security/snort/Makefile

   1 # Created by: Dirk Froemberg <dirk@FreeBSD.org>
   2 # $FreeBSD$
   3
   4 PORTNAME=       snort
   5 PORTVERSION=    2.9.6.2
   6 CATEGORIES=     security
   7 MASTER_SITES=   SF/snort/snort \
   8                 http://mirrors.rit.edu/zi/
   9
  10 PATCH_DIST_STRIP=       -p1
  11
  12 MAINTAINER=     zi@FreeBSD.org
  13 COMMENT=        Lightweight network intrusion detection system
  14
  15 LICENSE=        GPLv2
  16 LICENSE_FILE=   ${WRKSRC}/LICENSE
  17
  18 LIB_DEPENDS=    libpcre.so:${PORTSDIR}/devel/pcre \
  19                 libnet.so:${PORTSDIR}/net/libnet
  20 BUILD_DEPENDS=  daq>=2.0.0:${PORTSDIR}/net/daq
  21 RUN_DEPENDS=    daq>=2.0.0:${PORTSDIR}/net/daq
  22
  23 OPTIONS_DEFINE=         IPV6 MPLS GRE TARGETBASED ZLIB NORMALIZER REACT \
  24                         PERFPROFILE LRGPCAP SOURCEFIRE NONETHER \
  25                         DOCS
  26
  27 OPTIONS_GROUP=          ADDONS DEV
  28 OPTIONS_GROUP_ADDONS=   BARNYARD PULLEDPORK
  29 OPTIONS_GROUP_DEV=      DBGSNORT
  30
  31 OPTIONS_DEFAULT=        IPV6 MPLS GRE TARGETBASED ZLIB NORMALIZER REACT \
  32                         PERFPROFILE SOURCEFIRE PULLEDPORK \
  33                         BARNYARD
  34
  35 #FLEXRESP3_DESC=                Flexible response on events (v3)
  36 GRE_DESC=               GRE support
  37 IPV6_DESC=              IPv6 in snort.conf
  38 LRGPCAP_DESC=           Pcaps larger than 2GB
  39 NONETHER_DESC=          Non-Ethernet Decoders
  40 NORMALIZER_DESC=        Normalizer
  41 PERFPROFILE_DESC=       Performance profiling
  42 REACT_DESC=             React
  43 SOURCEFIRE_DESC=        Sourcefire-specific build options
  44 TARGETBASED_DESC=       Targetbased support
  45 ZLIB_DESC=              GZIP support
  46
  47 ADDONS_DESC=            Depend on 3rd party addons
  48 BARNYARD_DESC=          Depend on barnyard2 (supports also snortsam)
  49 PULLEDPORK_DESC=        Depend on pulledpork
  50
  51 DEV_DESC=               Developper options
  52 DBGSNORT_DESC=          Enable debugging symbols+core dumps
  53
  54 DBGSNORT_CONFIGURE_ENABLE=      corefiles debug
  55 DBGSNORT_MAKE_ENV=              DONTSTRIP="yes"
  56 #FLEXRESP3_CONFIGURE_ENABLE=    flexresp3 active-response
  57 GRE_CONFIGURE_ENABLE=           gre
  58 LRGPCAP_CONFIGURE_ENABLE=       large-pcap
  59 MPLS_CONFIGURE_ENABLE=          mpls
  60 NONETHER_CONFIGURE_ENABLE=      non-ether-decoders
  61 NORMALIZER_CONFIGURE_ENABLE=    normalizer
  62 PERFPROFILE_CONFIGURE_ENABLE=   perfprofiling ppm
  63 REACT_CONFIGURE_ENABLE=         react
  64 SOURCEFIRE_CONFIGURE_ENABLE=    sourcefire
  65 TARGETBASED_CONFIGURE_ENABLE=   targetbased
  66 ZLIB_CONFIGURE_ENABLE=          zlib
  67
  68 BARNYARD_RUN_DEPENDS=   barnyard2:${PORTSDIR}/security/barnyard2
  69 PULLEDPORK_RUN_DEPENDS= pulledpork.pl:${PORTSDIR}/security/pulledpork
  70
  71 .include <bsd.port.options.mk>
  72
  73 USE_RC_SUBR=    snort
  74 SUB_FILES=      pkg-message
  75
  76 USES=           pathfix libtool
  77 GNU_CONFIGURE=  yes
  78 USE_LDCONFIG=   yes
  79 MAKE_JOBS_UNSAFE=       yes
  80
  81 RULES_DIR=              ${ETCDIR}/rules
  82 PREPROC_RULE_DIR=       ${ETCDIR}/preproc_rules
  83 LOGS_DIR=               /var/log/snort
  84
  85 CONFIG_FILES=   classification.config gen-msg.map reference.config \
  86                 snort.conf threshold.conf unicode.map
  87
  88 DOCS=           RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \
  89                 doc/README* doc/USAGE doc/*.pdf
  90 PREPROC_RULES=  decoder.rules preprocessor.rules sensitive-data.rules
  91
  92 LIBNET_CONFIG?=         ${LOCALBASE}/bin/libnet11-config
  93 .if exists(${LIBNET_CONFIG})
  94 LIBNET_CFLAGS!= ${LIBNET_CONFIG} --cflags
  95 LIBNET_LIBS!=   ${LIBNET_CONFIG} --libs
  96 .else
  97 LIBNET_CFLAGS=  -I${LOCALBASE}/include/libnet11
  98 LIBNET_LIBS=    -L${LOCALBASE}/lib/libnet11 -lnet
  99 .endif
 100
 101 LIBNET_INCDIR=  ${LIBNET_CFLAGS:M-I*:S/-I//}
 102 LIBNET_LIBDIR=  ${LIBNET_LIBS:M-L*:S/-L//}
 103
 104 CFLAGS+=        -fstack-protector
 105 CONFIGURE_ARGS+=--enable-reload \
 106                 --enable-reload-error-restart \
 107                 --with-dnet-includes=${LIBNET_INCDIR} \
 108                 --with-dnet-libraries=${LIBNET_LIBDIR}
 109
 110 post-patch:
 111         @${FIND} ${WRKSRC} \( -name 'Makefile.in' -o -name snort.conf \) -print0 | \
 112                 ${XARGS} -0 ${REINPLACE_CMD} -e 's|lib/snort_|lib/snort/|g'
 113
 114         @${REINPLACE_CMD} "s,/etc/snort.conf,${ETCDIR}/snort.conf," \
 115                 ${WRKSRC}/src/snort.c ${WRKSRC}/snort.8
 116
 117         @${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' \
 118                 -e '/ipvar HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' \
 119                 -e '/^# include .PREPROC_RULE/s/# include/include/' \
 120                 ${WRKSRC}/etc/snort.conf
 121
 122         @${REINPLACE_CMD} -e 's|libnet-config|${LIBNET_CONFIG}|g' ${WRKSRC}/configure
 123
 124 # IPv6 is no longer a ./configure option!
 125 .if ! ${PORT_OPTIONS:MIPV6}
 126         @${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/' \
 127                 -e '/normalize_icmp6/s/^preprocessor/#preprocessor/' \
 128                 ${WRKSRC}/etc/snort.conf
 129 .endif
 130
 131 post-build:
 132         @${FIND} ${WRKSRC}/src -name '*.0' -type f -exec ${STRIP_CMD} {} \;
 133
 134 post-install:
 135         @${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${RULES_DIR} ${STAGEDIR}${LOGS_DIR} \
 136                 ${STAGEDIR}${PREPROC_RULE_DIR} ${STAGEDIR}${DOCSDIR}
 137
 138 .for f in ${CONFIG_FILES}
 139         ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${STAGEDIR}${ETCDIR}/${f}-sample
 140 .endfor
 141
 142 .for f in ${PREPROC_RULES}
 143         ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${STAGEDIR}${PREPROC_RULE_DIR}/${f}-sample
 144 .endfor
 145         (cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR})
 146
 147 .include <bsd.port.mk>