- add a "prelude" flavor, snort can be used as a sensor by prelude.

- bump PKGNAME . inputs & ok alek@, "I have no problem with this" david@
2006-06-28 19:27:42 +00:00 · 2006-06-28 19:27:42 +00:00 · 65998b2aa0
commit 65998b2aa0
parent 6069cf2394
3 changed files with 36 additions and 2 deletions
--- a/net/snort/Makefile
+++ b/net/snort/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.45 2006/06/08 20:25:53 david Exp $
+# $OpenBSD: Makefile,v 1.46 2006/06/28 19:27:42 aanriot Exp $

 COMMENT=	"highly flexible sniffer/NIDS"

 DISTNAME=	snort-2.4.5
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	net security
 MASTER_SITES=	${HOMEPAGE}/dl/current/

@ -25,7 +26,7 @@ LIB_DEPENDS=     pcre::devel/pcre
 CFLAGS+=	-O0
 .endif

-FLAVORS=	postgresql mysql flexresp
+FLAVORS=	postgresql mysql flexresp prelude
 FLAVOR?=	

 .if ${FLAVOR:L:Mflexresp}
@ -47,6 +48,14 @@ CONFIGURE_ARGS+= --with-mysql="${LOCALBASE}"
 WANTLIB+=	z
 .endif

+.if ${FLAVOR:L:Mprelude}
+MODULES=	devel/gettext
+WANTLIB+=	gcrypt gpg-error pthread z
+LIB_DEPENDS+=	prelude.8::security/prelude/libprelude
+CONFIGURE_ARGS+=--enable-prelude
+MESSAGE=	${PKGDIR}/MESSAGE-prelude
+.endif
+
 CONFIGS=	classification.config gen-msg.map generators reference.config \
 		sid sid-msg.map snort.conf threshold.conf unicode.map

--- a/net/snort/pkg/DESCR
+++ b/net/snort/pkg/DESCR
@ -17,3 +17,4 @@ Available flavors:
 	postgresql - enable postgresql database logging support
 	mysql	   - enable mysql database logging support
 	flexresp   - enable dynamic connection killing support
+	prelude	   - enable prelude-ids support
--- a/net/snort/pkg/MESSAGE-prelude
+++ b/net/snort/pkg/MESSAGE-prelude
@ -0,0 +1,24 @@
+An up-to-date set of rules is needed for Snort to be useful as an IDS.
+These can be downloaded manually or net/oinkmaster can be used to
+download the latest rules from several different sources.
+
+It is recommended that snort be run as an unprivileged chrooted user.
+An _snort user/group and log directory has been created for this
+purpose.  You should start snort with the following options to take
+advantage of this:
+        -u _snort -g _snort -t /var/snort
+and if you want to log:
+        -l /var/snort/log
+
+To start with snort as sensor for prelude, you have to create a
+starting profile, e.g. "snort" by running on the manager side:
+
+# prelude-adduser registration-server prelude-manager --uid=564 --gid=564
+
+and on the sensor side:
+
+# prelude-adduser register snort "idmef:w" \
+	<manager address> --uid 557 --gid 557
+
+Then, fill in the prelude section in ${SYSCONFDIR}/snort/snort.conf
+before starting snort.