1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=snort3
PKG_VERSION:=3.1.84.0
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/snort3/snort3
PKG_MIRROR_HASH:=ffa69fdd95c55a943ab4dd782923caf31937dd8ad29e202d7fe781373ed84444
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>, John Audia <therealgraysky@proton.me>
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:snort:snort
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/snort3
SUBMENU:=Firewall
SECTION:=net
CATEGORY:=Network
DEPENDS:= \
+(TARGET_x86||TARGET_x86_64):hyperscan-runtime \
+(TARGET_x86||TARGET_x86_64):gperftools-runtime \
+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre +libpthread \
+libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \
+kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci
TITLE:=Lightweight Network Intrusion Detection System
URL:=http://www.snort.org/
MENU:=1
endef
define Package/snort3/description
Snort is an open source network intrusion detection and prevention system.
It is capable of performing real-time traffic analysis, alerting, blocking
and packet logging on IP networks. It utilizes a combination of protocol
analysis and pattern matching in order to detect anomalies, misuse and
attacks.
endef
# Hyperscan and gperftools only builds for x86
ifdef CONFIG_TARGET_x86_64
CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs \
-DENABLE_TCMALLOC=ON \
-DTCMALLOC_LIBRARIES=$(STAGING_DIR)/usr/lib/libtcmalloc.so
endif
CMAKE_OPTIONS += \
-DUSE_TIRPC:BOOL=YES \
-DENABLE_STATIC_DAQ:BOOL=NO \
-DDAQ_INCLUDE_DIR=$(STAGING_DIR)/usr/include/daq3 \
-DDAQ_LIBRARIES_DIR_HINT:PATH=$(STAGING_DIR)/usr/lib/daq3 \
-DFLEX_INCLUDES:PATH=$(STAGING_DIR_HOST)/include \
-DENABLE_COREFILES:BOOL=NO \
-DENABLE_GDB:BOOL=NO \
-DMAKE_DOC:BOOL=NO \
-DMAKE_HTML_DOC:BOOL=NO \
-DMAKE_PDF_DOC:BOOL=NO \
-DMAKE_TEXT_DOC:BOOL=NO \
-DHAVE_LIBUNWIND=OFF \
-DHAVE_LZMA=ON
TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 -I$(STAGING_DIR)/usr/include/tirpc
TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/daq3 -ltirpc
define Package/snort3/conffiles
/etc/config/snort
/etc/snort/
endef
define Package/snort3/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) \
$(PKG_INSTALL_DIR)/usr/bin/snort \
$(1)/usr/bin/
$(INSTALL_BIN) \
$(PKG_INSTALL_DIR)/usr/bin/snort2lua \
$(1)/usr/bin/
$(INSTALL_BIN) \
$(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \
$(1)/usr/bin/
$(INSTALL_BIN) \
./files/snort-{mgr,rules} \
$(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/lib/snort
$(CP) \
$(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_hext.so \
$(1)/usr/lib/snort/
$(CP) \
$(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_file.so \
$(1)/usr/lib/snort/
$(INSTALL_DIR) $(1)/usr/share/lua
$(CP) \
$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \
$(1)/usr/share/lua/
$(INSTALL_DIR) $(1)/usr/share/snort
$(INSTALL_CONF) \
./files/main.uc \
$(1)/usr/share/snort/
$(INSTALL_DIR) $(1)/usr/share/snort/templates
$(INSTALL_CONF) \
./files/nftables.uc \
$(1)/usr/share/snort/templates/
$(INSTALL_CONF) \
./files/snort.uc \
$(1)/usr/share/snort/templates/
$(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules}
$(INSTALL_CONF) \
$(PKG_INSTALL_DIR)/usr/etc/snort/*.lua \
$(1)/etc/snort
$(INSTALL_CONF) \
$(PKG_INSTALL_DIR)/usr/etc/snort/file_magic.rules \
$(1)/etc/snort
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) \
./files/snort.init \
$(1)/etc/init.d/snort
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) \
./files/snort.config \
$(1)/etc/config/snort
sed \
-i \
-e "/^-- HOME_NET and EXTERNAL_NET/ i -- The values for the two variables HOME_NET and EXTERNAL_NET have been" \
-e "/^-- HOME_NET and EXTERNAL_NET/ i -- moved to /etc/config/snort, so do not modify them here without good" \
-e "/^-- HOME_NET and EXTERNAL_NET/ i -- reason.\n" \
-e 's/^\(HOME_NET\s\+=\)/--\1/g' \
-e 's/^\(EXTERNAL_NET\s\+=\)/--\1/g' \
$(1)/etc/snort/snort.lua
sed \
-i -e "s/^\\(RULE_PATH\\s\\+=\\).*/\\1 'rules'/g" \
-e "s/^\\(BUILTIN_RULE_PATH\\s\\+=\\).*/\\1 'builtin_rules'/g" \
-e "s/^\\(PLUGIN_RULE_PATH\\s\\+=\\).*/\\1 'so_rules'/g" \
-e "s/^\\(WHITE_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
-e "s/^\\(BLACK_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
$(1)/etc/snort/snort_defaults.lua
endef
$(eval $(call BuildPackage,snort3))
|