,75 @@ | |||
1 | Upstream-Status: Inappropriate [embedded specific] | ||
2 | |||
3 | fix the below error: | ||
4 | checking for INADDR_NONE... configure: | ||
5 | configure: error: cannot run test program while cross compiling | ||
6 | |||
7 | Signed-off-by: Chunrong Guo <B40290@freescale.com> | ||
8 | |||
9 | |||
10 | --- a/configure.in 2013-08-21 03:56:17.197414789 -0500 | ||
11 | +++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 | ||
12 | @@ -281,25 +281,7 @@ | ||
13 | AC_CHECK_TYPES([boolean]) | ||
14 | |||
15 | # In case INADDR_NONE is not defined (like on Solaris) | ||
16 | -have_inaddr_none="no" | ||
17 | -AC_MSG_CHECKING([for INADDR_NONE]) | ||
18 | -AC_RUN_IFELSE( | ||
19 | -[AC_LANG_PROGRAM( | ||
20 | -[[ | ||
21 | -#include <sys/types.h> | ||
22 | -#include <netinet/in.h> | ||
23 | -#include <arpa/inet.h> | ||
24 | -]], | ||
25 | -[[ | ||
26 | - if (inet_addr("10,5,2") == INADDR_NONE); | ||
27 | - return 0; | ||
28 | -]])], | ||
29 | -[have_inaddr_none="yes"], | ||
30 | -[have_inaddr_none="no"]) | ||
31 | -AC_MSG_RESULT($have_inaddr_none) | ||
32 | -if test "x$have_inaddr_none" = "xno"; then | ||
33 | - AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) | ||
34 | -fi | ||
35 | +have_inaddr_none="yes" | ||
36 | |||
37 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | ||
38 | #include <stdio.h> | ||
39 | @@ -397,21 +379,21 @@ | ||
40 | fi | ||
41 | fi | ||
42 | |||
43 | -AC_MSG_CHECKING([for pcap_lex_destroy]) | ||
44 | -AC_RUN_IFELSE( | ||
45 | -[AC_LANG_PROGRAM( | ||
46 | -[[ | ||
47 | -#include <pcap.h> | ||
48 | -]], | ||
49 | -[[ | ||
50 | - pcap_lex_destroy(); | ||
51 | -]])], | ||
52 | -[have_pcap_lex_destroy="yes"], | ||
53 | -[have_pcap_lex_destroy="no"]) | ||
54 | -AC_MSG_RESULT($have_pcap_lex_destroy) | ||
55 | -if test "x$have_pcap_lex_destroy" = "xyes"; then | ||
56 | - AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) | ||
57 | -fi | ||
58 | +#AC_MSG_CHECKING([for pcap_lex_destroy]) | ||
59 | +#AC_RUN_IFELSE( | ||
60 | +#[AC_LANG_PROGRAM( | ||
61 | +#[[ | ||
62 | +##include <pcap.h> | ||
63 | +#]], | ||
64 | +#[[ | ||
65 | +# pcap_lex_destroy(); | ||
66 | +#]])], | ||
67 | +have_pcap_lex_destroy="yes" | ||
68 | +#[have_pcap_lex_destroy="no"]) | ||
69 | +#AC_MSG_RESULT($have_pcap_lex_destroy) | ||
70 | +#if test "x$have_pcap_lex_destroy" = "xyes"; then | ||
71 | +# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) | ||
72 | +#fi | ||
73 | |||
74 | AC_MSG_CHECKING([for pcap_lib_version]) | ||
75 | AC_LINK_IFELSE( | ||
diff --git a/meta-networking/recipes-connectivity/snort/files/snort.init b/meta-networking/recipes-connectivity/snort/files/snort.init new file mode 100644 index 000000000..d8a00c43f --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/snort.init | |||
@@ -0,0 +1,109 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # Snort Startup Script modified for OpenEmbedded | ||
4 | # | ||
5 | |||
6 | # Script variables | ||
7 | |||
8 | LAN_INTERFACE="$2" | ||
9 | RETURN_VAL=0 | ||
10 | BINARY=/usr/bin/snort | ||
11 | PATH=/bin:/usr/bin | ||
12 | PID=/var/run/snort_${LAN_INTERFACE}_ids.pid | ||
13 | DEL_PID=$PID | ||
14 | LOGDIR="/var/log/snort" | ||
15 | DATE=`/bin/date +%Y%m%d` | ||
16 | CONFIG_FILE=/etc/snort/snort.conf | ||
17 | PROG=snort | ||
18 | USER=root | ||
19 | GROUP=root | ||
20 | |||
21 | if [ ! -x "$BINARY" ]; then | ||
22 | echo "ERROR: $BINARY not found." | ||
23 | exit 1 | ||
24 | fi | ||
25 | |||
26 | if [ ! -r "$CONFIG_FILE" ]; then | ||
27 | echo "ERROR: $CONFIG_FILE not found." | ||
28 | exit 1 | ||
29 | fi | ||
30 | |||
31 | start() | ||
32 | { | ||
33 | |||
34 | [ -n "$LAN_INTERFACE" ] || return 0 | ||
35 | # Check if log diratory is present. Otherwise, create it. | ||
36 | if [ ! -d $LOGDIR/$DATE ]; then | ||
37 | mkdir -d $LOGDIR/$DATE | ||
38 | /bin/chown -R $USER:$USER $LOGDIR/$DATE | ||
39 | /bin/chmod -R 700 $LOGDIR/$DATE | ||
40 | fi | ||
41 | |||
42 | /bin/echo "Starting $PROG: " | ||
43 | # Snort parameters | ||
44 | # -D Run Snort in background (daemon) mode | ||
45 | # -i <if> Listen on interface <if> | ||
46 | # -u <uname> Run snort uid as <uname> user (or uid) | ||
47 | # -g <gname> Run snort uid as <gname> group (or gid) | ||
48 | # -c Load configuration file | ||
49 | # -N Turn off logging (alerts still work) (removed to enable logging) :) | ||
50 | # -l Log to directory | ||
51 | # -t Chroots process to directory after initialization | ||
52 | # -R <id> Include 'id' in snort_intf<id>.pid file name | ||
53 | |||
54 | $BINARY -D -i $LAN_INTERFACE -u $USER -g $GROUP -c $CONFIG_FILE -l $LOGDIR/$DATE -t $LOGDIR/$DATE -R _ids | ||
55 | /bin/echo "$PROG startup complete." | ||
56 | return $RETURN_VAL | ||
57 | } | ||
58 | |||
59 | stop() | ||
60 | { | ||
61 | if [ -s $PID ]; then | ||
62 | /bin/echo "Stopping $PROG with PID `cat $PID`: " | ||
63 | kill -TERM `cat $PID` 2>/dev/null | ||
64 | RETURN_VAL=$? | ||
65 | /bin/echo "$PROG shutdown complete." | ||
66 | [ -e $DEL_PID ] && rm -f $DEL_PID | ||
67 | [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck | ||
68 | else | ||
69 | /bin/echo "ERROR: PID in $PID file not found." | ||
70 | RETURN_VAL=1 | ||
71 | fi | ||
72 | return $RETURN_VAL | ||
73 | } | ||
74 | |||
75 | status() { | ||
76 | if [ -s $PID ]; then | ||
77 | echo "$PROG is running as pid `cat $PID`:" | ||
78 | else | ||
79 | echo "$PROG is not running." | ||
80 | fi | ||
81 | } | ||
82 | |||
83 | restart() | ||
84 | { | ||
85 | stop | ||
86 | start | ||
87 | RETURN_VAL=$? | ||
88 | return $RETURN_VAL | ||
89 | } | ||
90 | |||
91 | case "$1" in | ||
92 | start) | ||
93 | start | ||
94 | ;; | ||
95 | stop) | ||
96 | stop | ||
97 | ;; | ||
98 | status) | ||
99 | status | ||
100 | ;; | ||
101 | restart|reload) | ||
102 | restart | ||
103 | ;; | ||
104 | *) | ||
105 | /bin/echo "Usage: $0 {start|stop|status|restart|reload}" | ||
106 | RETURN_VAL=1 | ||
107 | esac | ||
108 | |||
109 | exit $RETURN_VAL | ||
diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb new file mode 100644 index 000000000..acb1b1a88 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb | |||
@@ -0,0 +1,73 @@ | |||
1 | DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." | ||
2 | HOMEPAGE = "http://www.snort.org/" | ||
3 | LICENSE = "GPL-2.0" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" | ||
5 | |||
6 | DEPENDS = "libpcap libpcre daq libdnet" | ||
7 | |||
8 | |||
9 | SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ | ||
10 | file://snort.init \ | ||
11 | file://disable-inaddr-none.patch \ | ||
12 | file://disable-dap-address-space-id.patch \ | ||
13 | file://0001-libpcap-search-sysroot-for-headers.patch \ | ||
14 | " | ||
15 | |||
16 | SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" | ||
17 | SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" | ||
18 | |||
19 | inherit autotools gettext update-rc.d | ||
20 | |||
21 | INITSCRIPT_NAME = "snort" | ||
22 | INITSCRIPT_PARAMS = "defaults" | ||
23 | |||
24 | EXTRA_OECONF = " \ | ||
25 | --enable-gre \ | ||
26 | --enable-linux-smp-stats \ | ||
27 | --enable-reload \ | ||
28 | --enable-reload-error-restart \ | ||
29 | --enable-targetbased \ | ||
30 | --disable-static-daq \ | ||
31 | " | ||
32 | |||
33 | do_install_append() { | ||
34 | install -d ${D}/${sysconfdir}/snort/rules | ||
35 | install -d ${D}/${sysconfdir}/snort/preproc_rules | ||
36 | install -d ${D}${sysconfdir}/init.d | ||
37 | for i in map config conf dtd; do | ||
38 | cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ | ||
39 | done | ||
40 | cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ | ||
41 | install -m 755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort | ||
42 | mkdir -p ${D}/${localstatedir}/log/snort | ||
43 | install -d ${D}/var/log/snort | ||
44 | } | ||
45 | |||
46 | FILES_${PN} += " \ | ||
47 | ${libdir}/snort_dynamicengine/*.so.* \ | ||
48 | ${libdir}/snort_dynamicpreprocessor/*.so.* \ | ||
49 | ${libdir}/snort_dynamicrules/*.so.* \ | ||
50 | " | ||
51 | FILES_${PN}-dbg += " \ | ||
52 | ${libdir}/snort_dynamicengine/.debug \ | ||
53 | ${libdir}/snort_dynamicpreprocessor/.debug \ | ||
54 | ${libdir}/snort_dynamicrules/.debug \ | ||
55 | " | ||
56 | FILES_${PN}-staticdev += " \ | ||
57 | ${libdir}/snort_dynamicengine/*.a \ | ||
58 | ${libdir}/snort_dynamicpreprocessor/*.a \ | ||
59 | ${libdir}/snort_dynamicrules/*.a \ | ||
60 | ${libdir}/snort/dynamic_preproc/*.a \ | ||
61 | ${libdir}/snort/dynamic_output/*.a \ | ||
62 | " | ||
63 | FILES_${PN}-dev += " \ | ||
64 | ${libdir}/snort_dynamicengine/*.la \ | ||
65 | ${libdir}/snort_dynamicpreprocessor/*.la \ | ||
66 | ${libdir}/snort_dynamicrules/*.la \ | ||
67 | ${libdir}/snort_dynamicengine/*.so \ | ||
68 | ${libdir}/snort_dynamicpreprocessor/*.so \ | ||
69 | ${libdir}/snort_dynamicrules/*.so \ | ||
70 | ${prefix}/src/snort_dynamicsrc \ | ||
71 | " | ||
72 | |||
73 | RRECOMMENDS_${PN} += "barnyard2" | ||