From 2f17293d311dfa426a514bd8178401020f34ec88 Mon Sep 17 00:00:00 2001 From: Roman I Khimov Date: Fri, 30 Jul 2010 12:53:41 +0400 Subject: snort: merge Altell packaging fixes Snort was independently packaged by Altell some time ago, so merge things we've done into OE.dev: * fix packaging of snort dynamic libs * fix DEPENDS, libnet is not needed is not specifically used * fix RDEPENDS, no need to specify libs expicitly, barnyard is rather a RRECOMMENDS than RDEPENDS since snort lives just fine without it * add libprelude support and configure accordingly * add some useful configure options * add init/volatile/default setup which is necessary for the package * add postinst creating snort/snort user/group * add logrotate script Signed-off-by: Roman I Khimov --- recipes/snort/files/default | 42 ++++ recipes/snort/files/logrotate | 12 ++ recipes/snort/files/snort.init | 425 +++++++++++++++++++++++++++++++++++++++++ recipes/snort/files/volatiles | 2 + 4 files changed, 481 insertions(+) create mode 100644 recipes/snort/files/default create mode 100644 recipes/snort/files/logrotate create mode 100755 recipes/snort/files/snort.init create mode 100644 recipes/snort/files/volatiles (limited to 'recipes/snort/files') diff --git a/recipes/snort/files/default b/recipes/snort/files/default new file mode 100644 index 0000000000..afd3840d36 --- /dev/null +++ b/recipes/snort/files/default @@ -0,0 +1,42 @@ +# Parameters for the daemon +# Add any additional parameteres here. +PARAMS="-m 027 -D -d " +# +# Snort user +# This user will be used to launch snort. Notice that the +# preinst script of the package might do changes to the user +# (home directory, User Name) when the package is upgraded or +# reinstalled. So, do *not* change this to 'root' or to any other user +# unless you are sure there is no problem with those changes being introduced. +# +SNORTUSER="snort" +# +# Logging directory +# Snort logs will be dropped here and this will be the home +# directory for the SNORTUSER. If you change this value you should +# change the /etc/logrotate.d/snort definition too, otherwise logs +# will not be rotated properly. +# +LOGDIR="/var/log/snort" +# +# Snort group +# This is the group that the snort user will be added to. +# +SNORTGROUP="snort" +# +# Allow Snort's init.d script to work if the configured interfaces +# are not available. Set this to yes if you configure Snort with +# multiple interfaces but some might not be available on boot +# (e.g. wireless interfaces) +# +# Note: In order for this to work the 'iproute' package needs to +# be installed. +ALLOW_UNAVAILABLE="no" + +# Local configs +# +LOCAL_SNORT_STARTUP=boot +LOCAL_SNORT_HOME_NET="192.168.0.0/16" +LOCAL_SNORT_INTERFACE="" +LOCAL_SNORT_STATS_RCPT="root" +LOCAL_SNORT_STATS_THRESHOLD="1" diff --git a/recipes/snort/files/logrotate b/recipes/snort/files/logrotate new file mode 100644 index 0000000000..ef3e4afac8 --- /dev/null +++ b/recipes/snort/files/logrotate @@ -0,0 +1,12 @@ +/var/log/snort/*.log /var/log/snort/alert { + size 1M + missingok + compress + delaycompress + rotate 10 + sharedscripts + postrotate + /etc/init.d/snort restart + endscript +} + diff --git a/recipes/snort/files/snort.init b/recipes/snort/files/snort.init new file mode 100755 index 0000000000..af6661933a --- /dev/null +++ b/recipes/snort/files/snort.init @@ -0,0 +1,425 @@ +#!/bin/sh -e +# +# Init.d script for Snort in OpenEmbedded, based on Debian's script +# +# Copyright (c) 2009 Roman I Khimov +# +# Copyright (c) 2001 Christian Hammers +# Copyright (c) 2001-2002 Robert van der Meulen +# Copyright (c) 2002-2004 Sander Smeenk +# Copyright (c) 2004-2007 Javier Fernandez-Sanguino +# +# This is free software; you may redistribute it and/or modify +# it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, +# or (at your option) any later version. +# +# This is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License with +# the Debian operating system, in /usr/share/common-licenses/GPL; if +# not, write to the Free Software Foundation, Inc., 59 Temple Place, +# Suite 330, Boston, MA 02111-1307 USA +# +### BEGIN INIT INFO +# Provides: snort +# Required-Start: $time $network $local_fs +# Required-Stop: +# Should-Start: $syslog +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Lightweight network intrusion detection system +# Description: Intrusion detection system that will +# capture traffic from the network cards and will +# match against a set of known attacks. +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +DAEMON=/usr/bin/snort +NAME=snort +DESC="Network Intrusion Detection System" + +. /etc/default/snort +COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP" + +test -x $DAEMON || exit 0 +test -z "$LOCAL_SNORT_HOME_NET" && LOCAL_SNORT_HOME_NET="192.168.0.0/16" + +# to find the lib files +cd /etc/snort + +running() +{ + PIDFILE=$1 +# No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + pid=`cat $PIDFILE` +# No pid, probably no daemon present + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` +# No daemon + [ "$cmd" != "$DAEMON" ] && return 1 + return 0 +} + + +check_log_dir() { +# Does the logging directory belong to Snort? + # If we cannot determine the logdir return without error + # (we will not check it) + # This will only be used by people using /etc/default/snort + [ -n "$LOGDIR" ] || return 0 + [ -n "$SNORTUSER" ] || return 0 + if [ ! -e "$LOGDIR" ] ; then + echo "ERR: logging directory $LOGDIR does not exist" + return 1 + elif [ ! -d "$LOGDIR" ] ; then + echo "ERR: logging directory $LOGDIR does not exist" + return 1 + else + # Don't worry, be happy + true + fi + return 0 +} + +check_root() { + if [ "$(id -u)" != "0" ]; then + echo "You must be root to start, stop or restart $NAME." + exit 4 + fi +} + +case "$1" in + start) + check_root + echo "Starting $DESC " "$NAME" + + if [ -e /etc/snort/db-pending-config ] ; then + echo "/etc/snort/db-pending-config file found" + echo "Snort will not start as its database is not yet configured." + echo "Please configure the database as described in" + echo "/usr/share/doc/snort-{pgsql,mysql}/README-database.Debian" + echo "and remove /etc/snort/db-pending-config" + exit 6 + fi + + if ! check_log_dir; then + echo " will not start $DESC!" + exit 5 + fi + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then + shift + set +e + /etc/ppp/ip-up.d/snort "$@" + ret=$? + if [ $ret -eq 0 ] ; then + echo 0 + else + echo 1 + fi + exit $ret + fi + + # Usually, we start all interfaces + interfaces="$LOCAL_SNORT_INTERFACE" + + # If we are requested to start a specific interface... + test "$2" && interfaces="$2" + + # If the interfaces list is empty stop (no error) + if [ -z "$interfaces" ] ; then + echo "no interfaces configured, will not start" + echo 0 + exit 0 + fi + + myret=0 + got_instance=0 + for interface in $interfaces; do + got_instance=1 + echo "($interface" + + # Check if the interface is available: + # - only if iproute is available + # - the interface exists + # - the interface is up + if ! [ -x /sbin/ip ] || ( ip link show dev "$interface" >/dev/null 2>&1 && [ -n "`ip link show up "$interface" 2>/dev/null`" ] ) ; then + + PIDFILE=/var/run/snort_$interface.pid + CONFIGFILE=/etc/snort/snort.$interface.conf + + # Defaults: + fail="failed (check /var/log/syslog and /var/log/snort)" + run="yes" + + if [ -e "$PIDFILE" ] && running $PIDFILE; then + run="no" + # Do not start this instance, it is already runing + fi + + if [ "$run" = "yes" ] ; then + if [ ! -e "$CONFIGFILE" ]; then + echo "no /etc/snort/snort.$interface.conf found, defaulting to snort.conf" + CONFIGFILE=/etc/snort/snort.conf + fi + + set +e + /sbin/start-stop-daemon --start --quiet \ + --pidfile "$PIDFILE" \ + --exec $DAEMON -- $COMMON $LOCAL_SNORT_OPTIONS \ + -c $CONFIGFILE \ + -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \ + -i $interface >/dev/null + ret=$? + case "$ret" in + 0) + echo "...done)" + ;; + *) + echo "...ERROR: $fail)" + myret=$(expr "$myret" + 1) + ;; + esac + set -e + else + echo "...already running)" + fi + + else + # What to do if the interface is not available + # or is not up + if [ "$ALLOW_UNAVAILABLE" != "no" ] ; then + echo "...interface not available)" + else + echo "...ERROR: interface not available)" + myret=$(expr "$myret" + 1) + fi + fi + done + + if [ "$got_instance" = 0 ] && [ "$ALLOW_UNAVAILABLE" = "no" ]; then + echo "No snort instance found to be started!" >&2 + exit 6 + fi + + if [ $myret -eq 0 ] ; then + echo 0 + else + echo 1 + fi + exit $myret + ;; + stop) + check_root + echo "Stopping $DESC " "$NAME" + + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then + shift + set +e + /etc/ppp/ip-down.d/snort "$@" + ret=$? + if [ $ret -eq 0 ] ; then + echo 0 + else + echo 1 + fi + exit $ret + fi + + # Usually, we stop all current running interfaces + pidpattern=/var/run/snort_*.pid + + # If we are requested to stop a specific interface... + test "$2" && pidpattern=/var/run/snort_"$2".pid + + got_instance=0 + myret=0 + for PIDFILE in $pidpattern; do + # This check is also needed, if the above pattern doesn't match + test -f "$PIDFILE" || continue + + got_instance=1 + interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//') + + echo "($interface" + + set +e + if [ ! -e "$PIDFILE" -o -r "$PIDFILE" ] ; then +# Change ownership of the pidfile + /sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \ + --pidfile "$PIDFILE" --exec $DAEMON >/dev/null + ret=$? + rm -f "$PIDFILE" + rm -f "$PIDFILE.lck" + else + echo "cannot read $PIDFILE" + ret=4 + fi + case "$ret" in + 0) + echo "...done)" + ;; + *) + echo "...ERROR)" + myret=$(expr "$myret" + 1) + ;; + esac + set -e + + done + + if [ "$got_instance" = 0 ]; then + log_warning_msg "No running snort instance found" + exit 0 # LSB demands we don't exit with error here + fi + if [ $myret -eq 0 ] ; then + echo 0 + else + echo 1 + fi + exit $myret + ;; + restart|force-restart|reload|force-reload) + check_root + # Usually, we restart all current running interfaces + pidpattern=/var/run/snort_*.pid + + # If we are requested to restart a specific interface... + test "$2" && pidpattern=/var/run/snort_"$2".pid + + got_instance=0 + for PIDFILE in $pidpattern; do + # This check is also needed, if the above pattern doesn't match + test -f "$PIDFILE" || continue + + got_instance=1 + interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//') + $0 stop $interface || true + $0 start $interface || true + done + + if [ "$got_instance" = 0 ]; then + echo "No snort instance found to be stopped!" >&2 + exit 6 + fi + ;; + status) +# Non-root users can use this (if allowed to) + echo "Status of snort daemon(s)" + interfaces="$LOCAL_SNORT_INTERFACE" + # If we are requested to check for a specific interface... + test "$2" && interfaces="$2" + err=0 + pid=0 + for interface in $interfaces; do + echo " $interface " + pidfile=/var/run/snort_$interface.pid + if [ -f "$pidfile" ] ; then + if [ -r "$pidfile" ] ; then + pidval=`cat $pidfile` + pid=$(expr "$pid" + 1) + if ps -p $pidval | grep -q snort; then + echo "OK" + else + echo "ERROR" + err=$(expr "$err" + 1) + fi + else + echo "ERROR: cannot read status file" + err=$(expr "$err" + 1) + fi + else + echo "ERROR" + err=$(expr "$err" + 1) + fi + done + if [ $err -ne 0 ] ; then + if [ $pid -ne 0 ] ; then +# More than one case where pidfile exists but no snort daemon +# LSB demands a '1' exit value here + echo 1 + exit 1 + else +# No pidfiles at all +# LSB demands a '3' exit value here + echo 3 + exit 3 + fi + fi + echo 0 + ;; + config-check) + echo "Checking $DESC configuration" + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then + echo "Config-check is currently not supported for snort in Dialup configuration" + echo 3 + exit 3 + fi + + # usually, we test all interfaces + interfaces="$LOCAL_SNORT_INTERFACE" + # if we are requested to test a specific interface... + test "$2" && interfaces="$2" + + myret=0 + got_instance=0 + for interface in $interfaces; do + got_instance=1 + echo "interface $interface" + + CONFIGFILE=/etc/snort/snort.$interface.conf + if [ ! -e "$CONFIGFILE" ]; then + CONFIGFILE=/etc/snort/snort.conf + fi + COMMON=`echo $COMMON | sed -e 's/-D//'` + set +e + fail="INVALID" + if [ -r "$CONFIGFILE" ]; then + $DAEMON -T $COMMON $LOCAL_SNORT_OPTIONS \ + -c $CONFIGFILE \ + -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \ + -i $interface >/dev/null 2>&1 + ret=$? + else + fail="cannot read $CONFIGFILE" + ret=4 + fi + set -e + + case "$ret" in + 0) + echo "OK" + ;; + *) + echo "$fail" + myret=$(expr "$myret" + 1) + ;; + esac + done + if [ "$got_instance" = 0 ]; then + echo "no snort instance found to be started!" >&2 + exit 6 + fi + + if [ $myret -eq 0 ] ; then + echo 0 + else + echo 1 + fi + exit $myret + ;; + *) + echo "Usage: $0 {start|stop|restart|force-restart|reload|force-reload|status|config-check}" + exit 1 + ;; +esac +exit 0 diff --git a/recipes/snort/files/volatiles b/recipes/snort/files/volatiles new file mode 100644 index 0000000000..e3ab51da38 --- /dev/null +++ b/recipes/snort/files/volatiles @@ -0,0 +1,2 @@ +# +d snort snort 0755 /var/log/snort none \ No newline at end of file -- cgit 1.2.3-korg