summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/suricata/README4
-rw-r--r--network/suricata/doinst.sh11
-rw-r--r--network/suricata/rc.suricata53
-rw-r--r--network/suricata/suricata.SlackBuild34
-rw-r--r--network/suricata/suricata.info10
5 files changed, 80 insertions, 32 deletions
diff --git a/network/suricata/README b/network/suricata/README
index af4a72df0f..68d8c2ec42 100644
--- a/network/suricata/README
+++ b/network/suricata/README
@@ -1,7 +1,3 @@
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine.
Open Source and owned by a community run non-profit foundation, the Open Information
Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
-
-Optional dependencies:
- - GeoIP
- - luajit
diff --git a/network/suricata/doinst.sh b/network/suricata/doinst.sh
index c53b980178..d74b5bd771 100644
--- a/network/suricata/doinst.sh
+++ b/network/suricata/doinst.sh
@@ -1,17 +1,14 @@
config() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
- # If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
- # toss the redundant copy
rm $NEW
fi
- # Otherwise, we leave the .new copy for the admin to consider...
}
-config etc/suricata/classification.config.new
-config etc/suricata/reference.config.new
-config etc/suricata/suricata.yaml.new
-config etc/suricata/threshold.config.new
+CONFIGS="classification.config reference.config suricata.yaml threshold.config"
+for file in $CONFIGS; do
+ config etc/suricata/${file}.new
+done
diff --git a/network/suricata/rc.suricata b/network/suricata/rc.suricata
new file mode 100644
index 0000000000..e4eb06f1a6
--- /dev/null
+++ b/network/suricata/rc.suricata
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Start/stop/restart suricata
+# This file written from James Bond <evanton@tut.by>
+
+# This tell suricata which interface to listen on (any for every interface)
+IFACE=${IFACE:-eth0}
+
+# Make sure this matches your IFACE
+PIDFILE=/var/run/suricata_$IFACE.pid
+
+# You probably don't want to change this, but in case you do
+LOGDIR="/var/log/suricata"
+
+# Probably not this either
+CONF=/etc/suricata/suricata.yaml
+
+# Start suricata:
+suricata_start() {
+ CMDLINE="/usr/bin/suricata -D -i $IFACE"
+ echo "Starting Suricata daemon: $CMDLINE"
+ $CMDLINE --pidfile $PIDFILE -l $LOGDIR -c $CONF
+ echo
+}
+
+# Stop suricata:
+suricata_stop() {
+ echo -n "Stopping Suricata daemon ($IFACE)..."
+ kill $(cat $PIDFILE)
+ echo
+ sleep 1
+ rm -f $PIDFILE
+}
+
+# Restart suricata:
+suricata_restart() {
+ suricata_stop
+ sleep 1
+ suricata_start
+}
+
+case "$1" in
+'start')
+ suricata_start
+ ;;
+'stop')
+ suricata_stop
+ ;;
+'restart')
+ suricata_restart
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/network/suricata/suricata.SlackBuild b/network/suricata/suricata.SlackBuild
index e670c3bd34..ae255550be 100644
--- a/network/suricata/suricata.SlackBuild
+++ b/network/suricata/suricata.SlackBuild
@@ -23,7 +23,7 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=suricata
-VERSION=${VERSION:-1.4.7}
+VERSION=${VERSION:-2.0.5}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -59,9 +59,6 @@ set -e
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT $PKG/etc/$PRGNAM
cd $TMP
-rm -rf rules
-tar xvf $CWD/emerging.rules.tar.gz
-cp -rf rules $PKG/etc/$PRGNAM
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
@@ -70,7 +67,7 @@ find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
-o -perm 511 \) -exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
- -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
@@ -83,7 +80,6 @@ CXXFLAGS="$SLKCFLAGS" \
--docdir=/usr/doc/$PRGNAM-$VERSION \
--enable-shared=yes \
--enable-static=no \
- --enable-non-bundled-htp \
--enable-unix-socket \
--build=$ARCH-slackware-linux
@@ -93,16 +89,24 @@ make install DESTDIR=$PKG
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+# Fix magic-file path
+sed -i 's/magic-file: \/usr\/share\/file\/magic/magic-file: \/etc\/file\/magic.mgc/' suricata.yaml
+
# Install config files
-install -D -m644 classification.config $PKG/etc/suricata/classification.config.new
-install -D -m644 reference.config $PKG/etc/suricata/reference.config.new
-install -D -m644 suricata.yaml $PKG/etc/suricata/suricata.yaml.new
-install -D -m644 threshold.config $PKG/etc/suricata/threshold.config.new
-
-find $PKG -name perllocal.pod \
- -o -name ".packlist" \
- -o -name "*.bs" \
- | xargs rm -f
+CONFIGS="classification.config reference.config suricata.yaml threshold.config"
+for file in $CONFIGS; do
+ install -D -m644 $file $PKG/etc/suricata/${file}.new
+done
+
+# Include the rc.suricata file
+mkdir -p $PKG/etc/rc.d
+install -D -m0644 $CWD/rc.suricata $PKG/etc/rc.d/rc.suricata.new
+
+# Install rules
+install -D -m644 rules/*.rules $PKG/etc/$PRGNAM
+
+# Create directory for logging
+mkdir -p $PKG/var/log/$PRGNAM
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a COPYING ChangeLog LICENSE doc/*.txt $PKG/usr/doc/$PRGNAM-$VERSION
diff --git a/network/suricata/suricata.info b/network/suricata/suricata.info
index 42813983b5..7de24664ee 100644
--- a/network/suricata/suricata.info
+++ b/network/suricata/suricata.info
@@ -1,12 +1,10 @@
PRGNAM="suricata"
-VERSION="1.4.7"
+VERSION="2.0.5"
HOMEPAGE="http://suricata-ids.org/"
-DOWNLOAD="http://www.openinfosecfoundation.org/download/suricata-1.4.7.tar.gz \
- http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz"
-MD5SUM="da8bf6fc54ffe152921eb279fcfdab0f \
- ec12eda6498a769c822e605ec2fe8f01"
+DOWNLOAD="http://www.openinfosecfoundation.org/download/suricata-2.0.5.tar.gz"
+MD5SUM="2ff10b929bf7d5fd4d345b0fd8f268a1"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
-REQUIRES="simplejson coccinelle libhtp libcap-ng libnet jansson"
+REQUIRES="libcap-ng libnet jansson"
MAINTAINER="Dimitris Zlatanidis"
EMAIL="d.zlatanidis@gmail.com"