freebsd snorters: ports version for snort 2.9.0.3 that includes snortsam option available for testing

[Michael Scheidell <michael.scheidell () secnap com>]

Unofficial ports version, no warranties, or rights claimed or offered.
includes patches to change snort to snortsam.  patches seem to install, 
patch cleanly and run.
requires daq 0.5_1 or greater.

http://www.freebsd.org/cgi/query-pr.cgi?pr=154404
may or may not be in ports tree.  without patch daq-var buffer_size is 
ignored.

seems to work:
2011/01/31, 10:19:50, -, 1, snortsam, Starting to listen for Snort alerts.
2011/01/31, 10:27:03, 127.0.0.1, 2, snortsam, Blocking host 
202.109.115.169 completely for 86400 seconds (Sig_ID: 2012204).
2011/01/31, 10:40:23, 127.0.0.1, 2, snortsam, Blocking host 
201.83.154.69 completely for 86400 seconds (Sig_ID: 2010935).

instructions:
download and apply patch in
http://www.freebsd.org/cgi/query-pr.cgi?pr=154404
upgrade daq using 0.5_1

cd /usr/ports/security/snort
rm -rf *

put this tarball into /tmp
<https://secure.filesanywhere.com/fs/v.aspx?v=8a6a6a8f5c656daf9ea6>

make sure you check your config/options, if you used another unofficial 
port you will notice it changed.
this port differs from official 2.8.6.1 in that:
1) it is based on 2.9.0.3
2) assumes dynamicplugin engine (I could not get it to compile 
otherwise).  patches to fix that requested if there is any reason.
3) I made some assumptions on basic ./configure options, many others are 
included as options.

CONFIGURE_ARGS+=        --enable-dynamicplugin 
--enable-build-dynamic-examples \
                         --enable-reload --disable-corefiles

this makefile is based on one from pr: dean Freeman's patches here:
<http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/153998>

changes to THAT makefile include (unofficial) snortsam support, pkg will 
build, and uninstall without deleting critical files, and (for now) 
since you are deleting /usr/ports/security/snort, it is not a PATCH 
against 2.8.6.1, but just a new port.  it also requires daq 0.5_1 (daq 
0.5 patch 1) or greater.

note: again, this is NOT the official freebsd port, not officially 
endorsed by sourcefire, frank knobbe, or obama, not officially supported 
by SECNAP, employees, investors, clients, cleaning crew or marketing 
department.

use at your own risk, since the official freebsd port may differ in 
random and arbitrary ways.  Your mileage may very.


-- 
Michael Scheidell, officially, not official anything for this post or port
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users