--- /dev/null
+#!/bin/sh -e
+#
+# Init.d script for Snort in OpenEmbedded, based on Debian's script
+#
+# Copyright (c) 2009 Roman I Khimov <khimov@altell.ru>
+#
+# Copyright (c) 2001 Christian Hammers
+# Copyright (c) 2001-2002 Robert van der Meulen
+# Copyright (c) 2002-2004 Sander Smeenk <ssmeenk@debian.org>
+# Copyright (c) 2004-2007 Javier Fernandez-Sanguino <jfs@debian.org>
+#
+# This is free software; you may redistribute it and/or modify
+# it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2,
+# or (at your option) any later version.
+#
+# This is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License with
+# the Debian operating system, in /usr/share/common-licenses/GPL; if
+# not, write to the Free Software Foundation, Inc., 59 Temple Place,
+# Suite 330, Boston, MA 02111-1307 USA
+#
+### BEGIN INIT INFO
+# Provides: snort
+# Required-Start: $time $network $local_fs
+# Required-Stop:
+# Should-Start: $syslog
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Lightweight network intrusion detection system
+# Description: Intrusion detection system that will
+# capture traffic from the network cards and will
+# match against a set of known attacks.
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
+
+DAEMON=/usr/bin/snort
+NAME=snort
+DESC="Network Intrusion Detection System"
+
+. /etc/default/snort
+COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP"
+
+test -x $DAEMON || exit 0
+test -z "$LOCAL_SNORT_HOME_NET" && LOCAL_SNORT_HOME_NET="192.168.0.0/16"
+
+# to find the lib files
+cd /etc/snort
+
+running()
+{
+ PIDFILE=$1
+# No pidfile, probably no daemon present
+ [ ! -f "$PIDFILE" ] && return 1
+ pid=`cat $PIDFILE`
+# No pid, probably no daemon present
+ [ -z "$pid" ] && return 1
+ [ ! -d /proc/$pid ] && return 1
+ cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
+# No daemon
+ [ "$cmd" != "$DAEMON" ] && return 1
+ return 0
+}
+
+
+check_log_dir() {
+# Does the logging directory belong to Snort?
+ # If we cannot determine the logdir return without error
+ # (we will not check it)
+ # This will only be used by people using /etc/default/snort
+ [ -n "$LOGDIR" ] || return 0
+ [ -n "$SNORTUSER" ] || return 0
+ if [ ! -e "$LOGDIR" ] ; then
+ echo "ERR: logging directory $LOGDIR does not exist"
+ return 1
+ elif [ ! -d "$LOGDIR" ] ; then
+ echo "ERR: logging directory $LOGDIR does not exist"
+ return 1
+ else
+ # Don't worry, be happy
+ true
+ fi
+ return 0
+}
+
+check_root() {
+ if [ "$(id -u)" != "0" ]; then
+ echo "You must be root to start, stop or restart $NAME."
+ exit 4
+ fi
+}
+
+case "$1" in
+ start)
+ check_root
+ echo "Starting $DESC " "$NAME"
+
+ if [ -e /etc/snort/db-pending-config ] ; then
+ echo "/etc/snort/db-pending-config file found"
+ echo "Snort will not start as its database is not yet configured."
+ echo "Please configure the database as described in"
+ echo "/usr/share/doc/snort-{pgsql,mysql}/README-database.Debian"
+ echo "and remove /etc/snort/db-pending-config"
+ exit 6
+ fi
+
+ if ! check_log_dir; then
+ echo " will not start $DESC!"
+ exit 5
+ fi
+ if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then
+ shift
+ set +e
+ /etc/ppp/ip-up.d/snort "$@"
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo 0
+ else
+ echo 1
+ fi
+ exit $ret
+ fi
+
+ # Usually, we start all interfaces
+ interfaces="$LOCAL_SNORT_INTERFACE"
+
+ # If we are requested to start a specific interface...
+ test "$2" && interfaces="$2"
+
+ # If the interfaces list is empty stop (no error)
+ if [ -z "$interfaces" ] ; then
+ echo "no interfaces configured, will not start"
+ echo 0
+ exit 0
+ fi
+
+ myret=0
+ got_instance=0
+ for interface in $interfaces; do
+ got_instance=1
+ echo "($interface"
+
+ # Check if the interface is available:
+ # - only if iproute is available
+ # - the interface exists
+ # - the interface is up
+ if ! [ -x /sbin/ip ] || ( ip link show dev "$interface" >/dev/null 2>&1 && [ -n "`ip link show up "$interface" 2>/dev/null`" ] ) ; then
+
+ PIDFILE=/var/run/snort_$interface.pid
+ CONFIGFILE=/etc/snort/snort.$interface.conf
+
+ # Defaults:
+ fail="failed (check /var/log/syslog and /var/log/snort)"
+ run="yes"
+
+ if [ -e "$PIDFILE" ] && running $PIDFILE; then
+ run="no"
+ # Do not start this instance, it is already runing
+ fi
+
+ if [ "$run" = "yes" ] ; then
+ if [ ! -e "$CONFIGFILE" ]; then
+ echo "no /etc/snort/snort.$interface.conf found, defaulting to snort.conf"
+ CONFIGFILE=/etc/snort/snort.conf
+ fi
+
+ set +e
+ /sbin/start-stop-daemon --start --quiet \
+ --pidfile "$PIDFILE" \
+ --exec $DAEMON -- $COMMON $LOCAL_SNORT_OPTIONS \
+ -c $CONFIGFILE \
+ -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \
+ -i $interface >/dev/null
+ ret=$?
+ case "$ret" in
+ 0)
+ echo "...done)"
+ ;;
+ *)
+ echo "...ERROR: $fail)"
+ myret=$(expr "$myret" + 1)
+ ;;
+ esac
+ set -e
+ else
+ echo "...already running)"
+ fi
+
+ else
+ # What to do if the interface is not available
+ # or is not up
+ if [ "$ALLOW_UNAVAILABLE" != "no" ] ; then
+ echo "...interface not available)"
+ else
+ echo "...ERROR: interface not available)"
+ myret=$(expr "$myret" + 1)
+ fi
+ fi
+ done
+
+ if [ "$got_instance" = 0 ] && [ "$ALLOW_UNAVAILABLE" = "no" ]; then
+ echo "No snort instance found to be started!" >&2
+ exit 6
+ fi
+
+ if [ $myret -eq 0 ] ; then
+ echo 0
+ else
+ echo 1
+ fi
+ exit $myret
+ ;;
+ stop)
+ check_root
+ echo "Stopping $DESC " "$NAME"
+
+ if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then
+ shift
+ set +e
+ /etc/ppp/ip-down.d/snort "$@"
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo 0
+ else
+ echo 1
+ fi
+ exit $ret
+ fi
+
+ # Usually, we stop all current running interfaces
+ pidpattern=/var/run/snort_*.pid
+
+ # If we are requested to stop a specific interface...
+ test "$2" && pidpattern=/var/run/snort_"$2".pid
+
+ got_instance=0
+ myret=0
+ for PIDFILE in $pidpattern; do
+ # This check is also needed, if the above pattern doesn't match
+ test -f "$PIDFILE" || continue
+
+ got_instance=1
+ interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
+
+ echo "($interface"
+
+ set +e
+ if [ ! -e "$PIDFILE" -o -r "$PIDFILE" ] ; then
+# Change ownership of the pidfile
+ /sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
+ --pidfile "$PIDFILE" --exec $DAEMON >/dev/null
+ ret=$?
+ rm -f "$PIDFILE"
+ rm -f "$PIDFILE.lck"
+ else
+ echo "cannot read $PIDFILE"
+ ret=4
+ fi
+ case "$ret" in
+ 0)
+ echo "...done)"
+ ;;
+ *)
+ echo "...ERROR)"
+ myret=$(expr "$myret" + 1)
+ ;;
+ esac
+ set -e
+
+ done
+
+ if [ "$got_instance" = 0 ]; then
+ log_warning_msg "No running snort instance found"
+ exit 0 # LSB demands we don't exit with error here
+ fi
+ if [ $myret -eq 0 ] ; then
+ echo 0
+ else
+ echo 1
+ fi
+ exit $myret
+ ;;
+ restart|force-restart|reload|force-reload)
+ check_root
+ # Usually, we restart all current running interfaces
+ pidpattern=/var/run/snort_*.pid
+
+ # If we are requested to restart a specific interface...
+ test "$2" && pidpattern=/var/run/snort_"$2".pid
+
+ got_instance=0
+ for PIDFILE in $pidpattern; do
+ # This check is also needed, if the above pattern doesn't match
+ test -f "$PIDFILE" || continue
+
+ got_instance=1
+ interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
+ $0 stop $interface || true
+ $0 start $interface || true
+ done
+
+ if [ "$got_instance" = 0 ]; then
+ echo "No snort instance found to be stopped!" >&2
+ exit 6
+ fi
+ ;;
+ status)
+# Non-root users can use this (if allowed to)
+ echo "Status of snort daemon(s)"
+ interfaces="$LOCAL_SNORT_INTERFACE"
+ # If we are requested to check for a specific interface...
+ test "$2" && interfaces="$2"
+ err=0
+ pid=0
+ for interface in $interfaces; do
+ echo " $interface "
+ pidfile=/var/run/snort_$interface.pid
+ if [ -f "$pidfile" ] ; then
+ if [ -r "$pidfile" ] ; then
+ pidval=`cat $pidfile`
+ pid=$(expr "$pid" + 1)
+ if ps -p $pidval | grep -q snort; then
+ echo "OK"
+ else
+ echo "ERROR"
+ err=$(expr "$err" + 1)
+ fi
+ else
+ echo "ERROR: cannot read status file"
+ err=$(expr "$err" + 1)
+ fi
+ else
+ echo "ERROR"
+ err=$(expr "$err" + 1)
+ fi
+ done
+ if [ $err -ne 0 ] ; then
+ if [ $pid -ne 0 ] ; then
+# More than one case where pidfile exists but no snort daemon
+# LSB demands a '1' exit value here
+ echo 1
+ exit 1
+ else
+# No pidfiles at all
+# LSB demands a '3' exit value here
+ echo 3
+ exit 3
+ fi
+ fi
+ echo 0
+ ;;
+ config-check)
+ echo "Checking $DESC configuration"
+ if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then
+ echo "Config-check is currently not supported for snort in Dialup configuration"
+ echo 3
+ exit 3
+ fi
+
+ # usually, we test all interfaces
+ interfaces="$LOCAL_SNORT_INTERFACE"
+ # if we are requested to test a specific interface...
+ test "$2" && interfaces="$2"
+
+ myret=0
+ got_instance=0
+ for interface in $interfaces; do
+ got_instance=1
+ echo "interface $interface"
+
+ CONFIGFILE=/etc/snort/snort.$interface.conf
+ if [ ! -e "$CONFIGFILE" ]; then
+ CONFIGFILE=/etc/snort/snort.conf
+ fi
+ COMMON=`echo $COMMON | sed -e 's/-D//'`
+ set +e
+ fail="INVALID"
+ if [ -r "$CONFIGFILE" ]; then
+ $DAEMON -T $COMMON $LOCAL_SNORT_OPTIONS \
+ -c $CONFIGFILE \
+ -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \
+ -i $interface >/dev/null 2>&1
+ ret=$?
+ else
+ fail="cannot read $CONFIGFILE"
+ ret=4
+ fi
+ set -e
+
+ case "$ret" in
+ 0)
+ echo "OK"
+ ;;
+ *)
+ echo "$fail"
+ myret=$(expr "$myret" + 1)
+ ;;
+ esac
+ done
+ if [ "$got_instance" = 0 ]; then
+ echo "no snort instance found to be started!" >&2
+ exit 6
+ fi
+
+ if [ $myret -eq 0 ] ; then
+ echo 0
+ else
+ echo 1
+ fi
+ exit $myret
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-restart|reload|force-reload|status|config-check}"
+ exit 1
+ ;;
+esac
+exit 0
DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
HOMEPAGE = "http://www.snort.org/"
LICENSE = "GPL"
-DEPENDS = "libpcap libnet libpcre"
-RDEPENDS_${PN} = "libpcap libnet libpcre barnyard"
+DEPENDS = "libpcap libpcre libprelude"
-PR = "r2"
+PR = "r3"
SRC_URI = " ${GENTOO_MIRROR}/${P}.tar.gz;name=tarball \
file://snort.fix.configure.in.HACK;apply=yes \
+ file://snort.init \
+ file://default \
+ file://logrotate \
+ file://volatiles \
"
SRC_URI[tarball.md5sum] = "ef02aaad54746603f2cb3236fe962128"
SRC_URI[tarball.sha256sum] = "a7d9eb16427514d00926e9892c4a92b6ff1fd0f79555d8f8dce91dfa14112e6a"
#snort does not like parallel make!
PARALLEL_MAKE = ""
+EXTRA_OECONF = " \
+ --enable-decoder-preprocessor-rules \
+ --enable-gre \
+ --enable-linux-smp-stats \
+ --enable-prelude \
+ --enable-reload \
+ --enable-reload-error-restart \
+ --enable-targetbased \
+ "
inherit autotools pkgconfig
sed -i -e 's:-Wl,-rpath-link,${STAGING_LIBDIR}::g' -e 's:-isystem${STAGING_INCDIR}::g' snort.pc
}
+do_install_append() {
+ install -d ${D}/${sysconfdir}/snort/rules
+ install -d ${D}/${sysconfdir}/snort/preproc_rules
+ install -d ${D}/${sysconfdir}/default/volatiles
+ mkdir -p ${D}/${sysconfdir}/init.d
+ for i in map config conf dtd; do
+ cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
+ done
+ cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
+ install -m 0644 ${WORKDIR}/default ${D}/${sysconfdir}/default/snort
+ install -m 0644 ${WORKDIR}/volatiles ${D}/${sysconfdir}/default/volatiles/snort
+ install -m 0755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort
+ mkdir -p ${D}/${localstatedir}/log/snort
+ install -d ${D}${sysconfdir}/logrotate.d
+ install -m 0644 ${WORKDIR}/logrotate ${D}${sysconfdir}/logrotate.d/snort
+}
+
+pkg_postinst_${PN}() {
+ grep -q ^snort: /etc/group || addgroup snort
+ grep -q ^snort: /etc/passwd || \
+ adduser --disabled-password --home=/var/log/snort/ --system \
+ --ingroup snort --no-create-home -g "snort" snort
+ ${sysconfdir}/init.d/populate-volatile.sh update
+}
+
+PACKAGES =+ "${PN}-logrotate"
+FILES_${PN}-logrotate = "${sysconfdir}/logrotate.d/snort"
+FILES_${PN} += " \
+ ${libdir}/snort_dynamicengine/*.so.* \
+ ${libdir}/snort_dynamicpreprocessor/*.so.* \
+ ${libdir}/snort_dynamicrules/*.so.* \
+ "
+FILES_${PN}-dbg += " \
+ ${libdir}/snort_dynamicengine/.debug \
+ ${libdir}/snort_dynamicpreprocessor/.debug \
+ ${libdir}/snort_dynamicrules/.debug \
+ "
+FILES_${PN}-static += " \
+ ${libdir}/snort_dynamicengine/*.a \
+ ${libdir}/snort_dynamicpreprocessor/*.a \
+ ${libdir}/snort_dynamicrules/*.a \
+ "
+FILES_${PN}-dev += " \
+ ${libdir}/snort_dynamicengine/*.la \
+ ${libdir}/snort_dynamicpreprocessor/*.la \
+ ${libdir}/snort_dynamicrules/*.la \
+ ${libdir}/snort_dynamicengine/*.so \
+ ${libdir}/snort_dynamicpreprocessor/*.so \
+ ${libdir}/snort_dynamicrules/*.so \
+ ${prefix}/src/snort_dynamicsrc \
+ "
+
+RRECOMMENDS_${PN} += "${PN}-logrotate"
+RRECOMMENDS_${PN} += "barnyard"
+RSUGGESTS_${PN}-logrotate += "logrotate"
git.openpandora.org / openembedded.git / commitdiff