Close bug #215. Delete older ebuilds, old outdated config file.

Make user/group addition smarter.  Tidy ebuild.

9 files changed, 100 insertions, 438 deletions

diff --git a/net-misc/snort/ChangeLog b/net-misc/snort/ChangeLog
index e189c054482d..bf32634ae964 100644
--- a/net-misc/snort/ChangeLog
+++ b/net-misc/snort/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for net-misc/snort
 # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/ChangeLog,v 1.1 2002/02/01 21:53:35 gbevin Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/ChangeLog,v 1.2 2002/02/09 00:00:40 woodchip Exp $
+
+*snort-1.8.3-r1 (8 Feb 2002)
+
+  8 Feb 2002; Donny Davies <woodchip@gentoo.org> Changelog,
+  snort-1.8.3-r1.ebuild, files/digest-snort-1.8.3-r1,
+  files/snort.confd, files/snort.rc6 files/snort.conf :
+
+  Fix for nonexistant /etc/conf.d/snort.  Make user/group addition
+  a little smarter.
 
 *snort-1.8.3 (1 Feb 2002)
 
@@ -11,3 +20,4 @@
   comments should well explained and written in clean English. The details about
   writing correct changelogs are explained in the skel.ChangeLog file which you
   can find in the root directory of the portage repository.
+
diff --git a/net-misc/snort/files/digest-snort-1.7 b/net-misc/snort/files/digest-snort-1.7
deleted file mode 100644
index a2e347fe577f..000000000000
--- a/net-misc/snort/files/digest-snort-1.7
+++ /dev/null
@@ -1 +0,0 @@
-MD5 0eae2f987f663a2fbf236e38d1f8e960 snort-1.7.tar.gz 653702
diff --git a/net-misc/snort/files/digest-snort-1.8.3 b/net-misc/snort/files/digest-snort-1.8.3-r1
index 4b2d8e0fd2d1..4b2d8e0fd2d1 100644
--- a/net-misc/snort/files/digest-snort-1.8.3
+++ b/net-misc/snort/files/digest-snort-1.8.3-r1
diff --git a/net-misc/snort/files/snort.conf b/net-misc/snort/files/snort.conf
deleted file mode 100644
index 52ff8a062df1..000000000000
--- a/net-misc/snort/files/snort.conf
+++ /dev/null
@@ -1,272 +0,0 @@
-# $Id: snort.conf,v 1.1 2001/09/13 00:09:53 lamer Exp $ 
-####################################################################
-# This file contains a sample snort configuration. You can take the 
-# following steps to create your own custom configuration:
-#
-#  1) Set the HOME_NET variable for your network
-#  2) Configure preprocessors
-#  3) Configure output plugins 
-#  4) Customize your rule set
-#
-####################################################################
-# Step #1: Set the HOME_NET variable:
-#
-#    You must change the HOME_NET variable to reflect your local
-#    network. The variable is currently setup for an RFC 1918 address
-#    space.
-#
-#    You can specify it explicitly as: var HOME_NET 10.1.1.0/24
-#    or use global variable $<intname>_ADDRESS which will be always 
-#    initialized to IP address and netmask of the network interface 
-#    which you run snort at.
-#
-#    You can specify lists of IP addresses by separating the IPs with commas 
-#    like this:
-#
-#    [10.1.1.0/24,192.168.1.0/24]
-#
-#    MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
-#
-#
-#var HOME_NET $eth0_ADDRESS
-
-var HOME_NET 10.1.1.0/24
-
-# Set up the external network addresses as well.  A good start may be 
-# "any"...
-
-var EXTERNAL_NET any
-
-# Define the addresses of DNS servers and other hosts if you want to ignore 
-# portscan false alarms from them...
-
-#var DNS_SERVERS [192.168.1.1/32,10.1.1.1/32]
-
-####################################################################
-# Step #2: Configure preprocessors
-#
-# General configuration for preprocessors is of the form
-# 
-#   preprocessor <name_of_processor>: <configuration_options>
-
-# minfrag: detect small fragments
-# -------------------------------
-# minfrag takes the minimum fragment size (in bytes) threshold as its
-# argument. Fragmented packets at of below this size will cause an
-# alert to be generated.  The functionality of this preprocessor is 
-# largely superceded by the defrag plugin below.
-
-#preprocessor minfrag: 128
-
-# defrag: defragmentation support
-# -------------------------------
-# IP defragmentation support from Dragos Ruiu. There are no
-# configuration options at this time.
-
-preprocessor defrag
-
-# stream: TCP stream reassembly
-# -----------------------------
-# TCP stream reassembly preprocessor from Chris Cramer.  This
-# preprocessor should always go after the defrag preprocessor, but
-# before http_decode. The example below monitors ports 23 and 80, has
-# a timeout after 10 seconds, and will send reassembled packets of max
-# payload 16384 bytes through the detection engine. See
-# README.tcpstream for more information and configuration
-# options. Uncomment the following line and configure appropriately to
-# enable this preprocessor.
-#
-# NOTE: This code should still be considered BETA!  It seems to be stable, but
-# there are still some issues that remain to be resolved, so make sure
-# you keep an eye on your Snort sensor if you enable this plugin
-
-# preprocessor stream: timeout 10, ports 21 23 80, maxbytes 16384
-
-# http_decode: normalize HTTP requests
-# ------------------------------------
-# http_decode normalizes HTTP requests from remote machines by
-# converting any %XX character substitutions to their ASCII
-# equivalent. This is very useful for doing things like defeating
-# hostile attackers trying to stealth themselves from IDSs by mixing
-# these substitutions in with the request. Specify the port
-# numbers you want it to analyze as arguments.
-
-preprocessor http_decode: 80 8080
-
-# portscan: detect a variety of portscans
-# ---------------------------------------
-# portscan preprocessor by Patrick Mullen <p_mullen@linuxrc.net>
-# This preprocessor detects UDP packets or TCP SYN packets going to
-# four different ports in less than three seconds. "Stealth" TCP
-# packets are always detected, regardless of these settings.
-
-preprocessor portscan: $HOME_NET 4 3 portscan.log
-
-# Use portscan-ignorehosts to ignore TCP SYN and UDP "scans" from 
-# specific networks or hosts to reduce false alerts. It is typical
-# to see many false alerts from DNS servers so you may want to 
-# add your DNS servers here. You can all multiple hosts/networks
-# in a whitespace-delimited list. 
-#
-#preprocessor portscan-ignorehosts: $DNS_SERVERS
-
-# Spade: the Statistical Packet Anomaly Detection Engine
-#-------------------------------------------------------
-#
-# READ the README.Spade file before using this plugin!
-#
-# See http://www.silicondefense.com/spice/ for more info
-#
-# Spade is a Snort plugin to report unusual, possibly suspicious, packets.  
-# Spade will review the packets received by Snort, find those of interest (TCP
-# SYNs into your homenets, if any), and report those packets that it believes 
-# are anomalous along with an anomaly score.  To enable spp_anomsensor, you 
-# must have a line of this form in your snort configuration file:
-#
-# preprocessor spade: <anom-report-thresh> <state-file> <log-file> <prob-mode>
-#                     <checkpoint-freq>
-#
-# DO NOT ENABLE THIS PLUGIN UNLESS YOU HAVE READ THE README.Spade FILE THAT
-# COMES IN THIS DISTRIBUTION AND ARE COGENT OF THE PERFORMANCE IMPACT THAT THIS
-# MODULE MAY HAVE UPON YOUR NORMAL SNORT CONFIGURATION!
-#
-# set this to a directory Spade can read and write to store its files
-#
-# var SPADEDIR .
-#
-# preprocessor spade: -1 $SPADEDIR/spade.rcv $SPADEDIR/log.txt 3 50000
-#
-# put a list of the networks you are interested in Spade observing packets 
-# going to here
-#
-# preprocessor spade-homenet: 0.0.0.0/0
-#
-# this causes Spade to adjust the reporting threshold automatically
-# the first argument is the target rate of alerts for normal circumstances 
-# (0.01 = 1% or you can give it an hourly rate) after the first hour (or 
-# however long the period is set to in the second argument), the reporting 
-# threshold given above is ignored you can comment this out to have the
-# threshold be static, or try one of the other adapt methods below
-#
-# preprocessor spade-adapt3: 0.01 60 168
-#
-# other possible Spade config lines:
-# adapt method #1
-#preprocessor spade-adapt: 20 2 0.5
-# adapt method #2
-#preprocessor spade-adapt2: 0.01 15 4 24 7
-# offline threshold learning
-#preprocessor spade-threshlearn: 200 24
-# periodically report on the anom scores and count of packets seen
-#preprocessor spade-survey:  $SPADEDIR/survey.txt 60
-# print out known stats about packet feature
-#preprocessor spade-stats: entropy uncondprob condprob
-
-
-####################################################################
-# Step #3: Configure output plugins
-#
-# Uncomment and configure the output plugins you decide to use.
-# General configuration for output plugins is of the form:
-# 
-# output <name_of_plugin>: <configuration_options>
-#
-# Note that you can optionally define new rule types and associate one
-# or more output plugins specifically to that type.
-#
-# This example will create a type that will log to just tcpdump.
-# ruletype suspicious
-# {
-#   type log
-#   output log_tcpdump: suspicious.log
-# }
-#
-# This example will create a rule type that will log to syslog 
-# and a mysql database.
-# ruletype redalert
-# {
-#   type alert
-#   output alert_syslog: LOG_AUTH LOG_ALERT
-#   output database: log, mysql, user=snort dbname=snort host=localhost
-# }
-
-# alert_syslog: log alerts to syslog
-# ----------------------------------
-# Use one or more syslog facilities as arguments
-#
-# output alert_syslog: LOG_AUTH LOG_ALERT
-
-# log_tcpdump: log packets in binary tcpdump format
-# -------------------------------------------------
-# The only argument is the output file name.
-#
-# output log_tcpdump: snort.log
-
-# database: log to a variety of databases
-# ---------------------------------------
-# See the README.database file for more information about configuring
-# and using this plugin.
-#
-# output database: log, mysql, user=snort dbname=snort host=localhost
-# output database: log, postgresql, user=snort dbname=snort 
-# output database: log, unixodbc, user=snort dbname=snort
-
-# xml: xml logging
-# ----------------
-# See the README.xml file for more information about configuring
-# and using this plugin.
-# 
-# output xml: log, file=/var/log/snortxml
-
-
-####################################################################
-# Step #4: Customize your rule set
-#
-# Up to date snort rules are available at the following web sites:
-#   http://www.snort.org
-#   http://www.whitehats.com
-#
-# The snort web site has documentation about how to write your own
-# custom snort rules. 
-#
-# The rules included with this distribution generate alerts based on
-# on suspicious activity. Depending on your network environment, your
-# security policies, and what you consider to be suspicious, some of
-# these rules may either generate false positives ore may be detecting
-# activity you consider to be acceptable; therefore, you are
-# encouraged to comment out rules that are not applicable in your
-# environment.
-#
-# Note that using all of the rules at the same time may lead to
-# serious packet loss on slower machines. YMMV, use with caution,
-# standard disclaimers apply. :)
-#
-# The following individuals contributed many of rules in this
-# distribution.
-#
-# Credits:
-#   Ron Gula <rgula@securitywizards.com> of Network Security Wizards
-#   Martin Markgraf <martin@mail.du.gtn.com>  
-#   CyberPsychotic <fygrave@tigerteam.net>
-#   Nick Rogness <nick@rapidnet.com>
-#   Jim Forster <jforster@rapidnet.com>
-#   Scott McIntyre <scott@whoi.edu>
-#   Tom Vandepoel <Tom.Vandepoel@ubizen.com>
-
-include /usr/lib/snort/webcgi-lib
-include /usr/lib/snort/webcf-lib
-include /usr/lib/snort/webiis-lib
-include /usr/lib/snort/webfp-lib
-include /usr/lib/snort/webmisc-lib
-include /usr/lib/snort/overflow-lib
-include /usr/lib/snort/finger-lib
-include /usr/lib/snort/ftp-lib
-include /usr/lib/snort/smtp-lib
-include /usr/lib/snort/telnet-lib
-include /usr/lib/snort/misc-lib
-include /usr/lib/snort/netbios-lib
-include /usr/lib/snort/scan-lib
-include /usr/lib/snort/ddos-lib
-include /usr/lib/snort/backdoor-lib
-include /usr/lib/snort/ping-lib
-include /usr/lib/snort/rpc-lib
diff --git a/net-misc/snort/files/snort.confd b/net-misc/snort/files/snort.confd
index e29219e95b9c..0d213b3eb842 100644
--- a/net-misc/snort/files/snort.confd
+++ b/net-misc/snort/files/snort.confd
@@ -3,13 +3,7 @@
 # Make sure this matches your IFACE
 PIDFILE=/var/run/snort_eth0.pid
 
-# comment out the next three lines after you've read them
-einfo "Edit /etc/snort/snort.conf and /etc/conf.d/snort"
-exit 0;
-
-# Pick a mode options are    -A
-
-#fast -   fast alert mode, write the alert in a simple format with a
+# fast -   fast alert mode, write the alert in a simple format with a
 #                timestamp, alert message, source and destination IPs/ports
 #
 # full -   this is also the default alert mode, so if you specify nothing
@@ -18,16 +12,16 @@ exit 0;
 # unsock - send alerts to a UNIX socket that another program can listen on
 #
 # none -   turn off alerting
-
 MODE="full"
 
 # Set this to the appropriate network you box lives on
-NETWORK="192.168.1.1/24"
+NETWORK="192.168.1.0/24"
 
 # You probably don't want to change this, but in case you do
 LOGDIR="/var/log/snort"
 
 # Probably not this either
 CONF=/etc/snort/snort.conf
-OPTS="-D -s -u nobody -dev -l $LOGDIR -h $NETWORK -c $CONF"
 
+# This pulls in the options above
+SNORT_OPTS="-D -s -u nobody -dev -l $LOGDIR -h $NETWORK -c $CONF"
diff --git a/net-misc/snort/files/snort b/net-misc/snort/files/snort.rc6
index df073fe23d47..12e7a4d2fc0d 100644
--- a/net-misc/snort/files/snort
+++ b/net-misc/snort/files/snort.rc6
@@ -1,10 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2002 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License, v2 or later
-# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/files/snort,v 1.3 2001/12/23 23:25:19 azarah Exp $
-
-# NB: Config is in /etc/conf.d/snort
-
+# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/files/snort.rc6,v 1.1 2002/02/09 00:00:41 woodchip Exp $
 
 depend() {
 	need net
@@ -13,12 +10,13 @@ depend() {
 start() {
 	ebegin "Starting snort"
 	start-stop-daemon --start --quiet --exec /usr/bin/snort \
-		-- $OPTS 2>&1 >/dev/null 
+		-- ${SNORT_OPTS} >/dev/null 2>&1
 	eend $?
 }
 
 stop() {
 	ebegin "Stopping snort"
-	kill  -9 `cat $PIDFILE`  2>&1
+	start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+	#kill  -9 `cat $PIDFILE`  2>&1
 	eend $?
 }
diff --git a/net-misc/snort/snort-1.7.ebuild b/net-misc/snort/snort-1.7.ebuild
deleted file mode 100644
index 2d925e4482c6..000000000000
--- a/net-misc/snort/snort-1.7.ebuild
+++ /dev/null
@@ -1,74 +0,0 @@
-# Copyright 1999-2000 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License, v2 or later
-# Author Achim Gottinger achim@gentoo.org
-# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/snort-1.7.ebuild,v 1.4 2001/12/23 23:25:19 azarah Exp $
-
-S=${WORKDIR}/${P}
-DESCRIPTION="Libpcap packet sniffer/logger/lightweight IDS"
-SRC_URI="http://www.snort.org/Files/${P}.tar.gz"
-HOMEPAGE="http://www.snort.org"
-
-DEPEND="virtual/glibc >=net-libs/libpcap-0.5.2
-        mysql? ( >=dev-db/mysql-3.23.26 )
-	ssl? ( >=dev-libs/openssl-0.9.6a )"
-
-RDEPEND="virtual/glibc sys-devel/perl
-        mysql? ( >=dev-db/mysql-3.23.26 )
-	ssl? ( >=dev-libs/openssl-0.9.6a )"
-
-src_compile() {
-
-	local myconf
-	if [ `use mysql` ]
-	then
-		myconf="--with-mysql-includes=/usr/include/mysql \
-			--with-mysql-libraries=/usr/lib/mysql"
-	else
-		myconf="--without-mysql"
-	fi
-	if [ `use ssl` ]
-	then
-		myconf="$myconf --with-openssl"
-	else
-		myconf="$myconf --without-openssl"
-	fi
-	./configure --prefix=/usr \
-		--mandir=/usr/share/man \
-		--host=${CHOST} \
-		--enable-smbalerts \
-		--enable-pthreads \
-		--without-odbc \
-		--without-postgresql \
-		--without-oracle \
-		$myconf || die
-		
-	make || die
-}
-
-src_install() {
-
-	make DESTDIR=${D} install || die
-	insinto /usr/lib/snort/bin
-	
-	doins contrib/create_mysql contrib/*.pl contrib/snortlog
-	dodoc AUTHORS BUGS ChangeLog COPYING CREDITS NEWS README.*
-	dodoc RULES.SAMPLE USAGE contrib/pgsql.php3
-	
-	insinto /etc/snort
-	doins ${FILESDIR}/snort.conf
-	
-	insinto /usr/lib/snort
-	doins *lib
-	
-	exeinto /etc/init.d
-	doexe ${FILESDIR}/snort
-	insinfo /etc/conf.d
-	newins ${FILESDIR}/snort.confd snort
-}
-
-pkg_postint() {
-
-	groupadd snort
-	useradd -s /dev/null -g snort -s /bin/false snort
-}
-
diff --git a/net-misc/snort/snort-1.8.3-r1.ebuild b/net-misc/snort/snort-1.8.3-r1.ebuild
new file mode 100644
index 000000000000..addea94bb314
--- /dev/null
+++ b/net-misc/snort/snort-1.8.3-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2000 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Author Achim Gottinger achim@gentoo.org
+# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/snort-1.8.3-r1.ebuild,v 1.1 2002/02/09 00:00:40 woodchip Exp $
+
+S=${WORKDIR}/${P}
+DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS"
+SRC_URI="http://www.snort.org/releases/${P}.tar.gz"
+HOMEPAGE="http://www.snort.org"
+
+DEPEND="virtual/glibc >=net-libs/libpcap-0.6.2-r1
+	mysql? ( >=dev-db/mysql-3.23.26 )
+	ssl? ( >=dev-libs/openssl-0.9.6b )"
+
+RDEPEND="virtual/glibc sys-devel/perl
+	>=net-libs/libnet-1.0.2a
+	mysql? ( >=dev-db/mysql-3.23.26 )
+	ssl? ( >=dev-libs/openssl-0.9.6b )"
+
+src_compile() {
+
+	local myconf
+	use postgres && myconf="${myconf} --with-postgresql"
+	use postgres || myconf="${myconf} --without-postgresql"
+	use mysql && myconf="${myconf} --with-mysql"
+	use mysql || myconf="${myconf} --without-mysql"
+	use ssl && myconf="${myconf} --with-openssl"
+	use ssl || myconf="${myconf} --without-openssl"
+
+	./configure \
+		--prefix=/usr \
+		--without-odbc \
+		--without-oracle \
+		--enable-pthreads \
+		--enable-flexresp \
+		--enable-smbalerts \
+		--mandir=/usr/share/man \
+		--host=${CHOST} ${myconf} || die "bad ./configure"
+
+	emake || die "compile problem"
+}
+
+src_install () {
+
+	make DESTDIR=${D} install || die
+
+	dodir /var/log/snort
+
+	insinto /usr/lib/snort/bin
+	doins contrib/{create_mysql,snortlog,*.pl}
+
+	dodoc AUTHORS BUGS COPYING CREDITS ChangeLog FAQ INSTALL LICENSE
+	dodoc NEWS README* RULES.SAMPLE SnortUsersManual.pdf USAGE
+	docinto contrib ; dodoc contrib/*
+
+	insinto /etc/snort
+	doins classification.config *.rules
+	newins snort.conf snort.conf.distrib
+
+	exeinto /etc/init.d ; newexe ${FILESDIR}/snort.rc6 snort
+	insinto /etc/conf.d ; newins ${FILESDIR}/snort.confd snort
+}
+
+pkg_postinst() {
+
+	if ! grep -q ^snort: /etc/group ; then
+		groupadd snort || die "problem adding group snort"
+	fi
+	if ! grep -q ^snort: /etc/passwd ; then
+		useradd -g snort -s /dev/null -d /var/log/snort -c "snort" snort
+		assert "problem adding user snort"
+	fi
+	usermod -c "snort" snort || die "usermod problem"
+	usermod -d "/var/log/snort" snort || die "usermod problem"
+	usermod -g "snort" snort || die "usermod problem"
+	usermod -s "/dev/null" snort || die "usermod problem"
+	echo "ignore any message about CREATE_HOME above..."
+
+	chown root.snort /var/log/snort
+	chmod 0770 /var/log/snort
+}
diff --git a/net-misc/snort/snort-1.8.3.ebuild b/net-misc/snort/snort-1.8.3.ebuild
deleted file mode 100644
index 71ced5d6c030..000000000000
--- a/net-misc/snort/snort-1.8.3.ebuild
+++ /dev/null
@@ -1,74 +0,0 @@
-# Copyright 1999-2000 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License, v2 or later
-# Author Achim Gottinger achim@gentoo.org
-# $Header: /var/cvsroot/gentoo-x86/net-misc/snort/snort-1.8.3.ebuild,v 1.1 2002/01/08 11:14:40 blocke Exp $
-
-S=${WORKDIR}/${P}
-DESCRIPTION="Libpcap packet sniffer/logger/lightweight IDS"
-SRC_URI="http://www.snort.org/releases/${P}.tar.gz"
-HOMEPAGE="http://www.snort.org"
-
-DEPEND="virtual/glibc >=net-libs/libpcap-0.5.2
-        mysql? ( >=dev-db/mysql-3.23.26 )
-	ssl? ( >=dev-libs/openssl-0.9.6a )"
-
-RDEPEND="virtual/glibc sys-devel/perl
-        mysql? ( >=dev-db/mysql-3.23.26 )
-	ssl? ( >=dev-libs/openssl-0.9.6a )"
-
-src_compile() {
-
-	local myconf
-	if [ `use mysql` ]
-	then
-		myconf="--with-mysql-includes=/usr/include/mysql \
-			--with-mysql-libraries=/usr/lib/mysql"
-	else
-		myconf="--without-mysql"
-	fi
-	if [ `use ssl` ]
-	then
-		myconf="$myconf --with-openssl"
-	else
-		myconf="$myconf --without-openssl"
-	fi
-	./configure --prefix=/usr \
-		--mandir=/usr/share/man \
-		--host=${CHOST} \
-		--enable-smbalerts \
-		--enable-pthreads \
-		--without-odbc \
-		--without-postgresql \
-		--without-oracle \
-		$myconf || die
-		
-	make || die
-}
-
-src_install() {
-
-	make DESTDIR=${D} install || die
-	insinto /usr/lib/snort/bin
-	
-	doins contrib/create_mysql contrib/*.pl contrib/snortlog
-	dodoc AUTHORS BUGS ChangeLog COPYING CREDITS NEWS README.*
-	dodoc RULES.SAMPLE USAGE contrib/pgsql.php3
-	
-	insinto /etc/snort
-	doins ${FILESDIR}/snort.conf
-	
-	insinto /usr/lib/snort
-	doins *lib
-	
-	exeinto /etc/init.d
-	doexe ${FILESDIR}/snort
-	insinfo /etc/conf.d
-	newins ${FILESDIR}/snort.confd snort
-}
-
-pkg_postint() {
-
-	groupadd snort
-	useradd -s /dev/null -g snort -s /bin/false snort
-}
-