Update for Suricata to 4.1.2

Now include suricata-update https://github.com/OISF/suricata/releases OK jasper@
2019-02-12 09:27:16 +00:00 · 2019-02-12 09:27:16 +00:00 · c1c4769833
commit c1c4769833
parent e5591ce1c8
6 changed files with 171 additions and 82 deletions
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@ -1,11 +1,10 @@
-# $OpenBSD: Makefile,v 1.8 2018/09/04 12:46:21 espie Exp $
+# $OpenBSD: Makefile,v 1.9 2019/02/12 09:27:16 gonzalo Exp $

 COMMENT =	high performance network IDS, IPS and security monitoring

-DISTNAME =	suricata-4.0.5
+DISTNAME =	suricata-4.1.2
 CATEGORIES =	security
 SHARED_LIBS +=  htp                       0.0 # 2.0
-REVISION =	0

 HOMEPAGE =	https://suricata-ids.org/

@ -22,7 +21,8 @@ WANTLIB += pcre plc4 plds4 pthread smime3 ssl3 yaml-0 z

 MODULES =	lang/python

-BUILD_DEPENDS =	textproc/py-sphinx
+BUILD_DEPENDS = textproc/py-sphinx \
+		textproc/py-yaml

 LIB_DEPENDS =	converters/libiconv \
 		devel/jansson \
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@ -1,2 +1,2 @@
-SHA256 (suricata-4.0.5.tar.gz) = dNrLQ1nVf700UuOE7usd13tq4A8C6ZlK1ae0YdX0xsI=
-SIZE (suricata-4.0.5.tar.gz) = 12494906
+SHA256 (suricata-4.1.2.tar.gz) = c1dbBBpQzEiipT9lA6tNNVFm16y9SZfNBARfhI+L6pY=
+SIZE (suricata-4.1.2.tar.gz) = 15602689
--- a/security/suricata/patches/patch-suricata-update_suricata_update_config_py
+++ b/security/suricata/patches/patch-suricata-update_suricata_update_config_py
@ -0,0 +1,15 @@
+$OpenBSD: patch-suricata-update_suricata_update_config_py,v 1.1 2019/02/12 09:27:16 gonzalo Exp $
+
+Index: suricata-update/suricata/update/config.py
+--- suricata-update/suricata/update/config.py.orig
+++ suricata-update/suricata/update/config.py
+@@ -215,8 +215,7 @@ def init(args):
+         # Set the data-directory prefix to that of the --localstatedir
+         # found in the build-info.
+         if not DATA_DIRECTORY_KEY in _config and "localstatedir" in build_info:
+-            data_directory = os.path.join(
+-                build_info["localstatedir"], "lib/suricata")
+            data_directory = "/var/suricata"
+             logger.info("Using data-directory %s.", data_directory)
+             _config[DATA_DIRECTORY_KEY] = data_directory
+ 
--- a/security/suricata/patches/patch-suricata_yaml_in
+++ b/security/suricata/patches/patch-suricata_yaml_in
@ -1,69 +1,20 @@
-$OpenBSD: patch-suricata_yaml_in,v 1.1.1.1 2018/02/15 08:30:08 gonzalo Exp $
+$OpenBSD: patch-suricata_yaml_in,v 1.2 2019/02/12 09:27:16 gonzalo Exp $

 Remove rules files not present by default.

 Index: suricata.yaml.in
 --- suricata.yaml.in.orig
 +++ suricata.yaml.in
-@@ -51,61 +51,18 @@ vars:
+@@ -1845,9 +1845,21 @@ mpipe:
+ ## file configuration".
+ ##
 
- default-rule-path: @e_sysconfdir@rules
- rule-files:
- - botcc.rules
- # - botcc.portgrouped.rules
- - ciarmy.rules
- - compromised.rules
- - drop.rules
- - dshield.rules
-# - emerging-activex.rules
- - emerging-attack_response.rules
- - emerging-chat.rules
- - emerging-current_events.rules
- - emerging-dns.rules
- - emerging-dos.rules
- - emerging-exploit.rules
- - emerging-ftp.rules
-# - emerging-games.rules
-# - emerging-icmp_info.rules
-# - emerging-icmp.rules
- - emerging-imap.rules
-# - emerging-inappropriate.rules
-# - emerging-info.rules
- - emerging-malware.rules
- - emerging-misc.rules
- - emerging-mobile_malware.rules
- - emerging-netbios.rules
- - emerging-p2p.rules
- - emerging-policy.rules
- - emerging-pop3.rules
- - emerging-rpc.rules
-# - emerging-scada.rules
-# - emerging-scada_special.rules
- - emerging-scan.rules
-# - emerging-shellcode.rules
- - emerging-smtp.rules
- - emerging-snmp.rules
- - emerging-sql.rules
- - emerging-telnet.rules
- - emerging-tftp.rules
- - emerging-trojan.rules
- - emerging-user_agents.rules
- - emerging-voip.rules
- - emerging-web_client.rules
- - emerging-web_server.rules
-# - emerging-web_specific_apps.rules
- - emerging-worm.rules
- - tor.rules
-# - decoder-events.rules # available in suricata sources under rules dir
-# - stream-events.rules  # available in suricata sources under rules dir
- - http-events.rules    # available in suricata sources under rules dir
- - smtp-events.rules    # available in suricata sources under rules dir
- - dns-events.rules     # available in suricata sources under rules dir
- - tls-events.rules     # available in suricata sources under rules dir
-# - modbus-events.rules  # available in suricata sources under rules dir
-# - app-layer-events.rules  # available in suricata sources under rules dir
-# - dnp3-events.rules       # available in suricata sources under rules dir
-# - ntp-events.rules       # available in suricata sources under rules dir
+-@no_suricata_update_comment@default-rule-path: @e_defaultruledir@
+-@no_suricata_update_comment@rule-files:
+-@no_suricata_update_comment@ - suricata.rules
+default-rule-path: @e_sysconfdir@rules
+rule-files:
+
 +  - app-layer-events.rules
 +  - decoder-events.rules
 +  #- dnp3-events.rules
@ -77,5 +28,5 @@ Index: suricata.yaml.in
 +  - stream-events.rules
 +  - tls-events.rules
 
- classification-file: @e_sysconfdir@classification.config
- reference-config-file: @e_sysconfdir@reference.config
+ ##
+ ## Advanced rule file configuration.
--- a/security/suricata/pkg/PLIST
+++ b/security/suricata/pkg/PLIST
@ -1,8 +1,12 @@
-@comment $OpenBSD: PLIST,v 1.4 2018/09/04 12:46:21 espie Exp $
+@comment $OpenBSD: PLIST,v 1.5 2019/02/12 09:27:16 gonzalo Exp $
+@conflict suricata-update-*
+@pkgpath security/suricata-update
@newgroup _suricata:800
@newuser _suricata:800:_suricata:daemon:Suricata Account:/nonexistent:/sbin/nologin
@rcscript ${RCDIR}/suricata
@bin bin/suricata
+bin/suricata-update
+bin/suricatactl
 bin/suricatasc
 include/htp/
 include/htp/bstr.h
@ -25,12 +29,107 @@ lib/libhtp.a
 lib/libhtp.la
@lib lib/libhtp.so.${LIBhtp_VERSION}
 lib/pkgconfig/htp.pc
+lib/python${MODPY_VERSION}/site-packages/suricata/
+lib/python${MODPY_VERSION}/site-packages/suricata-4.1.2-py${MODPY_VERSION}.egg-info
+lib/python${MODPY_VERSION}/site-packages/suricata/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/config/
+lib/python${MODPY_VERSION}/site-packages/suricata/config/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/config/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/config/defaults.py
+lib/python${MODPY_VERSION}/site-packages/suricata/config/defaults.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/filestore.py
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/filestore.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/loghandler.py
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/loghandler.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/main.py
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/main.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/test_filestore.py
+lib/python${MODPY_VERSION}/site-packages/suricata/ctl/test_filestore.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/sc/
+lib/python${MODPY_VERSION}/site-packages/suricata/sc/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/sc/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/sc/suricatasc.py
+lib/python${MODPY_VERSION}/site-packages/suricata/sc/suricatasc.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/
+lib/python${MODPY_VERSION}/site-packages/suricata/update/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/addsource.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/addsource.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/disablesource.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/disablesource.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/enablesource.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/enablesource.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/listenabledsources.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/listenabledsources.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/listsources.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/listsources.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/removesource.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/removesource.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/updatesources.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/commands/updatesources.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/argparse/
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/argparse/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/argparse/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/argparse/argparse.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/argparse/argparse.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/ordereddict.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/compat/ordereddict.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/config.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/config.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/disable.conf
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/drop.conf
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/enable.conf
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/modify.conf
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/threshold.in
+lib/python${MODPY_VERSION}/site-packages/suricata/update/configs/update.yaml
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/__init__.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/__init__.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/index.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/index.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/update.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/data/update.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/engine.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/engine.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/exceptions.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/exceptions.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/extract.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/extract.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/loghandler.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/loghandler.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/main.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/main.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/maps.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/maps.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/net.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/net.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/notes.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/notes.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/rule.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/rule.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/sources.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/sources.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/util.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/util.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata/update/version.py
+lib/python${MODPY_VERSION}/site-packages/suricata/update/version.pyc
+lib/python${MODPY_VERSION}/site-packages/suricata_update-1.0.3-py${MODPY_VERSION}.egg-info
 lib/python${MODPY_VERSION}/site-packages/suricatasc/
-lib/python${MODPY_VERSION}/site-packages/suricatasc-0.9-py${MODPY_VERSION}.egg-info
 lib/python${MODPY_VERSION}/site-packages/suricatasc/__init__.py
 lib/python${MODPY_VERSION}/site-packages/suricatasc/__init__.pyc
-lib/python${MODPY_VERSION}/site-packages/suricatasc/suricatasc.py
-lib/python${MODPY_VERSION}/site-packages/suricatasc/suricatasc.pyc
@man man/man1/suricata.1
 share/doc/pkg-readmes/${PKGSTEM}
 share/doc/suricata/
@ -58,12 +157,15 @@ share/examples/suricata/rules/files.rules
@sample ${SYSCONFDIR}/suricata/rules/files.rules
 share/examples/suricata/rules/http-events.rules
@sample ${SYSCONFDIR}/suricata/rules/http-events.rules
+share/examples/suricata/rules/ipsec-events.rules
+share/examples/suricata/rules/kerberos-events.rules
 share/examples/suricata/rules/modbus-events.rules
@sample ${SYSCONFDIR}/suricata/rules/modbus-events.rules
 share/examples/suricata/rules/nfs-events.rules
@sample ${SYSCONFDIR}/suricata/rules/nfs-events.rules
 share/examples/suricata/rules/ntp-events.rules
@sample ${SYSCONFDIR}/suricata/rules/ntp-events.rules
+share/examples/suricata/rules/smb-events.rules
 share/examples/suricata/rules/smtp-events.rules
@sample ${SYSCONFDIR}/suricata/rules/smtp-events.rules
 share/examples/suricata/rules/stream-events.rules
@ -79,3 +181,22 @@ share/examples/suricata/threshold.config
@sample /var/suricata/
@sample /var/suricata/log/
@sample /var/log/suricata/
+@owner
+@group
+share/suricata/
+share/suricata/rules/
+share/suricata/rules/app-layer-events.rules
+share/suricata/rules/decoder-events.rules
+share/suricata/rules/dnp3-events.rules
+share/suricata/rules/dns-events.rules
+share/suricata/rules/files.rules
+share/suricata/rules/http-events.rules
+share/suricata/rules/ipsec-events.rules
+share/suricata/rules/kerberos-events.rules
+share/suricata/rules/modbus-events.rules
+share/suricata/rules/nfs-events.rules
+share/suricata/rules/ntp-events.rules
+share/suricata/rules/smb-events.rules
+share/suricata/rules/smtp-events.rules
+share/suricata/rules/stream-events.rules
+share/suricata/rules/tls-events.rules
--- a/security/suricata/pkg/README
+++ b/security/suricata/pkg/README
@ -1,4 +1,4 @@
-$OpenBSD: README,v 1.5 2018/09/04 12:46:21 espie Exp $
+$OpenBSD: README,v 1.6 2019/02/12 09:27:16 gonzalo Exp $

 +-----------------------------------------------------------------------
 | Running ${PKGSTEM} on OpenBSD
@ -36,18 +36,19 @@ every 24h.
 suricata-update
 ---------------

-The recommended new way of updating rules is with suricata-update which
-is installed with:
+suricata-update is the recommended way to install and update rules for
+suricata. By default it will download the new rules into
+${VARBASE}/suricata/rules/ .

-# pkg_add suricata-update
+Modify ${SYSCONFDIR}/suricata/suricata.yaml like this:

-Run `suricata-update` to download and install the new rules into
-${VARBASE}/suricata/rules/ . Next update the suricata configuration
-in ${SYSCONFIDR}/suricata/suricata.yaml to use these rules instead:
+    default-rule-path: ${VARBASE}/suricata/rules/
+    rule-files:
+      - suricata.rules

-default-rule-path: ${VARBASE}/suricata/rules/
-rule-files:
-    - suricata.rules
+And restart suricata:
+
+# rcctl restart suricata

 Oinkmaster
 ----------
@ -67,7 +68,8 @@ https://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

 And you can download as follow:

-# cd /etc && oinkmaster -C ${SYSCONFDIR}/oinkmaster.conf -o ${SYSCONFDIR}/suricata/rules
+# cd /etc && oinkmaster -C ${SYSCONFDIR}/oinkmaster.conf \
+	-o ${SYSCONFDIR}/suricata/rules

 Inline mode (IPS)
 ==================