This diff adds an rc.d script for Snort.
It also modifies the pkg/README file to mention the rc.d script, and
adds a note that rules need to be present in /etc/snort/rules for Snort
to work as an IDS (since `/etc/rc.d/snort start` will fail if rules
don't exist in that directory).
Looking for comments/OKs.
Lawrence
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.69
diff -u -p -r1.69 Makefile
--- Makefile 28 Sep 2012 19:30:54 -0000 1.69
+++ Makefile 2 Oct 2012 02:12:37 -0000
@@ -5,6 +5,7 @@ SHARED_ONLY = Yes
COMMENT = highly flexible sniffer/NIDS
DISTNAME = snort-2.9.3.1
+REVISION = 0
CATEGORIES = net security
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PLIST,v
retrieving revision 1.21
diff -u -p -r1.21 PLIST
--- pkg/PLIST 26 Sep 2012 02:11:05 -0000 1.21
+++ pkg/PLIST 2 Oct 2012 02:12:37 -0000
@@ -143,3 +143,4 @@ share/examples/snort/unicode.map
@group _snort
@sample /var/snort/
@sample /var/snort/log/
+@rcscript ${RCDIR}/snort
Index: pkg/README
===================================================================
RCS file: /cvs/ports/net/snort/pkg/README,v
retrieving revision 1.1
diff -u -p -r1.1 README
--- pkg/README 26 Sep 2012 02:11:05 -0000 1.1
+++ pkg/README 2 Oct 2012 02:14:41 -0000
@@ -6,11 +6,11 @@ $OpenBSD: README,v 1.1 2012/09/26 02:11:
An up-to-date set of rules is needed for Snort to be useful as an IDS.
These can be downloaded manually or net/oinkmaster can be used to
-download the latest rules from several different sources.
+download the latest rules from several different sources. By default,
+these rules are expected to be present in the ${SYSCONFDIR}/snort/rules
+directory as defined by RULE_PATH in ${SYSCONFDIR}/snort/snort.conf.
It is recommended that snort be run as an unprivileged chrooted user.
A _snort user/group and a log directory have been created for this
-purpose. You should start snort with the following options to take
-advantage of this:
-
- -c /etc/snort/snort.conf -u _snort -g _snort -t /var/snort -l /var/snort/log
+purpose. You should start snort with the ${RCDIR}/snort script to take
+advantage of this.
Index: pkg/snort.rc
===================================================================
RCS file: pkg/snort.rc
diff -N pkg/snort.rc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/snort.rc 2 Oct 2012 02:12:37 -0000
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# $OpenBSD$
+
+daemon="${TRUEPREFIX}/bin/snort"
+daemon_flags="-c ${SYSCONFDIR}/snort/snort.conf -u _snort -g _snort -t
/var/snort -l /var/snort/log -D"
+
+. /etc/rc.d/rc.subr
+
+pexp="${daemon} ${daemon_flags}"
+
+rc_cmd $1
