snort: add recipe

*snort - a free lightweight network intrusion detection system for UNIX and Windows Signed-off-by: Chunrong Guo <B40290@freescale.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Chunrong Guo <B40290@freescale.com> 2013-11-04 10:39:56 +0800
committer: Joe MacDonald <joe@deserted.net> 2013-11-20 16:28:42 -0500
commit: 881eb77ac627a1a64be0efa81ce074ecc362b4c7 (patch)
tree: 93efa0df2686dc9546f9b9a9c065eef26cf26833 /meta-networking/recipes-connectivity
parent: 8265d2bbc2342ceafe381143baa45f04dfafd45a (diff)
download: meta-openembedded-881eb77ac627a1a64be0efa81ce074ecc362b4c7.tar.gz
5 files changed, 340 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch b/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch
new file mode 100644
index 0000000000..54c2a9521b
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch
@@ -0,0 +1,31 @@
+From 4d7ebe3ed6cee72bc7db98bd408d22c10ef5dd82 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe@deserted.net>
+Date: Wed, 20 Nov 2013 16:06:07 -0500
+Subject: [PATCH] libpcap: search sysroot for headers
+Configure hard-coded host header paths when building with libpcap.  Point
+the search path at the sysroot instead.
+Upstream-Status: Pending
+Signed-off-by: Joe MacDonald <joe@deserted.net>
+---
+ configure.in |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/configure.in b/configure.in
+index e52bb6c..8ded35d 100644
+--- a/configure.in
+++ b/configure.in
+@@ -78,7 +78,7 @@ case "$host" in
+     linux="yes"
+     AC_DEFINE([LINUX],[1],[Define if Linux])
+     AC_SUBST(extra_incl)
+-    extra_incl="-I/usr/include/pcap"
+    extra_incl="-I=/usr/include/pcap"
+     ;;
+   *-hpux10*|*-hpux11*)
+     AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11])
+-- 
+1.7.10.4
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
new file mode 100644
index 0000000000..39e5c9c03a
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
@@ -0,0 +1,52 @@
+Upstream-Status:Inappropriate [embedded specific]
+fix the below error:
+checking for dap address space id... configure: 
+configure: error: cannot run test program while cross compiling
+Signed-off-by: Chunrong Guo <B40290@freescale.com>
+--- a/configure.in      2013-08-23 00:06:37.239361932 -0500
+++ b/configure.in      2013-08-23 00:07:32.860266534 -0500
+@@ -679,23 +679,23 @@
+ 
+ AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
+ 
+-AC_MSG_CHECKING([for daq address space ID])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_PktHdr_t hdr;
+-   hdr.address_space_id = 0;
+-]])],
+-[have_daq_address_space_id="yes"],
+-[have_daq_address_space_id="no"])
+-AC_MSG_RESULT($have_daq_address_space_id)
+-if test "x$have_daq_address_space_id" = "xyes"; then
+-    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
+-        [DAQ version supports address space ID in header.])
+-fi
+#AC_MSG_CHECKING([for daq address space ID])
+#AC_RUN_IFELSE(
+#[AC_LANG_PROGRAM(
+#[[
+##include <daq.h>
+#]],
+#[[
+#   DAQ_PktHdr_t hdr;
+#   hdr.address_space_id = 0;
+#]])],
+have_daq_address_space_id="yes"
+#[have_daq_address_space_id="no"])
+#AC_MSG_RESULT($have_daq_address_space_id)
+#if test "x$have_daq_address_space_id" = "xyes"; then
+#    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
+#        [DAQ version supports address space ID in header.])
+#fi
+ 
+ # any sparc platform has to have this one defined.
+ AC_MSG_CHECKING(for sparc)
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
new file mode 100644
index 0000000000..9dafe63459
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
@@ -0,0 +1,75 @@
+Upstream-Status: Inappropriate [embedded specific]
+fix the below error:
+checking for INADDR_NONE... configure:
+configure: error: cannot run test program while cross compiling
+Signed-off-by: Chunrong Guo <B40290@freescale.com>
+--- a/configure.in      2013-08-21 03:56:17.197414789 -0500
+++ b/configure.in      2013-08-21 23:19:05.298553560 -0500
+@@ -281,25 +281,7 @@
+ AC_CHECK_TYPES([boolean])
+ 
+ # In case INADDR_NONE is not defined (like on Solaris)
+-have_inaddr_none="no"
+-AC_MSG_CHECKING([for INADDR_NONE])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <sys/types.h>
+-#include <netinet/in.h>
+-#include <arpa/inet.h>
+-]],
+-[[
+-       if (inet_addr("10,5,2") == INADDR_NONE);
+-    return 0;
+-]])],
+-[have_inaddr_none="yes"],
+-[have_inaddr_none="no"])
+-AC_MSG_RESULT($have_inaddr_none)
+-if test "x$have_inaddr_none" = "xno"; then
+-       AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
+-fi
+have_inaddr_none="yes"
+ 
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <stdio.h>
+@@ -397,21 +379,21 @@
+   fi
+ fi
+ 
+-AC_MSG_CHECKING([for pcap_lex_destroy])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <pcap.h>
+-]],
+-[[
+-   pcap_lex_destroy();
+-]])],
+-[have_pcap_lex_destroy="yes"],
+-[have_pcap_lex_destroy="no"])
+-AC_MSG_RESULT($have_pcap_lex_destroy)
+-if test "x$have_pcap_lex_destroy" = "xyes"; then
+-    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
+-fi
+#AC_MSG_CHECKING([for pcap_lex_destroy])
+#AC_RUN_IFELSE(
+#[AC_LANG_PROGRAM(
+#[[
+##include <pcap.h>
+#]],
+#[[
+#   pcap_lex_destroy();
+#]])],
+have_pcap_lex_destroy="yes"
+#[have_pcap_lex_destroy="no"])
+#AC_MSG_RESULT($have_pcap_lex_destroy)
+#if test "x$have_pcap_lex_destroy" = "xyes"; then
+#    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
+#fi
+ 
+ AC_MSG_CHECKING([for pcap_lib_version])
+ AC_LINK_IFELSE(
diff --git a/meta-networking/recipes-connectivity/snort/files/snort.init b/meta-networking/recipes-connectivity/snort/files/snort.init
new file mode 100644
index 0000000000..d8a00c43fc
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/snort.init
@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+#   Snort Startup Script modified for OpenEmbedded
+#
+# Script variables
+LAN_INTERFACE="$2"
+RETURN_VAL=0
+BINARY=/usr/bin/snort
+PATH=/bin:/usr/bin
+PID=/var/run/snort_${LAN_INTERFACE}_ids.pid
+DEL_PID=$PID
+LOGDIR="/var/log/snort"
+DATE=`/bin/date +%Y%m%d`
+CONFIG_FILE=/etc/snort/snort.conf
+PROG=snort
+USER=root
+GROUP=root
+if [ ! -x "$BINARY" ]; then
+    echo "ERROR: $BINARY not found."
+    exit 1
+fi
+if [ ! -r "$CONFIG_FILE" ]; then
+    echo "ERROR: $CONFIG_FILE not found."
+    exit 1
+fi
+start()
+{
+    [ -n "$LAN_INTERFACE" ] || return 0
+    # Check if log diratory is present. Otherwise, create it.
+    if [ ! -d $LOGDIR/$DATE ]; then
+        mkdir -d $LOGDIR/$DATE
+        /bin/chown -R $USER:$USER $LOGDIR/$DATE
+    /bin/chmod -R 700 $LOGDIR/$DATE
+    fi
+    /bin/echo "Starting $PROG: "
+    # Snort parameters
+    # -D Run Snort in background (daemon) mode
+    # -i <if> Listen on interface <if>
+    # -u <uname> Run snort uid as <uname> user (or uid)
+    # -g <gname> Run snort uid as <gname> group (or gid)
+    # -c Load configuration file
+    # -N Turn off logging (alerts still work) (removed to enable logging) :)
+    # -l Log to directory
+    # -t Chroots process to directory after initialization
+    # -R <id> Include 'id' in snort_intf<id>.pid file name
+    $BINARY -D -i $LAN_INTERFACE -u $USER -g $GROUP -c $CONFIG_FILE -l $LOGDIR/$DATE -t $LOGDIR/$DATE -R _ids
+    /bin/echo "$PROG startup complete."
+    return $RETURN_VAL
+}
+stop()
+{
+    if [ -s $PID ]; then
+        /bin/echo "Stopping $PROG with PID `cat $PID`: "
+        kill -TERM `cat $PID` 2>/dev/null
+        RETURN_VAL=$?
+        /bin/echo "$PROG shutdown complete."
+        [ -e $DEL_PID ] && rm -f $DEL_PID
+    [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck
+    else
+        /bin/echo "ERROR: PID in $PID file not found."
+        RETURN_VAL=1
+    fi
+    return $RETURN_VAL
+}
+status() {
+        if [ -s $PID ]; then
+                echo "$PROG is running as pid `cat $PID`:"
+        else
+                echo "$PROG is not running."
+        fi
+}
+restart()
+{
+    stop
+    start
+    RETURN_VAL=$?
+    return $RETURN_VAL
+}
+case "$1" in
+ start)
+       start
+    ;;
+ stop)
+       stop
+    ;;
+ status)
+       status
+    ;;
+ restart|reload)
+       restart
+    ;;
+ *)
+    /bin/echo "Usage: $0 {start|stop|status|restart|reload}"
+    RETURN_VAL=1
+esac
+exit $RETURN_VAL
diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
new file mode 100644
index 0000000000..acb1b1a88d
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
@@ -0,0 +1,73 @@
+DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
+HOMEPAGE = "http://www.snort.org/"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
+DEPENDS = "libpcap libpcre daq libdnet"
+SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
+            file://snort.init \
+            file://disable-inaddr-none.patch \
+            file://disable-dap-address-space-id.patch \
+            file://0001-libpcap-search-sysroot-for-headers.patch \
+"
+SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
+SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
+inherit autotools  gettext  update-rc.d
+INITSCRIPT_NAME = "snort"
+INITSCRIPT_PARAMS = "defaults"
+EXTRA_OECONF = " \
+        --enable-gre \
+        --enable-linux-smp-stats \
+        --enable-reload \
+        --enable-reload-error-restart \
+        --enable-targetbased \
+        --disable-static-daq \
+        "
+do_install_append() {
+    install -d ${D}/${sysconfdir}/snort/rules
+    install -d ${D}/${sysconfdir}/snort/preproc_rules
+    install -d ${D}${sysconfdir}/init.d
+    for i in map config conf dtd; do
+        cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
+    done
+    cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
+    install -m 755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort
+    mkdir -p ${D}/${localstatedir}/log/snort
+    install -d ${D}/var/log/snort
+}
+FILES_${PN} += " \
+        ${libdir}/snort_dynamicengine/*.so.* \
+        ${libdir}/snort_dynamicpreprocessor/*.so.* \
+        ${libdir}/snort_dynamicrules/*.so.* \
+        "
+FILES_${PN}-dbg += " \
+        ${libdir}/snort_dynamicengine/.debug \
+        ${libdir}/snort_dynamicpreprocessor/.debug \
+        ${libdir}/snort_dynamicrules/.debug \
+        "
+FILES_${PN}-staticdev += " \
+        ${libdir}/snort_dynamicengine/*.a \
+        ${libdir}/snort_dynamicpreprocessor/*.a \
+        ${libdir}/snort_dynamicrules/*.a \
+        ${libdir}/snort/dynamic_preproc/*.a \
+        ${libdir}/snort/dynamic_output/*.a \
+        "
+FILES_${PN}-dev += " \
+        ${libdir}/snort_dynamicengine/*.la \
+        ${libdir}/snort_dynamicpreprocessor/*.la \
+        ${libdir}/snort_dynamicrules/*.la \
+        ${libdir}/snort_dynamicengine/*.so \
+        ${libdir}/snort_dynamicpreprocessor/*.so \
+        ${libdir}/snort_dynamicrules/*.so \
+        ${prefix}/src/snort_dynamicsrc \
+        "
+RRECOMMENDS_${PN} += "barnyard2"
author	Chunrong Guo <B40290@freescale.com>	2013-11-04 10:39:56 +0800
committer	Joe MacDonald <joe@deserted.net>	2013-11-20 16:28:42 -0500
commit	881eb77ac627a1a64be0efa81ce074ecc362b4c7 (patch)
tree	93efa0df2686dc9546f9b9a9c065eef26cf26833 /meta-networking/recipes-connectivity
parent	8265d2bbc2342ceafe381143baa45f04dfafd45a (diff)
download	meta-openembedded-881eb77ac627a1a64be0efa81ce074ecc362b4c7.tar.gz

diff --git a/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch b/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch new file mode 100644 index 0000000000..54c2a9521b --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/0001-libpcap-search-sysroot-for-headers.patch
@@ -0,0 +1,31 @@
	1	From 4d7ebe3ed6cee72bc7db98bd408d22c10ef5dd82 Mon Sep 17 00:00:00 2001
	2	From: Joe MacDonald <joe@deserted.net>
	3	Date: Wed, 20 Nov 2013 16:06:07 -0500
	4	Subject: [PATCH] libpcap: search sysroot for headers
	5
	6	Configure hard-coded host header paths when building with libpcap. Point
	7	the search path at the sysroot instead.
	8
	9	Upstream-Status: Pending
	10
	11	Signed-off-by: Joe MacDonald <joe@deserted.net>
	12	---
	13	configure.in \| 2 +-
	14	1 file changed, 1 insertion(+), 1 deletion(-)
	15
	16	diff --git a/configure.in b/configure.in
	17	index e52bb6c..8ded35d 100644
	18	--- a/configure.in
	19	+++ b/configure.in
	20	@@ -78,7 +78,7 @@ case "$host" in
	21	linux="yes"
	22	AC_DEFINE([LINUX],[1],[Define if Linux])
	23	AC_SUBST(extra_incl)
	24	- extra_incl="-I/usr/include/pcap"
	25	+ extra_incl="-I=/usr/include/pcap"
	26	;;
	27	-hpux10\|-hpux11)
	28	AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11])
	29	--
	30	1.7.10.4
	31


diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch new file mode 100644 index 0000000000..39e5c9c03a --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
@@ -0,0 +1,52 @@
	1	Upstream-Status:Inappropriate [embedded specific]
	2
	3	fix the below error:
	4	checking for dap address space id... configure:
	5	configure: error: cannot run test program while cross compiling
	6
	7
	8	Signed-off-by: Chunrong Guo <B40290@freescale.com>
	9
	10	--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
	11	+++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
	12	@@ -679,23 +679,23 @@
	13
	14	AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
	15
	16	-AC_MSG_CHECKING([for daq address space ID])
	17	-AC_RUN_IFELSE(
	18	-[AC_LANG_PROGRAM(
	19	-[[
	20	-#include <daq.h>
	21	-]],
	22	-[[
	23	- DAQ_PktHdr_t hdr;
	24	- hdr.address_space_id = 0;
	25	-]])],
	26	-[have_daq_address_space_id="yes"],
	27	-[have_daq_address_space_id="no"])
	28	-AC_MSG_RESULT($have_daq_address_space_id)
	29	-if test "x$have_daq_address_space_id" = "xyes"; then
	30	- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
	31	- [DAQ version supports address space ID in header.])
	32	-fi
	33	+#AC_MSG_CHECKING([for daq address space ID])
	34	+#AC_RUN_IFELSE(
	35	+#[AC_LANG_PROGRAM(
	36	+#[[
	37	+##include <daq.h>
	38	+#]],
	39	+#[[
	40	+# DAQ_PktHdr_t hdr;
	41	+# hdr.address_space_id = 0;
	42	+#]])],
	43	+have_daq_address_space_id="yes"
	44	+#[have_daq_address_space_id="no"])
	45	+#AC_MSG_RESULT($have_daq_address_space_id)
	46	+#if test "x$have_daq_address_space_id" = "xyes"; then
	47	+# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
	48	+# [DAQ version supports address space ID in header.])
	49	+#fi
	50
	51	# any sparc platform has to have this one defined.
	52	AC_MSG_CHECKING(for sparc)


diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch new file mode 100644 index 0000000000..9dafe63459 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
@@ -0,0 +1,75 @@
	1	Upstream-Status: Inappropriate [embedded specific]
	2
	3	fix the below error:
	4	checking for INADDR_NONE... configure:
	5	configure: error: cannot run test program while cross compiling
	6
	7	Signed-off-by: Chunrong Guo <B40290@freescale.com>
	8
	9
	10	--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
	11	+++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
	12	@@ -281,25 +281,7 @@
	13	AC_CHECK_TYPES([boolean])
	14
	15	# In case INADDR_NONE is not defined (like on Solaris)
	16	-have_inaddr_none="no"
	17	-AC_MSG_CHECKING([for INADDR_NONE])
	18	-AC_RUN_IFELSE(
	19	-[AC_LANG_PROGRAM(
	20	-[[
	21	-#include <sys/types.h>
	22	-#include <netinet/in.h>
	23	-#include <arpa/inet.h>
	24	-]],
	25	-[[
	26	- if (inet_addr("10,5,2") == INADDR_NONE);
	27	- return 0;
	28	-]])],
	29	-[have_inaddr_none="yes"],
	30	-[have_inaddr_none="no"])
	31	-AC_MSG_RESULT($have_inaddr_none)
	32	-if test "x$have_inaddr_none" = "xno"; then
	33	- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
	34	-fi
	35	+have_inaddr_none="yes"
	36
	37	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
	38	#include <stdio.h>
	39	@@ -397,21 +379,21 @@
	40	fi
	41	fi
	42
	43	-AC_MSG_CHECKING([for pcap_lex_destroy])
	44	-AC_RUN_IFELSE(
	45	-[AC_LANG_PROGRAM(
	46	-[[
	47	-#include <pcap.h>
	48	-]],
	49	-[[
	50	- pcap_lex_destroy();
	51	-]])],
	52	-[have_pcap_lex_destroy="yes"],
	53	-[have_pcap_lex_destroy="no"])
	54	-AC_MSG_RESULT($have_pcap_lex_destroy)
	55	-if test "x$have_pcap_lex_destroy" = "xyes"; then
	56	- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
	57	-fi
	58	+#AC_MSG_CHECKING([for pcap_lex_destroy])
	59	+#AC_RUN_IFELSE(
	60	+#[AC_LANG_PROGRAM(
	61	+#[[
	62	+##include <pcap.h>
	63	+#]],
	64	+#[[
	65	+# pcap_lex_destroy();
	66	+#]])],
	67	+have_pcap_lex_destroy="yes"
	68	+#[have_pcap_lex_destroy="no"])
	69	+#AC_MSG_RESULT($have_pcap_lex_destroy)
	70	+#if test "x$have_pcap_lex_destroy" = "xyes"; then
	71	+# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
	72	+#fi
	73
	74	AC_MSG_CHECKING([for pcap_lib_version])
	75	AC_LINK_IFELSE(


diff --git a/meta-networking/recipes-connectivity/snort/files/snort.init b/meta-networking/recipes-connectivity/snort/files/snort.init new file mode 100644 index 0000000000..d8a00c43fc --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/files/snort.init
@@ -0,0 +1,109 @@
	1	#!/bin/sh
	2	#
	3	# Snort Startup Script modified for OpenEmbedded
	4	#
	5
	6	# Script variables
	7
	8	LAN_INTERFACE="$2"
	9	RETURN_VAL=0
	10	BINARY=/usr/bin/snort
	11	PATH=/bin:/usr/bin
	12	PID=/var/run/snort_${LAN_INTERFACE}_ids.pid
	13	DEL_PID=$PID
	14	LOGDIR="/var/log/snort"
	15	DATE=`/bin/date +%Y%m%d`
	16	CONFIG_FILE=/etc/snort/snort.conf
	17	PROG=snort
	18	USER=root
	19	GROUP=root
	20
	21	if [ ! -x "$BINARY" ]; then
	22	echo "ERROR: $BINARY not found."
	23	exit 1
	24	fi
	25
	26	if [ ! -r "$CONFIG_FILE" ]; then
	27	echo "ERROR: $CONFIG_FILE not found."
	28	exit 1
	29	fi
	30
	31	start()
	32	{
	33
	34	[ -n "$LAN_INTERFACE" ] \|\| return 0
	35	# Check if log diratory is present. Otherwise, create it.
	36	if [ ! -d $LOGDIR/$DATE ]; then
	37	mkdir -d $LOGDIR/$DATE
	38	/bin/chown -R $USER:$USER $LOGDIR/$DATE
	39	/bin/chmod -R 700 $LOGDIR/$DATE
	40	fi
	41
	42	/bin/echo "Starting $PROG: "
	43	# Snort parameters
	44	# -D Run Snort in background (daemon) mode
	45	# -i <if> Listen on interface <if>
	46	# -u <uname> Run snort uid as <uname> user (or uid)
	47	# -g <gname> Run snort uid as <gname> group (or gid)
	48	# -c Load configuration file
	49	# -N Turn off logging (alerts still work) (removed to enable logging) :)
	50	# -l Log to directory
	51	# -t Chroots process to directory after initialization
	52	# -R <id> Include 'id' in snort_intf<id>.pid file name
	53
	54	$BINARY -D -i $LAN_INTERFACE -u $USER -g $GROUP -c $CONFIG_FILE -l $LOGDIR/$DATE -t $LOGDIR/$DATE -R _ids
	55	/bin/echo "$PROG startup complete."
	56	return $RETURN_VAL
	57	}
	58
	59	stop()
	60	{
	61	if [ -s $PID ]; then
	62	/bin/echo "Stopping $PROG with PID `cat $PID`: "
	63	kill -TERM `cat $PID` 2>/dev/null
	64	RETURN_VAL=$?
	65	/bin/echo "$PROG shutdown complete."
	66	[ -e $DEL_PID ] && rm -f $DEL_PID
	67	[ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck
	68	else
	69	/bin/echo "ERROR: PID in $PID file not found."
	70	RETURN_VAL=1
	71	fi
	72	return $RETURN_VAL
	73	}
	74
	75	status() {
	76	if [ -s $PID ]; then
	77	echo "$PROG is running as pid `cat $PID`:"
	78	else
	79	echo "$PROG is not running."
	80	fi
	81	}
	82
	83	restart()
	84	{
	85	stop
	86	start
	87	RETURN_VAL=$?
	88	return $RETURN_VAL
	89	}
	90
	91	case "$1" in
	92	start)
	93	start
	94	;;
	95	stop)
	96	stop
	97	;;
	98	status)
	99	status
	100	;;
	101	restart\|reload)
	102	restart
	103	;;
	104	*)
	105	/bin/echo "Usage: $0 {start\|stop\|status\|restart\|reload}"
	106	RETURN_VAL=1
	107	esac
	108
	109	exit $RETURN_VAL


diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb new file mode 100644 index 0000000000..acb1b1a88d --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
@@ -0,0 +1,73 @@
	1	DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
	2	HOMEPAGE = "http://www.snort.org/"
	3	LICENSE = "GPL-2.0"
	4	LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
	5
	6	DEPENDS = "libpcap libpcre daq libdnet"
	7
	8
	9	SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
	10	file://snort.init \
	11	file://disable-inaddr-none.patch \
	12	file://disable-dap-address-space-id.patch \
	13	file://0001-libpcap-search-sysroot-for-headers.patch \
	14	"
	15
	16	SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
	17	SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
	18
	19	inherit autotools gettext update-rc.d
	20
	21	INITSCRIPT_NAME = "snort"
	22	INITSCRIPT_PARAMS = "defaults"
	23
	24	EXTRA_OECONF = " \
	25	--enable-gre \
	26	--enable-linux-smp-stats \
	27	--enable-reload \
	28	--enable-reload-error-restart \
	29	--enable-targetbased \
	30	--disable-static-daq \
	31	"
	32
	33	do_install_append() {
	34	install -d ${D}/${sysconfdir}/snort/rules
	35	install -d ${D}/${sysconfdir}/snort/preproc_rules
	36	install -d ${D}${sysconfdir}/init.d
	37	for i in map config conf dtd; do
	38	cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
	39	done
	40	cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
	41	install -m 755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort
	42	mkdir -p ${D}/${localstatedir}/log/snort
	43	install -d ${D}/var/log/snort
	44	}
	45
	46	FILES_${PN} += " \
	47	${libdir}/snort_dynamicengine/.so. \
	48	${libdir}/snort_dynamicpreprocessor/.so. \
	49	${libdir}/snort_dynamicrules/.so. \
	50	"
	51	FILES_${PN}-dbg += " \
	52	${libdir}/snort_dynamicengine/.debug \
	53	${libdir}/snort_dynamicpreprocessor/.debug \
	54	${libdir}/snort_dynamicrules/.debug \
	55	"
	56	FILES_${PN}-staticdev += " \
	57	${libdir}/snort_dynamicengine/*.a \
	58	${libdir}/snort_dynamicpreprocessor/*.a \
	59	${libdir}/snort_dynamicrules/*.a \
	60	${libdir}/snort/dynamic_preproc/*.a \
	61	${libdir}/snort/dynamic_output/*.a \
	62	"
	63	FILES_${PN}-dev += " \
	64	${libdir}/snort_dynamicengine/*.la \
	65	${libdir}/snort_dynamicpreprocessor/*.la \
	66	${libdir}/snort_dynamicrules/*.la \
	67	${libdir}/snort_dynamicengine/*.so \
	68	${libdir}/snort_dynamicpreprocessor/*.so \
	69	${libdir}/snort_dynamicrules/*.so \
	70	${prefix}/src/snort_dynamicsrc \
	71	"
	72
	73	RRECOMMENDS_${PN} += "barnyard2"