diff options
-rw-r--r-- | network/suricata/README | 4 | ||||
-rw-r--r-- | network/suricata/doinst.sh | 11 | ||||
-rw-r--r-- | network/suricata/rc.suricata | 53 | ||||
-rw-r--r-- | network/suricata/suricata.SlackBuild | 34 | ||||
-rw-r--r-- | network/suricata/suricata.info | 10 |
5 files changed, 80 insertions, 32 deletions
diff --git a/network/suricata/README b/network/suricata/README index af4a72df0f..68d8c2ec42 100644 --- a/network/suricata/README +++ b/network/suricata/README @@ -1,7 +1,3 @@ Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors. - -Optional dependencies: - - GeoIP - - luajit diff --git a/network/suricata/doinst.sh b/network/suricata/doinst.sh index c53b980178..d74b5bd771 100644 --- a/network/suricata/doinst.sh +++ b/network/suricata/doinst.sh @@ -1,17 +1,14 @@ config() { NEW="$1" OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: if [ ! -r $OLD ]; then mv $NEW $OLD elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy rm $NEW fi - # Otherwise, we leave the .new copy for the admin to consider... } -config etc/suricata/classification.config.new -config etc/suricata/reference.config.new -config etc/suricata/suricata.yaml.new -config etc/suricata/threshold.config.new +CONFIGS="classification.config reference.config suricata.yaml threshold.config" +for file in $CONFIGS; do + config etc/suricata/${file}.new +done diff --git a/network/suricata/rc.suricata b/network/suricata/rc.suricata new file mode 100644 index 0000000000..e4eb06f1a6 --- /dev/null +++ b/network/suricata/rc.suricata @@ -0,0 +1,53 @@ +#!/bin/sh +# Start/stop/restart suricata +# This file written from James Bond <evanton@tut.by> + +# This tell suricata which interface to listen on (any for every interface) +IFACE=${IFACE:-eth0} + +# Make sure this matches your IFACE +PIDFILE=/var/run/suricata_$IFACE.pid + +# You probably don't want to change this, but in case you do +LOGDIR="/var/log/suricata" + +# Probably not this either +CONF=/etc/suricata/suricata.yaml + +# Start suricata: +suricata_start() { + CMDLINE="/usr/bin/suricata -D -i $IFACE" + echo "Starting Suricata daemon: $CMDLINE" + $CMDLINE --pidfile $PIDFILE -l $LOGDIR -c $CONF + echo +} + +# Stop suricata: +suricata_stop() { + echo -n "Stopping Suricata daemon ($IFACE)..." + kill $(cat $PIDFILE) + echo + sleep 1 + rm -f $PIDFILE +} + +# Restart suricata: +suricata_restart() { + suricata_stop + sleep 1 + suricata_start +} + +case "$1" in +'start') + suricata_start + ;; +'stop') + suricata_stop + ;; +'restart') + suricata_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/network/suricata/suricata.SlackBuild b/network/suricata/suricata.SlackBuild index e670c3bd34..ae255550be 100644 --- a/network/suricata/suricata.SlackBuild +++ b/network/suricata/suricata.SlackBuild @@ -23,7 +23,7 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=suricata -VERSION=${VERSION:-1.4.7} +VERSION=${VERSION:-2.0.5} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -59,9 +59,6 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT $PKG/etc/$PRGNAM cd $TMP -rm -rf rules -tar xvf $CWD/emerging.rules.tar.gz -cp -rf rules $PKG/etc/$PRGNAM rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION @@ -70,7 +67,7 @@ find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ -o -perm 511 \) -exec chmod 755 {} \; -o \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ - -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ @@ -83,7 +80,6 @@ CXXFLAGS="$SLKCFLAGS" \ --docdir=/usr/doc/$PRGNAM-$VERSION \ --enable-shared=yes \ --enable-static=no \ - --enable-non-bundled-htp \ --enable-unix-socket \ --build=$ARCH-slackware-linux @@ -93,16 +89,24 @@ make install DESTDIR=$PKG find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true +# Fix magic-file path +sed -i 's/magic-file: \/usr\/share\/file\/magic/magic-file: \/etc\/file\/magic.mgc/' suricata.yaml + # Install config files -install -D -m644 classification.config $PKG/etc/suricata/classification.config.new -install -D -m644 reference.config $PKG/etc/suricata/reference.config.new -install -D -m644 suricata.yaml $PKG/etc/suricata/suricata.yaml.new -install -D -m644 threshold.config $PKG/etc/suricata/threshold.config.new - -find $PKG -name perllocal.pod \ - -o -name ".packlist" \ - -o -name "*.bs" \ - | xargs rm -f +CONFIGS="classification.config reference.config suricata.yaml threshold.config" +for file in $CONFIGS; do + install -D -m644 $file $PKG/etc/suricata/${file}.new +done + +# Include the rc.suricata file +mkdir -p $PKG/etc/rc.d +install -D -m0644 $CWD/rc.suricata $PKG/etc/rc.d/rc.suricata.new + +# Install rules +install -D -m644 rules/*.rules $PKG/etc/$PRGNAM + +# Create directory for logging +mkdir -p $PKG/var/log/$PRGNAM mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a COPYING ChangeLog LICENSE doc/*.txt $PKG/usr/doc/$PRGNAM-$VERSION diff --git a/network/suricata/suricata.info b/network/suricata/suricata.info index 42813983b5..7de24664ee 100644 --- a/network/suricata/suricata.info +++ b/network/suricata/suricata.info @@ -1,12 +1,10 @@ PRGNAM="suricata" -VERSION="1.4.7" +VERSION="2.0.5" HOMEPAGE="http://suricata-ids.org/" -DOWNLOAD="http://www.openinfosecfoundation.org/download/suricata-1.4.7.tar.gz \ - http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz" -MD5SUM="da8bf6fc54ffe152921eb279fcfdab0f \ - ec12eda6498a769c822e605ec2fe8f01" +DOWNLOAD="http://www.openinfosecfoundation.org/download/suricata-2.0.5.tar.gz" +MD5SUM="2ff10b929bf7d5fd4d345b0fd8f268a1" DOWNLOAD_x86_64="" MD5SUM_x86_64="" -REQUIRES="simplejson coccinelle libhtp libcap-ng libnet jansson" +REQUIRES="libcap-ng libnet jansson" MAINTAINER="Dimitris Zlatanidis" EMAIL="d.zlatanidis@gmail.com" |