Bug 153224

Summary: security/snort misplaces dynamic rules is you select snortsam.
Product: Ports & Packages Reporter: Michael Scheidell <michael.scheidell>
Component: Individual Port(s)Assignee: Cheng-Lung Sung <clsung>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patchup296.txt none

Description Michael Scheidell 2010-12-16 17:50:12 UTC 
building snort version 2.8.6.1 WITHOUT snortsam installs, deinstalls, runs, creates packages correctly. brand new portstree (as of 10am dec 16, est)


however, building it with both dynamic rules AND snortsam, with put the dynamic rules in the wrong directory, makeing packages impossible to build, deinstall doesn't know where things are, and the sample snort.conf is wrong also.

example:
building WITH DYNAMIC RULES and without SNORT SAM, the dynamic pre-processor rules are installed in:
/usr/local/lib/snort/

but, if you select BOTH DYNAMIC RULES and SNORTSAM, they are put here:

cd /usr/local/lib
ls -ltd snort*
drwxr-xr-x  2 root  wheel  1536 Dec 16 09:26 snort_dynamicpreprocessor
drwxr-xr-x  2 root  wheel   512 Dec 16 09:26 snort_dynamicengine

(notice the _ maybe should be a /?  
)

and, since pkg_plist is looking in /usr/local/lib/snort/dynamic*, packages wont' build, and deinstall doesn't remove them.

clearly in source, if you build with/without snortsam, and do a grep -R, you can see it builds the source differently.

Fix: 

find the 'thing' that somehow breaks where snort dynamic rules go.
workaround:

cd /usr/ports/security/snort
make config (select dynamic,flex,perf and snortsam)
make clean
make install
cp -p ./work/snort-2.8.6.1/snort.pc /usr/local/libdata/pkgconfig/

/usr/local/lib
ls -ltd snort*
drwxr-xr-x  2 root  wheel   512 Dec 16 09:38 snort_dynamicengine
drwxr-xr-x  2 root  wheel  1536 Dec 16 09:38 snort_dynamicpreprocessor
mkdir snort
mkdir snort/dynamicengine
mkdir snort/dynamicpreprocessor
mv snort_dynamicengine/* snort/dynamicengine/
mv snort_dynamicpreprocessor/* snort/dynamicpreprocessor/
How-To-Repeat: cd /usr/ports/security/snort
select defaults (dynamic rules, flexresp, perfprofile) and add 'snortsam'

make clean deinstall reinstall

 grep -R snort_dynamic ./

(yep, lots of links to snort_dynamic, and NOT snort/dynamic.. confusing)

cd /usr/local/lib/snort

(not there
cd /usr/local/lib/snort_dynamicengine

make package fails:

tar: lib/snort/dynamicengine/libsf_engine.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so.0: Cannot stat: No such file or directory
tar: libdata/pkgconfig/snort.pc: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-12-16 17:50:43 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->clsung

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Michael Scheidell 2011-02-03 14:52:55 UTC 
maintainer:
please close  fixed in 153998



______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Comment 3 Michael Scheidell 2011-02-03 15:09:18 UTC 
this attached patch should replace the previous one.
this patch is against current 2.8.6.1, applies cleanly, fixes the 
location of the dynamic libs/rules in pr 153224, fixes pr 129321.
this patch takes the previous patch (thanks DEAN!) and addresses some 
issues with the patch.

tested on 7.3 amd64 and 8.1 amd64.  installs and deinstalls cleanly.. 
creates a clean ports package that can be installed and deinstalled.
adds back in snortsam support (unofficial. not supported by 
snort/sourcefile.  and this patch isn't the official one from 
snortsam.net.. yet)

tested on 7.3 and 8.1 amd64.
Note: have NOT yet tested new ipfw daq, but have tested snortsam/snort 
combination and it seems to work fine.


further, it fixes the previous patch in that
1 port revision is not bumped (it should not be bumped on port major 
version upgrade)
2 master sites back to SF
3) options modified, some removed from 286:
    a flexresp (replaced by flexresp3)
    b targetbased and ipv6 off by default (like 286 was)
    c snortsam put back in (it was in 286, missing in above patch)
    d combined flexresp3 with flexreaction (can't have one without the 
other)

pre_proc rules now installed.
libnet needed for EVERYTHING, not just flexresp.  needed for DAQ.

daq dependency bumped, needs daq 0.5_1
added build and run depends (needed to build a ports package binary)
snortsam being hosted at secnap.com till it is available from snortsam.net
pre-configure: if ! IPV6, edit snort.conf-sample, change ipvar to var, 
take noamize_ip6/ipcmp6 out of sample conf.
post install: the fix for pr 153224 (I can't figure out what snortsam 
patch does to conf files, so I just move the affected files, pkg-plist 
wants them there!)
remove pkg-message-dynamicplugin (not needed.. port won't build without 
dynamic plugin support anyway)

snort.rc.in:  added in extra_commands reload.  port options build SIGHUP 
support into snort now.

pkg-plist: add in new binaries new for 286+
fix 2903 pkg-plist that was deleting critical files which were parts of 
other ports
fix 2903 pkg-plist that was deleting users custom snort.conf file.
add in removal of sample or untouched preproc_rules.

I did not yet change maintainer from clsung@FreeBSD.org as that does not 
seem to be finalized yet.

any problems, might check snort-users group, or if problems specific to 
port, open a pr .


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Comment 4 Cheng-Lung Sung freebsd_committer freebsd_triage 2011-02-09 06:50:49 UTC 
State Changed
From-To: open->closed

Closed by ports/154514. Thank you.