Bug 194953 - security/suricata: Add rules files, Add NSS support for md5 file checksums
Summary: security/suricata: Add rules files, Add NSS support for md5 file checksums
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL:
Keywords: easy, needs-qa, patch
Depends on:
Blocks:
 
Reported: 2014-11-11 22:27 UTC by Bill Meeks
Modified: 2014-12-22 15:15 UTC (History)
1 user (show)

See Also:

Attachments
Patch file for Suricata 2.0.4 (2.43 KB, text/plain)
2014-11-11 22:27 UTC, Bill Meeks 		no flags Details
Updated patch to replace @sample with simple files (2.53 KB, patch)
2014-11-12 15:46 UTC, Bill Meeks 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bill Meeks 2014-11-11 22:27:02 UTC 
Created attachment 149299 [details]
Patch file for Suricata 2.0.4

Update the Suricata 2.0.4 port to:

(1) Include the 7 missing default rules files that should reside in /etc/suricata/rules after an install.  These files are:

     decoder-events.rules
     dns-events.rules
     files.rules
     http-events.rules
     smtp-events.rules
     stream-events.rules
     tls-events.rules

(2) Add support for calculating md5 hash of captured files when that option is enabled.  This requires compiling with the libnss3 library.

The attached patch file contains the required changes.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-11-12 01:34:23 UTC 
Fix synopsis and assign to maintainer.
Comment 2 Renato Botelho freebsd_committer freebsd_triage 2014-11-12 12:58:58 UTC 
Comments about the change you proposed:

- @sample macros are only for configuration files, it installs the conf file as .sample, and a copy without the suffix. At deinstall time, if user never touched conf files without suffix, it is safely removed too, otherwise it's kept. Those rules files should be added only as simple files on pkg-plist.

- Regarding nss dependency, do you believe it should be mandatory? Or we could have an OPTION to enable/disable it according user's option
Comment 3 Bill Meeks 2014-11-12 15:46:00 UTC 
Created attachment 149324 [details]
Updated patch to replace @sample with simple files

This is an updated patch file that drops using @sample for the default rules files and adds them as simple files instead to pkg-plist.
Comment 4 Bill Meeks 2014-11-12 15:48:18 UTC 
In my opinion the inclusion of the NSS library for enabling MD5 calculation for captured files should be left as a default dependent just like the YAML support library.
Comment 5 commit-hook freebsd_committer freebsd_triage 2014-12-22 15:12:52 UTC 
A commit references this bug:

Author: koobs
Date: Mon Dec 22 15:11:56 UTC 2014
New revision: 375243
URL: https://svnweb.freebsd.org/changeset/ports/375243

Log:
  security/suricata: Update to 2.0.5, Add NSS support

  - Update to 2.0.5
  - Add NSS option for file checksum and fingerprint support [1]
  - Add default rules files [1]
  - Add USES=autoreconf, remove USE_AUTOTOOLS and friends
  - Override PATHFIX_MAKEFILEIN
  - Use the install-strip target
  - Fix HTP_PORT_CONFLICT_OFF typo (CONFLICT*S*)
  - USES=iconv when using the bundled HTP version
  - Cleanup and fix OPTION descriptions
  - Sort OPTIONS and helpers
  - Use the existing NO_HTP_PORT variable in pkg-plist (OPTIONS_SUB), remove
    MHTP_PORT conditional accordingly

  PR:		194953 [1]
  Submitted by:	Bill Meeks <bmeeks8 bellsouth net> [1]

Changes:
  head/security/suricata/Makefile
  head/security/suricata/distinfo
  head/security/suricata/pkg-plist
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2014-12-22 15:15:56 UTC 
Committed, with changes. Thank you Bill!