summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcelo Góes <vanquirius@gentoo.org>2008-11-23 15:29:38 +0000
committerMarcelo Góes <vanquirius@gentoo.org>2008-11-23 15:29:38 +0000
commitf4470b2f6f9bd6123e7ab2aca903f138da311822 (patch)
treecd9052e486a033a2815f15186e1cbc9d8a02b887 /net-analyzer/snort
parentold (diff)
downloadgentoo-2-f4470b2f6f9bd6123e7ab2aca903f138da311822.tar.gz
gentoo-2-f4470b2f6f9bd6123e7ab2aca903f138da311822.tar.bz2
gentoo-2-f4470b2f6f9bd6123e7ab2aca903f138da311822.zip
2.8.3.1 version bump with many changes for bug 245752. Thanks to Jason
Wallace <jason.r.wallace at gmail dot com> and Antixrict <antixrict at inbox.lv> for the rewrite. Currently in package.mask for testing. (Portage version: 2.1.4.5)
Diffstat (limited to 'net-analyzer/snort')
-rw-r--r--net-analyzer/snort/ChangeLog10
-rw-r--r--net-analyzer/snort/files/snort-2.8.3.1-libnet.patch220
-rw-r--r--net-analyzer/snort/snort-2.8.3.1.ebuild301
3 files changed, 530 insertions, 1 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog
index cbaf8f6913e5..a29c060da2e1 100644
--- a/net-analyzer/snort/ChangeLog
+++ b/net-analyzer/snort/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-analyzer/snort
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.134 2008/08/04 20:12:12 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.135 2008/11/23 15:29:38 vanquirius Exp $
+
+*snort-2.8.3.1 (23 Nov 2008)
+
+ 23 Nov 2008; Marcelo Goes <vanquirius@gentoo.org>
+ +files/snort-2.8.3.1-libnet.patch, +snort-2.8.3.1.ebuild:
+ 2.8.3.1 version bump with many changes for bug 245752. Thanks to Jason
+ Wallace <jason.r.wallace at gmail dot com> and Antixrict <antixrict at
+ inbox.lv> for the rewrite. Currently in package.mask for testing.
04 Aug 2008; Jeroen Roovers <jer@gentoo.org> metadata.xml:
Describe local USE flags for GLEP 56.
diff --git a/net-analyzer/snort/files/snort-2.8.3.1-libnet.patch b/net-analyzer/snort/files/snort-2.8.3.1-libnet.patch
new file mode 100644
index 000000000000..b51b1531569f
--- /dev/null
+++ b/net-analyzer/snort/files/snort-2.8.3.1-libnet.patch
@@ -0,0 +1,220 @@
+diff -ru snort-2.8.3.1/configure.in snort-2.8.3.1_gentoo/configure.in
+--- snort-2.8.3.1/configure.in 2008-09-15 10:45:24.000000000 -0400
++++ snort-2.8.3.1_gentoo/configure.in 2008-11-03 16:34:41.000000000 -0500
+@@ -1151,19 +1151,19 @@
+ else
+ libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+- AC_MSG_CHECKING("for libnet.h version 1.0.x")
++ AC_MSG_CHECKING("for libnet-1.0.h version 1.0.x")
+ for i in $libnet_dir; do
+- if test -r "$i/libnet.h"; then
++ if test -r "$i/libnet-1.0.h"; then
+ LIBNET_INC_DIR="$i"
+ fi
+ done
+
+ if test "$LIBNET_INC_DIR" != ""; then
+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0 >/dev/null"; then
+- FAIL_MESSAGE("libnet 1.0.x (libnet.h)", $LIBNET_INC_DIR)
++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0 >/dev/null"; then
++ FAIL_MESSAGE("libnet 1.0.x (libnet-1.0.h)", $LIBNET_INC_DIR)
+ fi
+- CFLAGS="${CFLAGS} `libnet-config --defines` `libnet-config --cflags`"
+- LIBS="${LIBS} `libnet-config --libs`"
++ CFLAGS="${CFLAGS} `libnet-1.0-config --defines` `libnet-1.0-config --cflags`"
++ LIBS="${LIBS} `libnet-1.0-config --libs`"
+ CPPFLAGS="${CPPFLAGS} -I${LIBNET_INC_DIR}"
+ AC_MSG_RESULT($i)
+ else
+@@ -1185,8 +1185,8 @@
+ [ --enable-flexresp Flexible Responses on hostile connection attempts],
+ enable_flexresp="$enableval", enable_flexresp="no")
+ if test "x$enable_flexresp" = "xyes"; then
+- CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-config --defines --cflags`"
+- LDFLAGS="${LDFLAGS} `libnet-config --libs`"
++ CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-1.0-config --defines --cflags`"
++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`"
+ fi
+
+ if test "x$enable_flexresp" != "xno" -a "x$enable_flexresp" = "xyes"; then
+@@ -1196,21 +1196,21 @@
+ exit
+ fi
+
+- if test `libnet-config --cflags | wc -c` = "1"; then
++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then
+ CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"
+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"
+ fi
+
+- if test `libnet-config --libs | wc -c` = "1"; then
+- AC_MSG_WARN(libnet-config --libs is broken on your system. If you)
++ if test `libnet-1.0-config --libs | wc -c` = "1"; then
++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you)
+ AC_MSG_WARN(are using a precompiled package please notify the)
+ AC_MSG_WARN(maintainer.)
+ LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"
+- LIBS="${LIBS} -lnet"
++ LIBS="${LIBS} -lnet-1.0"
+ fi
+
+ LNET=""
+- AC_CHECK_HEADERS(libnet.h,, LNET="no")
++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet header not found, go get it from"
+@@ -1228,33 +1228,33 @@
+ libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ else
+- libnet_dir=`libnet-config --cflags | cut -dI -f2`
++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2`
+ fi
+
+ LIBNET_INC_DIR=""
+ for i in $libnet_dir; do
+- if test -r "$i/libnet.h"; then
++ if test -r "$i/libnet-1.0.h"; then
+ LIBNET_INC_DIR="$i"
+ fi
+ done
+
+ if test "x$LIBNET_INC_DIR" != "x"; then
+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then
++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then
+ AC_MSG_RESULT(no)
+ echo
+ echo " ERROR! Snort with --enable-flexresp will *only* work with"
+ echo " libnet version 1.0.2a, go get it from"
+ echo " http://www.packetfactory.net/projects/libnet/"
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR)
+ fi
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir)
+ fi
+
+ LNET=""
+- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no")
++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet library not found, go get it from"
+@@ -1305,8 +1305,8 @@
+ [ --enable-react Intercept and terminate offending HTTP accesses],
+ enable_react="$enableval", enable_react="no")
+ if test "x$enable_react" = "xyes"; then
+- CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-config --defines --cflags`"
+- LDFLAGS="${LDFLAGS} `libnet-config --libs`"
++ CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-1.0-config --defines --cflags`"
++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`"
+ fi
+
+ if test "x$enable_react" != "xno" -a "x$enable_react" = "xyes"; then
+@@ -1317,13 +1317,13 @@
+ exit
+ fi
+
+- if test `libnet-config --cflags | wc -c` = "1"; then
++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then
+ CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"
+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"
+ fi
+
+- if test `libnet-config --libs | wc -c` = "1"; then
+- AC_MSG_WARN(libnet-config --libs is broken on your system. If you)
++ if test `libnet-1.0-config --libs | wc -c` = "1"; then
++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you)
+ AC_MSG_WARN(are using a precompiled package please notify the)
+ AC_MSG_WARN(maintainer.)
+ LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"
+@@ -1331,7 +1331,7 @@
+ fi
+
+ LNET=""
+- AC_CHECK_HEADERS(libnet.h,, LNET="no")
++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet header not found, go get it from"
+@@ -1349,33 +1349,33 @@
+ libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ else
+- libnet_dir=`libnet-config --cflags | cut -dI -f2`
++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2`
+ fi
+
+ LIBNET_INC_DIR=""
+ for i in $libnet_dir; do
+- if test -r "$i/libnet.h"; then
++ if test -r "$i/libnet-1.0.h"; then
+ LIBNET_INC_DIR="$i"
+ fi
+ done
+
+ if test "x$LIBNET_INC_DIR" != "x"; then
+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then
++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then
+ AC_MSG_RESULT(no)
+ echo
+ echo " ERROR! Snort with --enable-react will *only* work with"
+ echo " libnet version 1.0.2a, go get it from"
+ echo " http://www.packetfactory.net/projects/libnet/"
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR)
+ fi
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir)
+ fi
+
+ LNET=""
+- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no")
++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet library not found, go get it from"
+diff -ru snort-2.8.3.1/src/detection-plugins/sp_react.c snort-2.8.3.1_gentoo/src/detection-plugins/sp_react.c
+--- snort-2.8.3.1/src/detection-plugins/sp_react.c 2008-07-11 16:56:00.000000000 -0400
++++ snort-2.8.3.1_gentoo/src/detection-plugins/sp_react.c 2008-11-03 16:39:16.000000000 -0500
+@@ -59,7 +59,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+-#include <libnet.h>
++#include <libnet-1.0.h>
+
+ #include "rules.h"
+ #include "decode.h"
+diff -ru snort-2.8.3.1/src/detection-plugins/sp_respond.c snort-2.8.3.1_gentoo/src/detection-plugins/sp_respond.c
+--- snort-2.8.3.1/src/detection-plugins/sp_respond.c 2008-07-11 16:56:00.000000000 -0400
++++ snort-2.8.3.1_gentoo/src/detection-plugins/sp_respond.c 2008-11-03 16:38:50.000000000 -0500
+@@ -36,7 +36,7 @@
+
+
+ #if defined(ENABLE_RESPONSE) && !defined(ENABLE_RESPONSE2)
+-#include <libnet.h>
++#include <libnet-1.0.h>
+
+ #include "decode.h"
+ #include "rules.h"
+diff -ru snort-2.8.3.1/src/inline.c snort-2.8.3.1_gentoo/src/inline.c
+--- snort-2.8.3.1/src/inline.c 2008-02-25 16:34:56.000000000 -0500
++++ snort-2.8.3.1_gentoo/src/inline.c 2008-11-03 16:39:44.000000000 -0500
+@@ -20,7 +20,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <pcap.h>
+-#include <libnet.h>
++#include <libnet-1.0.h>
+
+ #include "decode.h"
+ #include "inline.h"
diff --git a/net-analyzer/snort/snort-2.8.3.1.ebuild b/net-analyzer/snort/snort-2.8.3.1.ebuild
new file mode 100644
index 000000000000..16ac79b3903d
--- /dev/null
+++ b/net-analyzer/snort/snort-2.8.3.1.ebuild
@@ -0,0 +1,301 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.3.1.ebuild,v 1.1 2008/11/23 15:29:38 vanquirius Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+AT_M4DIR=m4
+
+inherit eutils autotools
+
+DESCRIPTION="The de facto standard for intrusion detection/prevention"
+HOMEPAGE="http://www.snort.org/"
+SRC_URI="http://www.snort.org/dl/${P}.tar.gz
+ community-rules? ( http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz )"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86"
+IUSE="static debug pthreads prelude stream4udp memory-cleanup decoder-preprocessor-rules ipv6 targetbased dynamicplugin timestats ruleperf ppm perfprofiling linux-smp-stats inline inline-init-failopen flexresp flexresp2 react aruba gre mpls pic postgres mysql odbc selinux community-rules"
+
+#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a
+DEPEND="virtual/libc
+ virtual/libpcap
+ >=sys-devel/libtool-1.4
+ >=dev-libs/libpcre-6.0
+ flexresp2? ( dev-libs/libdnet )
+ flexresp? ( ~net-libs/libnet-1.0.2a )
+ react? ( ~net-libs/libnet-1.0.2a )
+ postgres? ( || ( dev-db/postgresql dev-db/libpq ) )
+ mysql? ( virtual/mysql )
+ odbc? ( dev-db/unixODBC )
+ prelude? ( >=dev-libs/libprelude-0.9.0 )
+ inline? ( ~net-libs/libnet-1.0.2a
+ net-firewall/iptables )"
+
+RDEPEND="${DEPEND}
+ dev-lang/perl
+ selinux? ( sec-policy/selinux-snort )"
+
+pkg_setup() {
+ enewgroup snort
+ enewuser snort -1 -1 /dev/null snort
+
+ if use flexresp && use flexresp2 ; then
+ ewarn
+ ewarn
+ ewarn "You have both the 'flexresp' and 'flexresp2' USE"
+ ewarn "flags set. You can use 'flexresp' OR 'flexresp2'"
+ ewarn "but not both."
+ ewarn
+ ewarn "Defaulting to flexresp2..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+ if use memory-cleanup && ! use dynamicplugin; then
+ ewarn
+ ewarn
+ ewarn "You have enabled 'memory-cleanup' but not 'dynamicplugin'."
+ ewarn "'memory-cleanup' requires 'dynamicplugin' to compile."
+ ewarn
+ ewarn "Enabling dynamicplugin..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+ if use ruleperf && ! use dynamicplugin; then
+ ewarn
+ ewarn
+ ewarn "You have enabled 'ruleperf' but not 'dynamicplugin'."
+ ewarn "'ruleperf' requires 'dynamicplugin' to compile."
+ ewarn
+ ewarn "Enabling dynamicplugin..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+ if use inline-init-failopen && ! use inline; then
+ ewarn
+ ewarn
+ ewarn "You have enabled 'inline-init-failopen' but not 'inline'."
+ ewarn "'inline-init-failopen' is an 'inline' only function."
+ ewarn
+ ewarn "Enabling inline mode..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+}
+
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ #Dont monkey with the original source if you don't need to.
+ if use flexresp || use react || use inline; then
+ epatch "${FILESDIR}/${PN}-2.8.3.1-libnet.patch"
+ fi
+
+ if use prelude ; then
+ sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in
+ fi
+
+ einfo "Regenerating autoconf/automake files"
+ eautoreconf
+}
+
+src_compile() {
+
+ local myconf
+
+ #Both shared and static are enable by defaut so we need to be specific
+ if use static; then
+ myconf="${myconf} --enable-static --disable-shared"
+ else
+ myconf="${myconf} --disable-static --enable-shared"
+ fi
+
+ #Added in ebuild version snort-2.8.3.1. Should be rechecked in updated versions.
+ #Use 'die' because ./configure will die any ways with the same error message...
+ if use ipv6 && use targetbased; then
+ die "Support for target-based and IPv6 cannot be enabled simultaneously in this version."
+ fi
+
+ #Sourcefire is often not clear about what is and is not enabled by default
+ #To avoid undesired results we should be very specific
+ if use flexresp && ! use flexresp2; then
+ myconf="${myconf} --enable-flexresp --disable-flexresp2"
+ elif use flexresp2 && ! use flexresp; then
+ myconf="${myconf} --disable-flexresp --enable-flexresp2"
+ elif use flexresp && use flexresp2; then
+ myconf="${myconf} --disable-flexresp --enable-flexresp2"
+ fi
+
+ # USE flages memory-cleanup and ruleperf require dynamicplugin
+ #Only 'dynamicplugin' is set here. 'ruleperf' and 'memory-cleanup' are set below via econf.
+ if use memory-cleanup || use ruleperf || use dynamicplugin; then
+ myconf="${myconf} --enable-dynamicplugin"
+ else
+ myconf="${myconf} --disable-dynamicplugin"
+ fi
+
+ # USE flages 'targetbased' and 'inline-init-failopen' require pthreads
+ #Only 'pthreads' is set here. 'targetbased' and 'inline-init-failopen' are set below via econf.
+ if use targetbased || use inline-init-failopen || use pthreads; then
+ myconf="${myconf} --enable-pthread"
+ else
+ myconf="${myconf} --disable-pthread"
+ fi
+
+ #Only needed if...
+ if use flexresp || use react || use inline; then
+ myconf="${myconf} --with-libipq-includes=/usr/include/libipq"
+ fi
+
+ #'inline-init-failopen' requires 'inline'
+ if use inline-init-failopen || use inline; then
+ myconf="${myconf} --enable-inline"
+ else
+ myconf="${myconf} --disable-inline"
+ fi
+
+
+#The --enable-<feature> options... 'static' 'dynamicplugin' 'pthreads' 'flexresp' 'flexresp2' 'inline'
+# are configured above due to dependancy/conflict issues.
+#All others are handled the standard ebuild way via econf
+
+ econf \
+ --without-oracle \
+ $(use_with postgres postgresql) \
+ $(use_with mysql) \
+ $(use_with odbc) \
+ $(use_with pic) \
+ --disable-ipfw \
+ --disable-profile \
+ --disable-ppm-test \
+ $(use_enable debug) \
+ $(use_enable prelude) \
+ $(use_enable stream4udp) \
+ $(use_enable memory-cleanup) \
+ $(use_enable decoder-preprocessor-rules) \
+ $(use_enable ipv6) \
+ $(use_enable targetbased) \
+ $(use_enable timestats) \
+ $(use_enable ruleperf) \
+ $(use_enable ppm) \
+ $(use_enable perfprofiling) \
+ $(use_enable linux-smp-stats) \
+ $(use_enable inline-init-failopen) \
+ $(use_enable react) \
+ $(use_enable aruba) \
+ $(use_enable gre) \
+ $(use_enable mpls) \
+ ${myconf} || die "econf failed"
+
+ # limit to single as reported by jforman on irc
+ emake -j1 || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "make install failed"
+
+ keepdir /var/log/snort/
+
+ dodoc doc/*
+ dodoc ./RELEASE.NOTES
+ docinto schemas ; dodoc schemas/*
+
+ insinto /etc/snort
+ doins etc/reference.config \
+ etc/classification.config \
+ etc/*.map \
+ etc/threshold.conf \
+ etc/attribute_table.dtd \
+ etc/unicode.map
+
+ # Make some changes to snort.conf depending on the users feature selection
+ if use memory-cleanup || use ruleperf || use dynamicplugin; then
+ sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" \
+ etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib
+ else
+ sed -e "s:^dynamic:# dynamic:g" \
+ etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib
+ fi
+
+ sed -i -e "s:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g" \
+ "${D}"/etc/snort/snort.conf.distrib
+
+ sed -i -e "s:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g" \
+ "${D}"/etc/snort/snort.conf.distrib
+
+ sed -i -e "s:^include $RULE_PATH:#include $RULE_PATH:g" \
+ "${D}"/etc/snort/snort.conf.distrib
+
+ newinitd "${FILESDIR}/snort.rc8" snort
+ newconfd "${FILESDIR}/snort.confd" snort
+
+ fowners snort:snort /var/log/snort
+ fperms 0770 /var/log/snort
+
+ # Install Community rules if enabled
+ if use community-rules; then
+ insinto /etc/snort/rules
+ doins -r "${WORKDIR}"/rules/*
+ fi
+
+ # Install preproc_rules if enabled
+ if use decoder-preprocessor-rules; then
+ insinto /etc/snort/preproc_rules
+ doins -r "${WORKDIR}"/${P}/preproc_rules/*.rules
+ fi
+}
+
+pkg_postinst() {
+ elog
+ elog "If you find that snort is using too much memory, your system"
+ elog "freezes, or snort crashes after a few minutes try adding the"
+ elog "following to your snort.conf..."
+ elog
+ elog "'config detection: search-method ac-sparsebands'"
+ elog
+ elog "To use a database backend with snort you will have to create"
+ elog "a database, a database user, and import the snort schema."
+ elog "The schema files are located in..."
+ elog
+ elog "/usr/share/doc/${PF}/schemas/"
+ elog
+ elog "Instructions for seting up your database, user, and schema imports"
+ elog "can be found in the README.database file located in..."
+ elog
+ elog "/usr/share/doc/${PF}"
+ elog
+ elog "Users using the unified output plugin and barnyard do not need to"
+ elog "compile database support into snort, but still need to set up their"
+ elog "database as documented in README.database."
+ elog
+ if use community-rules; then
+ elog
+ elog "The COMMUNITY ruleset has been installed."
+ elog
+ else
+ elog
+ elog "The COMMUNITY ruleset has NOT been installed."
+ elog
+ fi
+ elog "To learn how to manage updates to your rulesets please visit..."
+ elog
+ elog "http://oinkmaster.sourceforge.net/"
+ elog
+ elog "and then 'emerge oinkmaster'. Once oinkmaster is configured,"
+ elog "you may want to disable the 'community-rules' USE flag."
+ elog
+ elog "It is HIGHLY recomended that you also download Sourcefire's VRT"
+ elog "ruleset also. For more information on obtaining the VRT ruleset,"
+ elog "please visit... http://www.snort.org/vrt/"
+ elog
+}