Re: [oe] [meta-oe][PATCH 1/4] snort: add recipe

[Paul Eggleton]

Hi Chunrong,

On Monday 26 August 2013 11:15:39 b40...@freescale.com wrote:
 From: Chunrong Guo b40...@freescale.com
 
*snort - a free lightweight network intrusion detection
  system for UNIX and Windows

I have to admit I thought this was something that mulhern was working on - is 
that correct mulhern?

In any case I think this would probably be something best put into meta-
security [1].

Cheers,
Paul

[1] http://layers.openembedded.org/layerindex/layer/meta-security/

-- 

Paul Eggleton
Intel Open Source Technology Centre
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH 1/4] snort: add recipe

[b40290]

From: Chunrong Guo b40...@freescale.com

   *snort - a free lightweight network intrusion detection
 system for UNIX and Windows

Signed-off-by: Chunrong Guo b40...@freescale.com
---
 meta-oe/recipes-connectivity/snort/files/default   |   42 ++
 .../snort/files/disable-dap-address-space-id.patch |   52 +++
 .../snort/files/disable-inaddr-none.patch  |   75 
 meta-oe/recipes-connectivity/snort/files/logrotate |   12 +
 .../recipes-connectivity/snort/files/snort.init|  425 
 meta-oe/recipes-connectivity/snort/files/volatiles |2 +
 .../recipes-connectivity/snort/snort_2.9.4.6.bb|   88 
 7 files changed, 696 insertions(+), 0 deletions(-)
 create mode 100644 meta-oe/recipes-connectivity/snort/files/default
 create mode 100644 
meta-oe/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
 create mode 100644 
meta-oe/recipes-connectivity/snort/files/disable-inaddr-none.patch
 create mode 100644 meta-oe/recipes-connectivity/snort/files/logrotate
 create mode 100755 meta-oe/recipes-connectivity/snort/files/snort.init
 create mode 100644 meta-oe/recipes-connectivity/snort/files/volatiles
 create mode 100644 meta-oe/recipes-connectivity/snort/snort_2.9.4.6.bb

diff --git a/meta-oe/recipes-connectivity/snort/files/default 
b/meta-oe/recipes-connectivity/snort/files/default
new file mode 100644
index 000..afd3840
--- /dev/null
+++ b/meta-oe/recipes-connectivity/snort/files/default
@@ -0,0 +1,42 @@
+# Parameters for the daemon
+# Add any additional parameteres here.
+PARAMS=-m 027 -D -d 
+#
+# Snort user
+# This user will be used to launch snort. Notice that the 
+# preinst script of the package might do changes to the user 
+# (home directory, User Name) when the package is upgraded or
+# reinstalled.  So, do *not* change this to 'root' or to any other user 
+# unless you are sure there is no problem with those changes being introduced.
+# 
+SNORTUSER=snort
+#
+# Logging directory
+# Snort logs will be dropped here and this will be the home
+# directory for the SNORTUSER. If you change this value you should
+# change the /etc/logrotate.d/snort definition too, otherwise logs
+# will not be rotated properly.
+#
+LOGDIR=/var/log/snort
+#
+# Snort group
+# This is the group that the snort user will be added to.
+#
+SNORTGROUP=snort
+# 
+# Allow Snort's init.d script to work if the configured interfaces
+# are not available. Set this to yes if you configure Snort with
+# multiple interfaces but some might not be available on boot
+# (e.g. wireless interfaces)
+# 
+# Note: In order for this to work the 'iproute' package needs to 
+# be installed.
+ALLOW_UNAVAILABLE=no
+
+# Local configs
+#
+LOCAL_SNORT_STARTUP=boot
+LOCAL_SNORT_HOME_NET=192.168.0.0/16
+LOCAL_SNORT_INTERFACE=
+LOCAL_SNORT_STATS_RCPT=root
+LOCAL_SNORT_STATS_THRESHOLD=1
diff --git 
a/meta-oe/recipes-connectivity/snort/files/disable-dap-address-space-id.patch 
b/meta-oe/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
new file mode 100644
index 000..39e5c9c
--- /dev/null
+++ 
b/meta-oe/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
@@ -0,0 +1,52 @@
+Upstream-Status:Inappropriate [embedded specific]
+
+fix the below error:
+checking for dap address space id... configure: 
+configure: error: cannot run test program while cross compiling
+
+
+Signed-off-by: Chunrong Guo b40...@freescale.com
+
+--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
 b/configure.in 2013-08-23 00:07:32.860266534 -0500
+@@ -679,23 +679,23 @@
+ 
+ AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
+ 
+-AC_MSG_CHECKING([for daq address space ID])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include daq.h
+-]],
+-[[
+-   DAQ_PktHdr_t hdr;
+-   hdr.address_space_id = 0;
+-]])],
+-[have_daq_address_space_id=yes],
+-[have_daq_address_space_id=no])
+-AC_MSG_RESULT($have_daq_address_space_id)
+-if test x$have_daq_address_space_id = xyes; then
+-AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
+-[DAQ version supports address space ID in header.])
+-fi
++#AC_MSG_CHECKING([for daq address space ID])
++#AC_RUN_IFELSE(
++#[AC_LANG_PROGRAM(
++#[[
++##include daq.h
++#]],
++#[[
++#   DAQ_PktHdr_t hdr;
++#   hdr.address_space_id = 0;
++#]])],
++have_daq_address_space_id=yes
++#[have_daq_address_space_id=no])
++#AC_MSG_RESULT($have_daq_address_space_id)
++#if test x$have_daq_address_space_id = xyes; then
++#AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
++#[DAQ version supports address space ID in header.])
++#fi
+ 
+ # any sparc platform has to have this one defined.
+ AC_MSG_CHECKING(for sparc)
diff --git a/meta-oe/recipes-connectivity/snort/files/disable-inaddr-none.patch 
b/meta-oe/recipes-connectivity/snort/files/disable-inaddr-none.patch
new file mode 100644
index 000..9dafe63
--- /dev/null
+++ b/meta-oe/recipes-connectivity/snort/files/disable-inaddr-none.patch
@@ -0,0 +1,75 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+fix the