From 1aea35ae9bc71d2d2661749b7bbdd555983a4138 Mon Sep 17 00:00:00 2001 From: jasper Date: Thu, 10 Mar 2011 13:42:30 +0000 Subject: [PATCH] import snort2pf 4.5 Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the "naughty" hosts for a given amount of time using pfctl. feedback/ok aja@ --- security/snort2pf/Makefile | 32 +++++++++++++++++++++++++++++++ security/snort2pf/distinfo | 5 +++++ security/snort2pf/pkg/DESCR | 2 ++ security/snort2pf/pkg/PLIST | 6 ++++++ security/snort2pf/pkg/README | 15 +++++++++++++++ security/snort2pf/pkg/snort2pf.rc | 14 ++++++++++++++ 6 files changed, 74 insertions(+) create mode 100644 security/snort2pf/Makefile create mode 100644 security/snort2pf/distinfo create mode 100644 security/snort2pf/pkg/DESCR create mode 100644 security/snort2pf/pkg/PLIST create mode 100644 security/snort2pf/pkg/README create mode 100644 security/snort2pf/pkg/snort2pf.rc diff --git a/security/snort2pf/Makefile b/security/snort2pf/Makefile new file mode 100644 index 00000000000..9ce286cfe48 --- /dev/null +++ b/security/snort2pf/Makefile @@ -0,0 +1,32 @@ +# $OpenBSD: Makefile,v 1.1.1.1 2011/03/10 13:42:30 jasper Exp $ + +COMMENT= block "nasty" hosts with pf(4) based on Snort's rules + +DISTNAME= snort2pf-4.5 +CATEGORIES= security net + +HOMEPAGE= http://sourceforge.net/projects/snort2pf/ + +# BSD +PERMIT_DISTFILES_FTP= Yes +PERMIT_DISTFILES_CDROM= Yes +PERMIT_PACKAGE_FTP= Yes +PERMIT_PACKAGE_CDROM= Yes + +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=snort2pf/} + +PKG_ARCH= * +NO_BUILD= Yes +NO_REGRESS= Yes + +RUN_DEPENDS= net/p5-Net-Patricia + +do-configure: + @perl -pi -e 's,/usr/local,${TRUEPREFIX},g' \ + ${WRKSRC}/snort2pf.8 + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/snort2pf{,mon} ${PREFIX}/sbin/ + ${INSTALL_MAN} ${WRKSRC}/*.8 ${PREFIX}/man/man8/ + +.include diff --git a/security/snort2pf/distinfo b/security/snort2pf/distinfo new file mode 100644 index 00000000000..15c8fa44f1c --- /dev/null +++ b/security/snort2pf/distinfo @@ -0,0 +1,5 @@ +MD5 (snort2pf-4.5.tar.gz) = ShR4yY7z4COuWSCW4j8mTw== +RMD160 (snort2pf-4.5.tar.gz) = CkT54bXNpbUkzfMs7gBK+7VP+Tw= +SHA1 (snort2pf-4.5.tar.gz) = 2KHP8Imugsf7jihsDtr/EMKlEVQ= +SHA256 (snort2pf-4.5.tar.gz) = Gk9MbY23g5LADSY9LS9gBCCOVrAv3io5URPGn263JII= +SIZE (snort2pf-4.5.tar.gz) = 11283 diff --git a/security/snort2pf/pkg/DESCR b/security/snort2pf/pkg/DESCR new file mode 100644 index 00000000000..8c170ec5179 --- /dev/null +++ b/security/snort2pf/pkg/DESCR @@ -0,0 +1,2 @@ +Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks +the "naughty" hosts for a given amount of time using pfctl. diff --git a/security/snort2pf/pkg/PLIST b/security/snort2pf/pkg/PLIST new file mode 100644 index 00000000000..1be87e051c6 --- /dev/null +++ b/security/snort2pf/pkg/PLIST @@ -0,0 +1,6 @@ +@comment $OpenBSD: PLIST,v 1.1.1.1 2011/03/10 13:42:30 jasper Exp $ +@man man/man8/snort2pf.8 +@man man/man8/snort2pfmon.8 +sbin/snort2pf +sbin/snort2pfmon +@rcscript ${RCDIR}/snort2pf diff --git a/security/snort2pf/pkg/README b/security/snort2pf/pkg/README new file mode 100644 index 00000000000..49459fa71c7 --- /dev/null +++ b/security/snort2pf/pkg/README @@ -0,0 +1,15 @@ +$OpenBSD: README,v 1.1.1.1 2011/03/10 13:42:30 jasper Exp $ + +Running snort2pf on OpenBSD +============================== + +Adjusting pf.conf(5) +-------------------- +In order to make use of snort2pf, one must add an anchor for in your pf.conf(5) +file, like: + + anchor snort2pf + +Or you can use a table, which is allows for more flexibility: + + block in quick from diff --git a/security/snort2pf/pkg/snort2pf.rc b/security/snort2pf/pkg/snort2pf.rc new file mode 100644 index 00000000000..574caf2f1cb --- /dev/null +++ b/security/snort2pf/pkg/snort2pf.rc @@ -0,0 +1,14 @@ +#!/bin/sh +# +# $OpenBSD: snort2pf.rc,v 1.1.1.1 2011/03/10 13:42:30 jasper Exp $ + +daemon="${TRUEPREFIX}/sbin/snort2pf" + +. /etc/rc.d/rc.subr + +pexp="perl: snort2pf" + +rc_bg=YES +rc_reload=NO + +rc_cmd $1