--- a/components/daq/Makefile Thu Jun 13 17:39:51 2013 -0700
+++ b/components/daq/Makefile Fri Jun 14 16:37:38 2013 -0700
@@ -36,10 +36,16 @@
include ../../make-rules/configure.mk
include ../../make-rules/ips.mk
+# Solaris should really define these. See CR #15431883 and 15537286.
+CFLAGS += -Du_int8_t=uint8_t
+CFLAGS += -Du_int16_t=uint16_t
+CFLAGS += -Du_int32_t=uint32_t
+
# Set -m32 or -m64 correctly for 32 and 64 bit versions.
CC += $(CC_BITS)
CONFIGURE_OPTIONS += --enable-static=no
+CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
ASLR_MODE = $(ASLR_ENABLE)
--- a/components/daq/patches/sfbpf.sll.h.patch Thu Jun 13 17:39:51 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-Include in missing typedefs needed in order to build DAQ.
-
---- daq-0.6.2/sfbpf/sll.h.orig 2010-05-06 15:13:26.000000000 -0400
-+++ daq-0.6.2/sfbpf/sll.h 2012-01-13 16:27:21.000000000 -0500
-@@ -82,6 +82,15 @@
- #define SLL_HDR_LEN 16 /* total header length */
- #define SLL_ADDRLEN 8 /* length of address field */
-
-+#if defined (__SVR4) && defined (__sun)
-+
-+typedef uint8_t u_int8_t;
-+typedef uint16_t u_int16_t;
-+typedef uint32_t u_int32_t;
-+
-+#endif /* defined (__SVR4) && defined (__sun) */
-+
-+
- struct sll_header
- {
- u_int16_t sll_pkttype; /* packet type */
--- a/components/snort/Makefile Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/Makefile Fri Jun 14 16:37:38 2013 -0700
@@ -26,39 +26,49 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= snort
-COMPONENT_VERSION= 2.8.4.1
+COMPONENT_VERSION= 2.9.2
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:ee7f790eb3df4e6156a7c865f1ba22855394c9e3c13fdc57d60a8647267fc209
+ sha256:04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
COMPONENT_PROJECT_URL= http://www.snort.org/
-# the main site does not retain older releases
-COMPONENT_ARCHIVE_URL= http://mirror2.openwrt.org/sources/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)dl/snort-current/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/snort
include ../../make-rules/prep.mk
include ../../make-rules/configure.mk
include ../../make-rules/ips.mk
-PATCH_LEVEL = 0
-
# without this we bus error on sparc. sadly I don't see any patches
# that might relate from the upstream (though maybe that's really
# "happily", as this is simpler)
-studio_ALIGN.sparc.32= -xmemalign=1i
+studio_ALIGN.sparc.64= -xmemalign=1i
+
+# Need to recreate the configure script for gethrtime checks.
+COMPONENT_PREP_ACTION += (cd $(@D); autoconf);
-CONFIGURE_OPTIONS += --with-libpcre=included
-CONFIGURE_OPTIONS += --with-libpcap=/usr
-CONFIGURE_OPTIONS += --enable-static=no
+CONFIGURE_OPTIONS += --with-libpcre-libraries="/usr/lib/$(MACH64)"
+CONFIGURE_OPTIONS += --with-dnet-libraries="/usr/lib/$(MACH64)"
+CONFIGURE_OPTIONS += --without-mysql
+CONFIGURE_OPTIONS += --without-postgresql
+CONFIGURE_OPTIONS += --enable-zlib
+CONFIGURE_OPTIONS += --enable-ipv6
+CONFIGURE_OPTIONS += --disable-static-daq
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+CONFIGURE_OPTIONS += LDFLAGS="$(LDFLAGS)"
+
+# Move snort shared objects to 64-bit path to stop pkglint bitching.
+COMPONENT_POST_INSTALL_ACTION += \
+ $(MV) $(PROTOUSRLIBDIR)/snort_dynamicengine $(PROTOUSRLIBDIR64); \
+ $(MV) $(PROTOUSRLIBDIR)/snort_dynamicpreprocessor $(PROTOUSRLIBDIR64) ;
# Enable ASLR for this component
ASLR_MODE = $(ASLR_ENABLE)
# common targets
-build: $(BUILD_32)
+build: $(BUILD_64)
-install: $(INSTALL_32)
+install: $(INSTALL_64)
test: $(NO_TESTS)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/Solaris/snort.pc Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=/usr/lib/64
+includedir=${prefix}/include
+
+Name: Snort
+Description: Snort dynamic plugins/detection/rules
+URL: www.snort.org
+Version: 2.9.2
+Libs: -L${libdir} -lcurl -lz -ldnet -lpcre -lpcap -lsocket -lnsl -lrt -luuid -lm -ldl -ldaq -lpthread
+Cflags: -m64 -mt -I/usr/include/pcre -DDYNAMIC_PLUGIN -DZLIB -DGRE -DMPLS -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DPPM_MGR -DENABLE_PAF -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3 -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/Solaris/snort_preproc.pc Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,12 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=/usr/lib/64
+package=snort
+includedir=${prefix}/include
+
+Name: Snort
+Description: Snort dynamic preprocessors
+URL: www.snort.org
+Version: 2.9.2
+Libs: -L${libdir}/${package}/dynamic_preproc -lsf_dynamic_preproc
+Cflags: -I/usr/include/pcre -I${includedir}/${package}/dynamic_preproc -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- a/components/snort/patches/snort.8.patch Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/patches/snort.8.patch Fri Jun 14 16:37:38 2013 -0700
@@ -1,29 +1,34 @@
---- snort.8.orig Tue May 3 11:40:24 2011
-+++ snort.8 Tue May 3 11:42:11 2011
+Adjust snort man page to be in section 1M.
+
+--- snort-2.9.2/snort.8.orig 2013-03-18 12:26:58.589074327 -0700
++++ snort-2.9.2/snort.8 2013-03-18 12:28:26.378646691 -0700
@@ -1,8 +1,8 @@
.\" Process this file with
-.\" groff -man -Tascii snort.8
+.\" groff -man -Tascii snort.1m
.\"
.\" $Id$
--.TH SNORT 8 "February 2009"
-+.TH SNORT 1M "February 2009"
+-.TH SNORT 8 "December 2011"
++.TH SNORT 1M "December 2011"
.SH NAME
Snort \- open source network intrusion detection system
.SH SYNOPSIS
-@@ -901,13 +901,13 @@
+@@ -913,15 +913,15 @@
+ Causes the daemon to close all opened files and restart.
Please \fBnote\fR that this will only work if the \fBfull\fR pathname is
- used to invoke snort in daemon mode, otherwise snort will just exit with an
- error message being sent to
--.B syslogd(8)
-+.B syslogd(1M)
- .
- .PP
+ used to invoke snort in daemon mode, otherwise snort will just exit with an
+-error message being sent to \fBsyslogd(8)\fR.
++error message being sent to \fBsyslogd(1M)\fR.
+ .PP
.IP SIGUSR1
Causes the program to dump its current packet statistical information to the
- console or
--.B syslogd(8)
-+.B syslogd(1M)
- if in daemon mode.
- .
+-console or \fBsyslogd(8)\fR if in daemon mode.
++console or \fBsyslogd(1M)\fR if in daemon mode.
.PP
+ .IP SIGUSR2
+ Causes the program to rotate Perfmonitor statistical information to the
+-console or \fBsyslogd(8)\fR if in daemon mode.
++console or \fBsyslogd(1M)\fR if in daemon mode.
+ .PP
+ .IP SIGURG
+ Causes the program to reload attribute table.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/patches/snort.c.patch Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,58 @@
+Provide the directory where snort will initially look for DAQ modules.
+
+This patch has not been sent upstream, because the Solaris integration
+of libdaq is different from the way that Linux systems do this.
+
+On Linux systems, DAQ installs two static libraries:
+
+ /usr/lib/libdaq_static.a
+ /usr/lib/libdaq_static_modules.a
+
+When snort is being configured, you see:
+
+...
+checking for daq_load_modules in -ldaq_static... yes
+...
+
+and at link time we see "-ldaq_static ... -ldaq_static_modules ...".
+
+This means that when you start snort running, it knows where to
+look for a set of DAQ modules that it loads. This is done with
+with a call to the DAQ routine daq_load_modules().
+
+On Solaris, we do not provide those two static libraries (or their 64-bit
+equivalents). Therefore, by default, a call to daq_load_modules() using
+the dynamic libraries doesn't know where to look for any DAQ modules.
+
+Now you can override this by starting snort with:
+
+ $ sudo /usr/bin/snort --daq-dir /usr/lib/64/daq
+
+ or
+
+ $ sudo /usr/bin/snort -c /etc/snort.conf
+
+or something similar, but that doesn't allow:
+
+ $ sudo /usr/bin/snort
+
+to work, right out of the box, which is what snort users would expect.
+
+To resolve this, at snort initialization time on Solaris, the code has
+been adjusted to specify a single default DAQ module directory:
+
+ /usr/lib/64/daq
+
+
+--- snort-2.9.2/src/snort.c.orig 2013-05-15 11:52:06.640833897 -0700
++++ snort-2.9.2/src/snort.c 2013-05-15 11:58:03.040482526 -0700
+@@ -3677,6 +3677,9 @@
+ {
+ SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig));
+
++ /* Define where to look for DAQ modules. */
++ ConfigDaqDir(sc, "/usr/lib/64/daq");
++
+ sc->pkt_cnt = -1;
+ sc->pkt_snaplen = -1;
+ /*user_id and group_id should be initialized to -1 by default, because
--- a/components/snort/patches/snort.conf.patch Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/patches/snort.conf.patch Fri Jun 14 16:37:38 2013 -0700
@@ -1,159 +1,218 @@
---- etc/snort.conf.orig Wed Mar 11 21:22:03 2009
-+++ etc/snort.conf Wed May 20 15:22:07 2009
-@@ -191,27 +191,27 @@
- # Load all dynamic preprocessors from the install path
- # (same as command line option --dynamic-preprocessor-lib-dir)
+--- snort-2.9.2/etc/snort.conf.orig 2013-05-15 07:26:24.138736340 -0700
++++ snort-2.9.2/etc/snort.conf 2013-05-15 07:36:06.628399989 -0700
+@@ -143,7 +143,7 @@
+ # Configure DAQ related options for inline operation. For more information, see README.daq
#
--dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
-+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
- #
- # Load a specific dynamic preprocessor library from the install path
- # (same as command line option --dynamic-preprocessor-lib)
- #
--# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so
-+# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/libdynamicexample.so
+ # config daq: <type>
+-# config daq_dir: <dir>
++config daq_dir: /usr/lib/64/daq/
+ # config daq_mode: <mode>
+ # config daq_var: <var>
#
- # Load a dynamic engine from the install path
- # (same as command line option --dynamic-engine-lib)
- #
+@@ -217,13 +217,13 @@
+ ###################################################
+
+ # path to dynamic preprocessor libraries
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/
+
+ # path to base preprocessor engine
-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
-+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
- #
- # Load all dynamic rules libraries from the install path
- # (same as command line option --dynamic-detection-lib-dir)
- #
--# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
-+# dynamicdetection directory /usr/lib/snort_dynamicrule/
- #
- # Load a specific dynamic rule library from the install path
- # (same as command line option --dynamic-detection-lib)
- #
--# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so
-+# dynamicdetection file /usr/lib/snort_dynamicrule/libdynamicexamplerule.so
- #
++dynamicengine /usr/lib/64/snort_dynamicengine/libsf_engine.so
+
+ # path to dynamic rules libraries
+-dynamicdetection directory /usr/local/lib/snort_dynamicrules
++dynamicdetection directory /usr/lib/64/snort_dynamicrules
###################################################
-@@ -307,11 +307,11 @@
- # lots of options available here. See doc/README.http_inspect.
- # unicode.map should be wherever your snort.conf lives, or given
- # a full path to where snort can find it.
--preprocessor http_inspect: global \
-- iis_unicode_map unicode.map 1252
-+#preprocessor http_inspect: global \
-+# iis_unicode_map unicode.map 1252
+ # Step #5: Configure preprocessors
+@@ -264,34 +264,34 @@
+ # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
+ # HTTP normalization and anomaly detection. For more information, see README.http_inspect
+-preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
-preprocessor http_inspect_server: server default \
-- profile all ports { 80 8080 8180 } oversize_dir_length 500
+- chunk_length 500000 \
+- server_flow_depth 0 \
+- client_flow_depth 0 \
+- post_depth 65495 \
+- oversize_dir_length 500 \
+- max_header_length 750 \
+- max_headers 100 \
+- ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
+- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+- enable_cookie \
+- extended_response_inspection \
+- inspect_gzip \
+- normalize_utf \
+- unlimited_decompress \
+- apache_whitespace no \
+- ascii no \
+- bare_byte no \
+- directory no \
+- double_decode no \
+- iis_backslash no \
+- iis_delimiter no \
+- iis_unicode no \
+- multi_slash no \
+- utf_8 no \
+- u_encode yes \
+- webroot no
++#preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
+#preprocessor http_inspect_server: server default \
-+# profile all ports { 80 8080 8180 } oversize_dir_length 500
++# chunk_length 500000 \
++# server_flow_depth 0 \
++# client_flow_depth 0 \
++# post_depth 65495 \
++# oversize_dir_length 500 \
++# max_header_length 750 \
++# max_headers 100 \
++# ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
++# non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
++# enable_cookie \
++# extended_response_inspection \
++# inspect_gzip \
++# normalize_utf \
++# unlimited_decompress \
++# apache_whitespace no \
++# ascii no \
++# bare_byte no \
++# directory no \
++# double_decode no \
++# iis_backslash no \
++# iis_delimiter no \
++# iis_unicode no \
++# multi_slash no \
++# utf_8 no \
++# u_encode yes \
++# webroot no
- #
- # Example unique server configuration
-@@ -760,7 +760,7 @@
- # such as: c:\snort\etc\classification.config
- #
+ # ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
+ preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
+@@ -487,8 +487,8 @@
+ # output alert_prelude
+ # metadata reference data. do not modify these lines
-include classification.config
-+#include classification.config
+-include reference.config
++# include classification.config
++# include reference.config
- #
- # Include reference systems
-@@ -768,7 +768,7 @@
- # such as: c:\snort\etc\reference.config
- #
--include reference.config
-+#include reference.config
+ ###################################################
+@@ -499,61 +499,61 @@
+ ###################################################
- ####################################################################
- # Step #5: Configure snort with config statements
-@@ -807,45 +807,45 @@
- # README.alert_order for how rule ordering affects how alerts are triggered.
- #=========================================
+ # site specific rules
+-include $RULE_PATH/local.rules
++# include $RULE_PATH/local.rules
--include $RULE_PATH/local.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/backdoor.rules
-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/blacklist.rules
+-include $RULE_PATH/botnet-cnc.rules
+-include $RULE_PATH/chat.rules
+-include $RULE_PATH/content-replace.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/dos.rules
-include $RULE_PATH/exploit.rules
--include $RULE_PATH/scan.rules
-include $RULE_PATH/finger.rules
-include $RULE_PATH/ftp.rules
--include $RULE_PATH/telnet.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/icmp-info.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/info.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/multimedia.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/other-ids.rules
+-include $RULE_PATH/p2p.rules
+-include $RULE_PATH/phishing-spam.rules
+-include $RULE_PATH/policy.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
-include $RULE_PATH/rpc.rules
-include $RULE_PATH/rservices.rules
--include $RULE_PATH/dos.rules
--include $RULE_PATH/ddos.rules
--include $RULE_PATH/dns.rules
+-include $RULE_PATH/scada.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/shellcode.rules
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/snmp.rules
+-include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/spyware-put.rules
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/telnet.rules
-include $RULE_PATH/tftp.rules
-+# include $RULE_PATH/local.rules
+-include $RULE_PATH/virus.rules
+-include $RULE_PATH/voip.rules
+-include $RULE_PATH/web-activex.rules
+-include $RULE_PATH/web-attacks.rules
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-php.rules
+-include $RULE_PATH/x11.rules
++# include $RULE_PATH/attack-responses.rules
++# include $RULE_PATH/backdoor.rules
+# include $RULE_PATH/bad-traffic.rules
-+# include $RULE_PATH/exploit.rules
-+# include $RULE_PATH/scan.rules
-+# include $RULE_PATH/finger.rules
-+# include $RULE_PATH/ftp.rules
-+# include $RULE_PATH/telnet.rules
-+# include $RULE_PATH/rpc.rules
-+# include $RULE_PATH/rservices.rules
-+# include $RULE_PATH/dos.rules
++# include $RULE_PATH/blacklist.rules
++# include $RULE_PATH/botnet-cnc.rules
++# include $RULE_PATH/chat.rules
++# include $RULE_PATH/content-replace.rules
+# include $RULE_PATH/ddos.rules
+# include $RULE_PATH/dns.rules
-+# include $RULE_PATH/tftp.rules
-
--include $RULE_PATH/web-cgi.rules
--include $RULE_PATH/web-coldfusion.rules
--include $RULE_PATH/web-iis.rules
--include $RULE_PATH/web-frontpage.rules
--include $RULE_PATH/web-misc.rules
--include $RULE_PATH/web-client.rules
--include $RULE_PATH/web-php.rules
-+# include $RULE_PATH/web-cgi.rules
-+# include $RULE_PATH/web-coldfusion.rules
-+# include $RULE_PATH/web-iis.rules
-+# include $RULE_PATH/web-frontpage.rules
-+# include $RULE_PATH/web-misc.rules
-+# include $RULE_PATH/web-client.rules
-+# include $RULE_PATH/web-php.rules
-
--include $RULE_PATH/sql.rules
--include $RULE_PATH/x11.rules
--include $RULE_PATH/icmp.rules
--include $RULE_PATH/netbios.rules
--include $RULE_PATH/misc.rules
--include $RULE_PATH/attack-responses.rules
--include $RULE_PATH/oracle.rules
--include $RULE_PATH/mysql.rules
--include $RULE_PATH/snmp.rules
-+# include $RULE_PATH/sql.rules
-+# include $RULE_PATH/x11.rules
++# include $RULE_PATH/dos.rules
++# include $RULE_PATH/exploit.rules
++# include $RULE_PATH/finger.rules
++# include $RULE_PATH/ftp.rules
+# include $RULE_PATH/icmp.rules
-+# include $RULE_PATH/netbios.rules
++# include $RULE_PATH/icmp-info.rules
++# include $RULE_PATH/imap.rules
++# include $RULE_PATH/info.rules
+# include $RULE_PATH/misc.rules
-+# include $RULE_PATH/attack-responses.rules
-+# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/multimedia.rules
+# include $RULE_PATH/mysql.rules
-+# include $RULE_PATH/snmp.rules
-
--include $RULE_PATH/smtp.rules
--include $RULE_PATH/imap.rules
--include $RULE_PATH/pop2.rules
--include $RULE_PATH/pop3.rules
-+# include $RULE_PATH/smtp.rules
-+# include $RULE_PATH/imap.rules
++# include $RULE_PATH/netbios.rules
++# include $RULE_PATH/nntp.rules
++# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/other-ids.rules
++# include $RULE_PATH/p2p.rules
++# include $RULE_PATH/phishing-spam.rules
++# include $RULE_PATH/policy.rules
+# include $RULE_PATH/pop2.rules
+# include $RULE_PATH/pop3.rules
++# include $RULE_PATH/rpc.rules
++# include $RULE_PATH/rservices.rules
++# include $RULE_PATH/scada.rules
++# include $RULE_PATH/scan.rules
++# include $RULE_PATH/shellcode.rules
++# include $RULE_PATH/smtp.rules
++# include $RULE_PATH/snmp.rules
++# include $RULE_PATH/specific-threats.rules
++# include $RULE_PATH/spyware-put.rules
++# include $RULE_PATH/sql.rules
++# include $RULE_PATH/telnet.rules
++# include $RULE_PATH/tftp.rules
++# include $RULE_PATH/virus.rules
++# include $RULE_PATH/voip.rules
++# include $RULE_PATH/web-activex.rules
++# include $RULE_PATH/web-attacks.rules
++# include $RULE_PATH/web-cgi.rules
++# include $RULE_PATH/web-client.rules
++# include $RULE_PATH/web-coldfusion.rules
++# include $RULE_PATH/web-frontpage.rules
++# include $RULE_PATH/web-iis.rules
++# include $RULE_PATH/web-misc.rules
++# include $RULE_PATH/web-php.rules
++# include $RULE_PATH/x11.rules
--include $RULE_PATH/nntp.rules
--include $RULE_PATH/other-ids.rules
-+# include $RULE_PATH/nntp.rules
-+# include $RULE_PATH/other-ids.rules
- # include $RULE_PATH/web-attacks.rules
- # include $RULE_PATH/backdoor.rules
- # include $RULE_PATH/shellcode.rules
-@@ -859,7 +859,7 @@
- # include $RULE_PATH/p2p.rules
- # include $RULE_PATH/spyware-put.rules
- # include $RULE_PATH/specific-threats.rules
--include $RULE_PATH/experimental.rules
-+# include $RULE_PATH/experimental.rules
-
- # include $PREPROC_RULE_PATH/preprocessor.rules
- # include $PREPROC_RULE_PATH/decoder.rules
+ ###################################################
+ # Step #8: Customize your preprocessor and decoder alerts
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/patches/solaris-build.patch Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,86 @@
+This patch does three things:
+
+1/ Uses gethrtime() rather than trying to read the %tick register (the
+ latter has issues in MP environments)
+2/ Allows Studio to compile in 64-bit and normal optimization.
+3/ Removed the need to define lines like "CFLAGS += -Du_int8_t=uint8_t"
+ in the snort component Makefile.
+
+It has been sent upstream for consideration by the snort maintainers for
+a future release.
+
+--- snort-2.9.2/configure.in.orig 2013-06-04 14:05:22.814684109 -0700
++++ snort-2.9.2/configure.in 2013-06-04 14:41:42.703306013 -0700
+@@ -686,27 +686,8 @@
+ AC_MSG_RESULT(no)
+ fi
+
+-# check for sparc %time register
+-if eval "echo $host_cpu|grep -i sparc >/dev/null"; then
+- OLD_CFLAGS="$CFLAGS"
+- CFLAGS="$CFLAGS -mcpu=v9 "
+- AC_MSG_CHECKING([for sparc %time register])
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[]],
+- [[
+- int val;
+- __asm__ __volatile__("rd %%tick, %0" : "=r"(val));
+- ]])],
+- [sparcv9="yes"],
+- [sparcv9="no"])
+- AC_MSG_RESULT($sparcv9)
+- if test "x$sparcv9" = "xyes"; then
+- AC_DEFINE([SPARCV9],[1],[For sparc v9 with %time register])
+- else
+- CFLAGS="$OLD_CFLAGS"
+- fi
+-fi
++# Check for the presence of the Solaris gethrtime routine.
++AC_CHECK_FUNCS(gethrtime)
+
+ # modified from gnulib/m4/visibility.m4
+ AC_DEFUN([CC_VISIBILITY],
+--- snort-2.9.2/src/cpuclock.h.orig 2013-06-04 12:30:59.362777817 -0700
++++ snort-2.9.2/src/cpuclock.h 2013-06-04 14:19:42.869930833 -0700
+@@ -83,26 +83,15 @@
+ val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \
+ }
+ #else
+-/* SPARC */
+-#ifdef SPARCV9
+-#ifdef _LP64
++/* SOLARIS */
++#ifdef HAVE_GETHRTIME
+ #define get_clockticks(val) \
+ { \
+- __asm__ __volatile__("rd %%tick, %0" : "=r"(val)); \
++ val = gethrtime(); \
+ }
+ #else
+-#define get_clockticks(val) \
+-{ \
+- uint32_t a, b; \
+- __asm__ __volatile__("rd %%tick, %0\n" \
+- "srlx %0, 32, %1" \
+- : "=r"(a), "=r"(b)); \
+- val = ((uint64_t)a) | (((uint64_t)b) << 32); \
+-}
+-#endif /* _LP64 */
+-#else
+ #define get_clockticks(val)
+-#endif /* SPARC */
++#endif /* HAVE_GETTHRTIME */
+ #endif /* POWERPC || PPC */
+ #endif /* IA64 && HPUX */
+ #endif /* IA64 && GNUC */
+--- snort-2.9.2/src/sfutil/sf_ip.h.orig 2013-06-04 12:33:38.923475148 -0700
++++ snort-2.9.2/src/sfutil/sf_ip.h 2013-06-04 12:33:52.951704625 -0700
+@@ -38,6 +38,7 @@
+ #endif
+
+ #include "snort_debug.h" /* for inline definition */
++#include "sf_types.h"
+
+ /* define SFIP_ROBUST to check pointers passed into the sfip libs.
+ * Robustification should not be enabled if the client code is trustworthy.
--- a/components/snort/resolve.deps Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/resolve.deps Fri Jun 14 16:37:38 2013 -0700
@@ -1,7 +1,10 @@
library/pcre
+library/zlib
shell/ksh93
system/core-os
system/library
+system/library/libdaq
+system/library/libdnet
system/library/libpcap
system/library/math
system/linker
--- a/components/snort/snort.p5m Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/snort.p5m Fri Jun 14 16:37:38 2013 -0700
@@ -22,47 +22,174 @@
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
-
-set name=pkg.fmri value=pkg:/diagnostic/snort@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.fmri \
+ value=pkg:/diagnostic/snort@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
set name=pkg.summary value="snort - Network Intrusion and Protection Detector"
-set name=com.oracle.info.description value="snort, the network intrusion and protection detector"
+set name=com.oracle.info.description \
+ value="snort, the network intrusion and protection detector"
set name=com.oracle.info.tpno value=9027
-set name=info.classification value="org.opensolaris.category.2008:Applications/Internet"
-set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid \
- value=PSARC/2009/256
+set name=info.classification \
+ value=org.opensolaris.category.2008:Applications/Internet
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
+set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
+set name=org.opensolaris.arc-caseid value=PSARC/2009/256 value=PSARC/2013/113
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-
-license snort.license license="GPLv2, BSD, LGPLv2.1"
-
file path=etc/attribute_table.dtd
-file path=etc/classification.config mode=0644 overlay=allow preserve=renamenew \
- original_name=SUNWsnort:etc/classification.config
+file path=etc/classification.config mode=0644 \
+ original_name=SUNWsnort:etc/classification.config overlay=allow \
+ preserve=renamenew
file path=etc/gen-msg.map
-file path=etc/reference.config mode=0644 overlay=allow preserve=renamenew \
- original_name=SUNWsnort:etc/reference.config
+file path=etc/reference.config mode=0644 \
+ original_name=SUNWsnort:etc/reference.config overlay=allow \
+ preserve=renamenew
file Solaris/auth_attr path=etc/security/auth_attr.d/snort
file Solaris/exec_attr path=etc/security/exec_attr.d/snort
-file path=etc/snort.conf mode=0644 overlay=allow preserve=renamenew \
- original_name=SUNWsnort:etc/snort.conf
-file path=etc/threshold.conf mode=0644 overlay=allow preserve=renamenew \
- original_name=SUNWsnort:etc/threshold.conf
+file path=etc/snort.conf mode=0644 original_name=SUNWsnort:etc/snort.conf \
+ overlay=allow preserve=renamenew
+file path=etc/threshold.conf mode=0644 \
+ original_name=SUNWsnort:etc/threshold.conf overlay=allow preserve=renamenew
file path=etc/unicode.map
file Solaris/snort.xml path=lib/svc/manifest/network/snort.xml
file Solaris/snortd path=lib/svc/method/snortd
-file path=usr/bin/snort
-file path=usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
-file \
- path=usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0
+file usr/bin/$(MACH64)/snort path=usr/bin/snort
+file path=usr/include/snort/dynamic_preproc/attribute_table_api.h
+file path=usr/include/snort/dynamic_preproc/bitop.h
+file path=usr/include/snort/dynamic_preproc/cpuclock.h
+file path=usr/include/snort/dynamic_preproc/idle_processing.h
+file path=usr/include/snort/dynamic_preproc/ipv6_port.h
+file path=usr/include/snort/dynamic_preproc/mempool.h
+file path=usr/include/snort/dynamic_preproc/obfuscation.h
+file path=usr/include/snort/dynamic_preproc/preprocids.h
+file path=usr/include/snort/dynamic_preproc/profiler.h
+file path=usr/include/snort/dynamic_preproc/segment_mem.h
+file path=usr/include/snort/dynamic_preproc/sfPolicy.h
+file path=usr/include/snort/dynamic_preproc/sfPolicyUserData.h
+file path=usr/include/snort/dynamic_preproc/sf_decompression.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_common.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_define.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_engine.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_meta.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_preproc_lib.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_preprocessor.h
+file path=usr/include/snort/dynamic_preproc/sf_ip.h
+file path=usr/include/snort/dynamic_preproc/sf_preproc_info.h
+file path=usr/include/snort/dynamic_preproc/sf_protocols.h
+file path=usr/include/snort/dynamic_preproc/sf_sdlist_types.h
+file path=usr/include/snort/dynamic_preproc/sf_snort_packet.h
+file path=usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
+file path=usr/include/snort/dynamic_preproc/sfcommon.h
+file path=usr/include/snort/dynamic_preproc/sfcontrol.h
+file path=usr/include/snort/dynamic_preproc/sfrt.h
+file path=usr/include/snort/dynamic_preproc/sfrt_dir.h
+file path=usr/include/snort/dynamic_preproc/sfrt_flat.h
+file path=usr/include/snort/dynamic_preproc/sfrt_flat_dir.h
+file path=usr/include/snort/dynamic_preproc/sfrt_trie.h
+file path=usr/include/snort/dynamic_preproc/snort_bounds.h
+file path=usr/include/snort/dynamic_preproc/snort_debug.h
+file path=usr/include/snort/dynamic_preproc/ssl.h
+file path=usr/include/snort/dynamic_preproc/str_search.h
+file path=usr/include/snort/dynamic_preproc/stream_api.h
+file Solaris/snort.pc path=usr/lib/$(MACH64)/pkgconfig/snort.pc
+file Solaris/snort_preproc.pc path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc
+#
+link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so \
+ target=libsf_engine.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so.0 \
+ target=libsf_engine.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dce2_preproc.so \
+ target=libsf_dce2_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0 \
+ target=libsf_dce2_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dnp3_preproc.so \
+ target=libsf_dnp3_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0 \
+ target=libsf_dnp3_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dns_preproc.so \
+ target=libsf_dns_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dns_preproc.so.0 \
+ target=libsf_dns_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
+#
+link \
+ path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so \
+ target=libsf_ftptelnet_preproc.so.0.0.0
+link \
+ path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 \
+ target=libsf_ftptelnet_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_gtp_preproc.so \
+ target=libsf_gtp_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0 \
+ target=libsf_gtp_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_imap_preproc.so \
+ target=libsf_imap_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_imap_preproc.so.0 \
+ target=libsf_imap_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_modbus_preproc.so \
+ target=libsf_modbus_preproc.so.0.0.0
+link \
+ path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0 \
+ target=libsf_modbus_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_pop_preproc.so \
+ target=libsf_pop_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_pop_preproc.so.0 \
+ target=libsf_pop_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
+#
+link \
+ path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_reputation_preproc.so \
+ target=libsf_reputation_preproc.so.0.0.0
+link \
+ path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0 \
+ target=libsf_reputation_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sdf_preproc.so \
+ target=libsf_sdf_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0 \
+ target=libsf_sdf_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sip_preproc.so \
+ target=libsf_sip_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sip_preproc.so.0 \
+ target=libsf_sip_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_smtp_preproc.so \
+ target=libsf_smtp_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 \
+ target=libsf_smtp_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssh_preproc.so \
+ target=libsf_ssh_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0 \
+ target=libsf_ssh_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssl_preproc.so \
+ target=libsf_ssl_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0 \
+ target=libsf_ssl_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
+#
+# Directory for containing dynamic rules libraries.
+dir path=usr/lib/$(MACH64)/snort_dynamicrules
+#
file path=usr/share/doc/snort/AUTHORS
file path=usr/share/doc/snort/BUGS
file path=usr/share/doc/snort/CREDITS
@@ -71,82 +198,57 @@
file path=usr/share/doc/snort/PROBLEMS
file path=usr/share/doc/snort/README
file path=usr/share/doc/snort/README.ARUBA
-file path=usr/share/doc/snort/README.FLEXRESP
-file path=usr/share/doc/snort/README.FLEXRESP2
-file path=usr/share/doc/snort/README.INLINE
+file path=usr/share/doc/snort/README.GTP
file path=usr/share/doc/snort/README.PLUGINS
file path=usr/share/doc/snort/README.PerfProfiling
file path=usr/share/doc/snort/README.SMTP
file path=usr/share/doc/snort/README.UNSOCK
+file path=usr/share/doc/snort/README.WIN32
+file path=usr/share/doc/snort/README.active
file path=usr/share/doc/snort/README.alert_order
file path=usr/share/doc/snort/README.asn1
+file path=usr/share/doc/snort/README.counts
file path=usr/share/doc/snort/README.csv
+file path=usr/share/doc/snort/README.daq
file path=usr/share/doc/snort/README.database
-file path=usr/share/doc/snort/README.dcerpc
file path=usr/share/doc/snort/README.dcerpc2
file path=usr/share/doc/snort/README.decode
file path=usr/share/doc/snort/README.decoder_preproc_rules
+file path=usr/share/doc/snort/README.dnp3
file path=usr/share/doc/snort/README.dns
file path=usr/share/doc/snort/README.event_queue
+file path=usr/share/doc/snort/README.filters
file path=usr/share/doc/snort/README.flowbits
file path=usr/share/doc/snort/README.frag3
file path=usr/share/doc/snort/README.ftptelnet
file path=usr/share/doc/snort/README.gre
file path=usr/share/doc/snort/README.http_inspect
+file path=usr/share/doc/snort/README.imap
file path=usr/share/doc/snort/README.ipip
file path=usr/share/doc/snort/README.ipv6
+file path=usr/share/doc/snort/README.modbus
+file path=usr/share/doc/snort/README.multipleconfigs
+file path=usr/share/doc/snort/README.normalize
file path=usr/share/doc/snort/README.pcap_readmode
+file path=usr/share/doc/snort/README.pop
file path=usr/share/doc/snort/README.ppm
+file path=usr/share/doc/snort/README.reload
+file path=usr/share/doc/snort/README.reputation
+file path=usr/share/doc/snort/README.rzb_saac
+file path=usr/share/doc/snort/README.sensitive_data
file path=usr/share/doc/snort/README.sfportscan
+file path=usr/share/doc/snort/README.sip
file path=usr/share/doc/snort/README.ssh
file path=usr/share/doc/snort/README.ssl
file path=usr/share/doc/snort/README.stream5
file path=usr/share/doc/snort/README.tag
file path=usr/share/doc/snort/README.thresholding
+file path=usr/share/doc/snort/README.u2boat
file path=usr/share/doc/snort/README.variables
-file path=usr/share/doc/snort/README.wireless
+file path=usr/share/doc/snort/TODO
file path=usr/share/doc/snort/USAGE
+file path=usr/share/doc/snort/WISHLIST
file path=usr/share/doc/snort/generators
file usr/share/man/man8/snort.8 path=usr/share/man/man1m/snort.1m
-link path=usr/lib/snort_dynamicengine/libsf_engine.so \
- target=libsf_engine.so.0.0.0
-link path=usr/lib/snort_dynamicengine/libsf_engine.so.0 \
- target=libsf_engine.so.0.0.0
-link \
- path=usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so \
- target=lib_sfdynamic_preprocessor_example.so.0.0.0
-link \
- path=usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0 \
- target=lib_sfdynamic_preprocessor_example.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so \
- target=libsf_dce2_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0 \
- target=libsf_dce2_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so \
- target=libsf_dcerpc_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0 \
- target=libsf_dcerpc_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so \
- target=libsf_dns_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0 \
- target=libsf_dns_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so \
- target=libsf_ftptelnet_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 \
- target=libsf_ftptelnet_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so \
- target=libsf_smtp_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 \
- target=libsf_smtp_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so \
- target=libsf_ssh_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0 \
- target=libsf_ssh_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so \
- target=libsf_ssl_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0 \
- target=libsf_ssl_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so \
- target=lib_sfdynamic_example_rule.so.0.0.0
-link path=usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0 \
- target=lib_sfdynamic_example_rule.so.0.0.0
+dir path=var/log/snort owner=noaccess group=noaccess
+license snort.license license="GPLv2, BSD, LGPLv2.1"