Skip to content

Commit 841b872

Browse files
committed
chore: updated snort (#1682)
1 parent 32d1276 commit 841b872

6 files changed

Lines changed: 83 additions & 60 deletions

config/snort3.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
CONFIG_PACKAGE_gperftools-runtime=y
2-
CONFIG_PACKAGE_hyperscan-runtime=y
1+
CONFIG_PACKAGE_gperftools=y
2+
CONFIG_PACKAGE_vectorscan=y
33
CONFIG_PACKAGE_libunwind=y
44
CONFIG_PACKAGE_kmod-nfnetlink-queue=y
55
CONFIG_PACKAGE_kmod-nft-queue=y

packages/snort3/Makefile

Lines changed: 17 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,12 @@
66
include $(TOPDIR)/rules.mk
77

88
PKG_NAME:=snort3
9-
PKG_VERSION:=3.9.5.0
10-
PKG_RELEASE:=6
9+
PKG_VERSION:=3.10.0.0
10+
PKG_RELEASE:=1
1111

1212
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
1313
PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)?
14-
PKG_HASH:=e2e36a8db2c4c26a6ff58ea58839339260319eba25d0eb901ddb7210f4fa4b4c
14+
PKG_HASH:=fbd6619e612998330f8459486158a3ea571473218628d9011982aaf238e480e2
1515

1616
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>, John Audia <therealgraysky@proton.me>
1717
PKG_LICENSE:=GPL-2.0-only
@@ -28,8 +28,9 @@ define Package/snort3
2828
DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \
2929
+libpthread +libuuid +zlib +libhwloc +USE_MUSL:libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \
3030
+kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci \
31-
+PACKAGE_gperftools-runtime:gperftools-runtime \
32-
+PACKAGE_hyperscan-runtime:hyperscan-runtime
31+
+PACKAGE_gperftools:gperftools \
32+
+PACKAGE_vectorscan:vectorscan
33+
USERID:=snort=975:snort=975
3334
TITLE:=Lightweight Network Intrusion Detection System
3435
URL:=http://www.snort.org/
3536
MENU:=1
@@ -41,6 +42,14 @@ define Package/snort3/description
4142
and packet logging on IP networks. It utilizes a combination of protocol
4243
analysis and pattern matching in order to detect anomalies, misuse and
4344
attacks.
45+
46+
Note:
47+
When compiling from source, and if your target supports them, optionally
48+
enable runtime dependencies for improved performance:
49+
- gperftools
50+
- vectorscan
51+
These are not enabled by default and must be manually selected in menuconfig
52+
to take advantage of their benefits.
4453
endef
4554

4655
CMAKE_OPTIONS += \
@@ -57,9 +66,9 @@ CMAKE_OPTIONS += \
5766
-DMAKE_TEXT_DOC:BOOL=NO \
5867
-DHAVE_LIBUNWIND=OFF \
5968
-DHAVE_LZMA=ON \
60-
-DENABLE_TCMALLOC=$(if $(CONFIG_PACKAGE_gperftools-runtime),ON,OFF) \
61-
-DENABLE_HYPERSCAN=$(if $(CONFIG_PACKAGE_hyperscan-runtime),ON,OFF) \
62-
$(if $(CONFIG_PACKAGE_hyperscan-runtime),-DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs)
69+
-DENABLE_TCMALLOC=$(if $(CONFIG_PACKAGE_gperftools),ON,OFF) \
70+
-DENABLE_HYPERSCAN=$(if $(CONFIG_PACKAGE_vectorscan),ON,OFF) \
71+
$(if $(CONFIG_PACKAGE_vectorscan),-DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs)
6372

6473
TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3
6574

@@ -103,22 +112,6 @@ define Package/snort3/install
103112

104113
$(INSTALL_DIR) $(1)/etc/config
105114
$(INSTALL_CONF) ./files/snort.config $(1)/etc/config/snort
106-
107-
sed \
108-
-i \
109-
-e "/^-- HOME_NET and EXTERNAL_NET/ i -- The values for the two variables HOME_NET and EXTERNAL_NET have been" \
110-
-e "/^-- HOME_NET and EXTERNAL_NET/ i -- moved to /etc/config/snort, so do not modify them here without good" \
111-
-e "/^-- HOME_NET and EXTERNAL_NET/ i -- reason.\n" \
112-
-e 's/^\(HOME_NET\s\+=\)/--\1/g' \
113-
-e 's/^\(EXTERNAL_NET\s\+=\)/--\1/g' \
114-
$(1)/etc/snort/snort.lua
115-
sed \
116-
-i -e "s/^\\(RULE_PATH\\s\\+=\\).*/\\1 'rules'/g" \
117-
-e "s/^\\(BUILTIN_RULE_PATH\\s\\+=\\).*/\\1 'builtin_rules'/g" \
118-
-e "s/^\\(PLUGIN_RULE_PATH\\s\\+=\\).*/\\1 'so_rules'/g" \
119-
-e "s/^\\(WHITE_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
120-
-e "s/^\\(BLACK_LIST_PATH\\s\\+=\\).*/\\1 'lists'/g" \
121-
$(1)/etc/snort/snort_defaults.lua
122115
endef
123116

124117
$(eval $(call BuildPackage,snort3))

packages/snort3/files/snort.init

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,14 @@ start_service() {
110110
procd_set_param env SNORT_LUA_PATH="$config_dir"
111111
procd_set_param file $CONFIGFILE
112112
fi
113+
[ -x /sbin/ujail -a -e /etc/capabilities/snort.json ] && {
114+
chown -R snort:snort "$config_dir"
115+
procd_add_jail snort
116+
procd_set_param capabilities /etc/capabilities/snort.json
117+
procd_set_param user snort
118+
procd_set_param group snort
119+
procd_set_param no_new_privs 1
120+
}
113121
procd_set_param respawn
114122
procd_set_param stdout 1
115123
procd_set_param stderr 1

packages/snort3/patches/100-remove-HAVE_HS_COMPILE_LIT-to-work-around-upstream-b.patch

Lines changed: 0 additions & 34 deletions
This file was deleted.
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
--- a/lua/snort.lua
2+
+++ b/lua/snort.lua
3+
@@ -19,13 +19,17 @@
4+
-- 1. configure defaults
5+
6+
---------------------------------------------------------------------------
7+
8+
+-- The values for the two variables HOME_NET and EXTERNAL_NET have been
9+
+-- moved to /etc/config/snort, so do not modify them here without good
10+
+-- reason.
11+
+
12+
-- HOME_NET and EXTERNAL_NET must be set now
13+
-- setup the network addresses you are protecting
14+
-HOME_NET = 'any'
15+
+--HOME_NET = 'any'
16+
17+
-- set up the external network addresses.
18+
-- (leave as "any" in most situations)
19+
-EXTERNAL_NET = 'any'
20+
+--EXTERNAL_NET = 'any'
21+
22+
include 'snort_defaults.lua'
23+
24+
--- a/lua/snort_defaults.lua
25+
+++ b/lua/snort_defaults.lua
26+
@@ -19,13 +19,13 @@
27+
28+
---------------------------------------------------------------------------
29+
30+
-- Path to your rules files (this can be a relative path)
31+
-RULE_PATH = '../rules'
32+
-BUILTIN_RULE_PATH = '../builtin_rules'
33+
-PLUGIN_RULE_PATH = '../so_rules'
34+
+RULE_PATH = 'rules'
35+
+BUILTIN_RULE_PATH = 'builtin_rules'
36+
+PLUGIN_RULE_PATH = 'so_rules'
37+
38+
-- If you are using reputation preprocessor set these
39+
-WHITE_LIST_PATH = '../lists'
40+
-BLACK_LIST_PATH = '../lists'
41+
+WHITE_LIST_PATH = 'lists'
42+
+BLACK_LIST_PATH = 'lists'
43+
44+
---------------------------------------------------------------------------
45+
-- default networks - used in Talos rules
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
--- a/src/main/process.cc
2+
+++ b/src/main/process.cc
3+
@@ -704,7 +704,7 @@ int DisplayBanner()
4+
LogMessage(" Copyright (C) 1998-2013 Sourcefire, Inc., et al.\n");
5+
LogMessage(" Using DAQ version %s\n", daq_version_string());
6+
#ifdef HAVE_HYPERSCAN
7+
- LogMessage(" Using Hyperscan version %s\n", hs_version());
8+
+ LogMessage(" Using Vectorscan version %s\n", hs_version());
9+
#endif
10+
#ifdef HAVE_JEMALLOC
11+
const char* jv;

0 commit comments

Comments
 (0)