path: root/net-analyzer/snort/snort-2.8.4.1.ebuild

# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.4.1.ebuild,v 1.7 2009/05/25 22:46:12 pva Exp $

inherit eutils autotools multilib

DESCRIPTION="The de facto standard for intrusion detection/prevention"
HOMEPAGE="http://www.snort.org/"
SRC_URI="http://www.snort.org/dl/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 ppc ppc64 -sparc x86"
IUSE="static debug threads prelude memory-cleanup dynamicplugin decoder-preprocessor-rules ipv6 targetbased timestats ppm perfprofiling linux-smp-stats inline inline-init-failopen flexresp flexresp2 react aruba gre mpls postgres mysql odbc selinux"

#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a
DEPEND="virtual/libpcap
	>=dev-libs/libpcre-6.0
	flexresp2? ( dev-libs/libdnet )
	flexresp? ( ~net-libs/libnet-1.0.2a )
	react? ( ~net-libs/libnet-1.0.2a )
	postgres? ( virtual/postgresql-base )
	mysql? ( virtual/mysql )
	odbc? ( dev-db/unixODBC )
	prelude? ( >=dev-libs/libprelude-0.9.0 )
	inline? ( ~net-libs/libnet-1.0.2a net-firewall/iptables )"

RDEPEND="${DEPEND}
	dev-lang/perl
	selinux? ( sec-policy/selinux-snort )"

pkg_setup() {

	if use flexresp && use flexresp2 ; then
		ewarn
		ewarn
		ewarn "You have both the 'flexresp' and 'flexresp2' USE"
		ewarn "flags set. You can use 'flexresp' OR 'flexresp2'"
		ewarn "but not both."
		ewarn
		ewarn "Defaulting to flexresp2..."
		ewarn
		ewarn
		epause
	fi

	if use memory-cleanup && ! use dynamicplugin; then
		ewarn
		ewarn
		ewarn "You have enabled 'memory-cleanup' but not 'dynamicplugin'."
		ewarn "'memory-cleanup' requires 'dynamicplugin' to compile."
		ewarn
		ewarn "Enabling dynamicplugin..."
		ewarn
		ewarn
		epause
	fi

	if use inline-init-failopen && ! use inline; then
		ewarn
		ewarn
		ewarn "You have enabled 'inline-init-failopen' but not 'inline'."
		ewarn "'inline-init-failopen' is an 'inline' only function."
		ewarn
		ewarn "Enabling inline mode..."
		ewarn
		ewarn
		epause
	fi

	if use ipv6 && use prelude; then
		ewarn
		ewarn
		ewarn "You have enabled 'prelude' and 'ipv6'."
		ewarn "The Prelude output plugin does not support ipv6."
		ewarn
		ewarn "Disabling ipv6 support..."
		ewarn
		ewarn
		epause
	fi

	# pre_inst() is a better place but we need it here for the
	#'fowners' statements in src_install()
	enewgroup snort
	enewuser snort -1 -1 /dev/null snort

}

src_unpack() {
	unpack ${A}
	cd "${S}"

	#Dont monkey with the original source if you don't need to.
	if use flexresp || use react || use inline || use inline-init-failopen; then
	        epatch "${FILESDIR}/${PN}-2.8.4-libnet.patch"
	fi

	#Added patch to print the value of PCAP_MEMORY
	epatch "${FILESDIR}/pcap_memory.patch"

	#Multilib fix for the sf_engine
	sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \
		"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
		|| die "sed for sf_engine failed"

	#Multilib fix for the curent set of dynamic-preprocessors
	for i in ftptelnet smtp ssh dcerpc dns ssl dcerpc2; do
		sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \
			"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
			|| die "sed for $i failed."
	done

	#This sed will prevent the example dynamic code from being compiled/installed
	sed -i -e 's:$(EXAMPLES_DIR)::g' "${WORKDIR}/${P}/src/Makefile.am"

	if use prelude ; then
		sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in
	fi

	AT_M4DIR=m4 eautoreconf
}

src_compile() {
	local myconf

	#Both shared and static are enable by defaut so we need to be specific
	if use static; then
		myconf="${myconf} --enable-static --disable-shared"
	else
		myconf="${myconf} --disable-static --enable-shared"
	fi

	#Added in ebuild version snort-2.8.3.1. Should be rechecked in updated versions.
	#Use 'die' because ./configure will die any ways with the same error message...
	if use ipv6 && use targetbased; then
		die "Support for target-based and IPv6 cannot be enabled simultaneously in this version."
	fi

	#Sourcefire is often not clear about what is and is not enabled by default
	#To avoid undesired results we should be very specific
	#Also, See the next 'if' for "react"
	if ! use react && use flexresp && ! use flexresp2; then
		myconf="${myconf} --enable-flexresp --disable-flexresp2"
	elif ! use react && ! use flexresp && use flexresp2; then
		myconf="${myconf} --disable-flexresp --enable-flexresp2"
	elif ! use react && use flexresp && use flexresp2; then
		myconf="${myconf} --disable-flexresp --enable-flexresp2"
	elif ! use react && ! use flexresp && ! use flexresp2; then
		myconf="${myconf} --disable-flexresp --disable-flexresp2"
	fi

	#We need to do this becaue 'react' automaticly enables 'flexresp'
	#but ./configure fails if both --enable-react and --enable-flexresp
	#are used. Here is the error...
	#ERROR!  --enable-react cannot be used with --enable-flexresp
	#because it is AUTOMATICALLY enabled with --enable-flexresp
	#Given that --enable-flexresp is enable we know that
	#--disable-flexresp2 should be used
	if use react; then
		myconf="${myconf} --enable-react --disable-flexresp2"
	fi

	#USE flag memory-cleanup requires dynamicplugin
	#Only 'dynamicplugin' is set here, 'memory-cleanup' is set below via econf.
	if use memory-cleanup || use dynamicplugin; then
		myconf="${myconf} --enable-dynamicplugin"
	else
		myconf="${myconf} --disable-dynamicplugin"
	fi

	# USE flages 'targetbased' and 'inline-init-failopen' require threads
	#Only 'threads' is set here. 'targetbased' and 'inline-init-failopen' are set below via econf.
	if use targetbased || use inline-init-failopen || use threads; then
		myconf="${myconf} --enable-pthread"
	else
		myconf="${myconf} --disable-pthread"
	fi

	#Only needed if...
	if use flexresp || use react || use inline; then
		myconf="${myconf} --with-libipq-includes=/usr/include/libipq"
	fi

	#'inline-init-failopen' requires 'inline'
	if use inline-init-failopen || use inline; then
		myconf="${myconf} --enable-inline"
	else
		myconf="${myconf} --disable-inline"
	fi

	#'prelude' does not support 'ipv6'
	if use ipv6 && use prelude; then
		myconf="${myconf} --enable-prelude --disable-ipv6"
	elif use ipv6 && ! use prelude; then
		myconf="${myconf} --enable-ipv6"
	elif use prelude && ! use ipv6; then
		myconf="${myconf} --enable-prelude"
	elif ! use prelude && ! use ipv6; then
		myconf="${myconf} --disable-prelude --disable-ipv6"
	fi

#The --enable-<feature> options...
#'static' 'threads' 'react' 'flexresp' 'flexresp2' 'inline' 'dynamicplugin'
# are configured above due to dependancy/conflict issues.

#All others are handled the standard ebuild way via econf

	econf \
		--without-oracle \
		$(use_with postgres postgresql) \
		$(use_with mysql) \
		$(use_with odbc) \
		--disable-ipfw \
		--disable-profile \
		--disable-ppm-test \
		$(use_enable debug) \
		$(use_enable memory-cleanup) \
		$(use_enable decoder-preprocessor-rules) \
		$(use_enable targetbased) \
		$(use_enable timestats) \
		$(use_enable ppm) \
		$(use_enable perfprofiling) \
		$(use_enable linux-smp-stats) \
		$(use_enable inline-init-failopen) \
		$(use_enable aruba) \
		$(use_enable gre) \
		$(use_enable mpls) \
		${myconf}

	# limit to single as reported by jforman on irc
	emake -j1 || die
}

src_install() {
	emake DESTDIR="${D}" install || die "make install failed"

	keepdir /var/log/snort/
	fowners snort:snort /var/log/snort

	keepdir /var/run/snort/
	fowners snort:snort /var/run/snort/

	dodoc doc/*
	dodoc ./RELEASE.NOTES
	docinto schemas
	dodoc schemas/*

	insinto /etc/snort
	doins etc/attribute_table.dtd \
		etc/classification.config \
		etc/gen-msg.map \
		etc/reference.config \
		etc/sid-msg.map \
		etc/threshold.conf \
		etc/unicode.map \
		|| die "Failed to add files in /etc/snort"

	newins etc/snort.conf snort.conf.distrib

	insinto /etc/snort/preproc_rules
	doins preproc_rules/decoder.rules \
		preproc_rules/preprocessor.rules \
		|| die "Failed to add files in /etc/snort/preproc_rules"

	keepdir /etc/snort/rules/

	fowners -R snort:snort /etc/snort/

	newinitd "${FILESDIR}/snort.rc9" snort || die "Failed to add snort.rc9"
	newconfd "${FILESDIR}/snort.confd" snort || die "Failed to add snort.confd"

	# Make some changes to snort.conf.distrib

	# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
	sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \
		"${D}etc/snort/snort.conf.distrib"

	#Set the correct rule location in the config
	sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \
		"${D}etc/snort/snort.conf.distrib"

	#Set the correct preprocessor/decoder rule location in the config
	sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \
		"${D}etc/snort/snort.conf.distrib"

	#Enable the preprocessor/decoder rules
	sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \
		"${D}etc/snort/snort.conf.distrib"
	sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \
		"${D}etc/snort/snort.conf.distrib"

	#Just some clean up of trailing /'s in the config
	sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \
		"${D}etc/snort/snort.conf.distrib"
	sed -i -e 's:snort_dynamicrule/$:snort_dynamicrules:g' \
		"${D}etc/snort/snort.conf.distrib"

	#Make it clear in the config where these are...
	sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \
		"${D}etc/snort/snort.conf.distrib"
	sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \
		"${D}etc/snort/snort.conf.distrib"

	#Disable all rule files by default.
	#Users need to chose what they want enabled.
	sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \
		"${D}etc/snort/snort.conf.distrib"

}

pkg_postinst() {
	einfo
	einfo "Snort is a libpcap based packet capture tool which can be used in"
	einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion"
	einfo "Detection System Mode."
	einfo
	einfo "To learn more about these modes review the Snort User Manual at..."
	einfo
	einfo "http://www.snort.org/docs/"
	einfo
	einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for"
	einfo "information on configuring snort."
	einfo
	einfo "Joining the Snort Users and Snort Sigs mailing list is highly"
	einfo "recommended for all users..."
	einfo
	einfo "http://www.snort.org/community/lists.html"
	einfo
	elog "Snort-2.8.4.1 Notes:"
	elog
	elog "The 'community-rules' USE flag has been removed."
	elog
	elog "We are no longer distributing rule files via the snort ebuild."
	elog "There are a couple of reasons for this change..."
	elog
	elog "1. Rule files are not versioned making it impossible to use"
	elog "   portage to update them properly."
	elog "2. Although some of the rules are still useful, the"
	elog "   Community Rules are quite old (RELEASED: 2007-04-27) and"
	elog "   should only be used to supplement the VRT rule set."
	elog "3. Sourcefire's VRT rule set requires users to register (for free)"
	elog "   to download them."
	elog "4. Certain versions of Snort require specific rule set versions"
	elog "   for proper detection and to prevent Snort from breaking."
	elog "  (See below.)"
	elog
	elog "To download rules for use with Snort please, see the following"
	elog
	elog "Sourcefire's VRT Rules and older Community Rules:"
	elog "http://www.snort.org/pub-bin/downloads.cgi"
	elog
	elog "Emerging Threats Rules:"
	elog "http://www.emergingthreats.net/"
	elog
	elog "A good place to put your downloaded rules would be..."
	elog "/etc/snort/rules"
	elog
	elog "To manage updates to your rules please visit..."
	elog
	elog "http://oinkmaster.sourceforge.net/"
	elog
	elog "and then 'emerge oinkmaster'."
	elog
	elog "!!!IMPORTANT!!!"
	elog "Users upgrading from versions prior to Snort-2.8.4 and are using"
	elog "the dcerpc or dcerpc2 preprocessor in your snort.conf file"
	elog "with the netbios rules should be aware of the following"
	elog "announcements..."
	elog
	elog "http://vrt-sourcefire.blogspot.com/2009/04/snort-284-is-nigh.html"
	elog "http://vrt-sourcefire.blogspot.com/2009/02/important-snort-rule-changes-and-new.html"
	elog
}