diff options
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-connectivity/snort')
9 files changed, 573 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-fix-do_package-failed-since-snort-2.9.7.0.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-fix-do_package-failed-since-snort-2.9.7.0.patch new file mode 100644 index 000000000..047caec32 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-fix-do_package-failed-since-snort-2.9.7.0.patch @@ -0,0 +1,33 @@ +From 4335c4c61877c0b65ff4ec767e8ad3ad8c73c32d Mon Sep 17 00:00:00 2001 +From: Zhiquan Li <zhiquan.li@windriver.com> +Date: Fri, 13 Nov 2015 17:40:24 +0800 +Subject: [PATCH] fix do_package failed since snort 2.9.7.0 + +Remove redundant '/' as a workround for below error: +/lib/rpm/bin/debugedit: canonicalization unexpectedly shrank by one character + +It's a rpm debugedit bug: +* http://sourceforge.net/p/snort/mailman/message/34130268/ +* https://bugzilla.redhat.com/show_bug.cgi?id=304121 + +Upstream-Status:Inappropriate [embedded specific] + +Signed-off-by: Zhiquan Li <zhiquan.li@windriver.com> + +--- + src/snort.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/snort.h b/src/snort.h +index 8308e57..499d157 100644 +--- a/src/snort.h ++++ b/src/snort.h +@@ -39,7 +39,7 @@ + #include "sfdaq.h" + #include "sf_types.h" + #include "sfutil/sflsq.h" +-#include "sfutil//sfActionQueue.h" ++#include "sfutil/sfActionQueue.h" + #include "profiler.h" + #include "rules.h" + #include "treenodes.h" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-libpcap-search-sysroot-for-headers.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-libpcap-search-sysroot-for-headers.patch new file mode 100644 index 000000000..2e28cd048 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-libpcap-search-sysroot-for-headers.patch @@ -0,0 +1,29 @@ +From 5875dea90f71350b7205788fbc67e3759077cefe Mon Sep 17 00:00:00 2001 +From: Joe MacDonald <joe@deserted.net> +Date: Wed, 20 Nov 2013 16:06:07 -0500 +Subject: [PATCH] libpcap: search sysroot for headers + +Configure hard-coded host header paths when building with libpcap. Point +the search path at the sysroot instead. + +Upstream-Status: Pending + +Signed-off-by: Joe MacDonald <joe@deserted.net> + +--- + configure.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.in b/configure.in +index 62573a8..fded45b 100644 +--- a/configure.in ++++ b/configure.in +@@ -69,7 +69,7 @@ case "$host" in + linux="yes" + AC_DEFINE([LINUX],[1],[Define if Linux]) + AC_SUBST(extra_incl) +- extra_incl="-I/usr/include/pcap" ++ extra_incl="-I=/usr/include/pcap" + ;; + *-hpux10*|*-hpux11*) + AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11]) diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-dap-address-space-id.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-dap-address-space-id.patch new file mode 100644 index 000000000..6aa0b736f --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-dap-address-space-id.patch @@ -0,0 +1,62 @@ +From 5a53260a819e2873f58165e96852529719101c53 Mon Sep 17 00:00:00 2001 +From: Chunrong Guo <B40290@freescale.com> +Date: Mon, 4 Nov 2013 10:39:56 +0800 +Subject: [PATCH] snort: add recipe + +Upstream-Status:Inappropriate [embedded specific] + +fix the below error: +checking for dap address space id... configure: +configure: error: cannot run test program while cross compiling + +Signed-off-by: Chunrong Guo <B40290@freescale.com> + +--- + configure.in | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/configure.in b/configure.in +index 6fe5d68..e7636ce 100644 +--- a/configure.in ++++ b/configure.in +@@ -698,23 +698,23 @@ if test "x$ac_cv_func_daq_dp_add_dc" = "xyes"; then + + fi + +-AC_MSG_CHECKING([for daq address space ID]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.address_space_id = 0; +-]])], +-[have_daq_address_space_id="yes"], +-[have_daq_address_space_id="no"]) +-AC_MSG_RESULT($have_daq_address_space_id) +-if test "x$have_daq_address_space_id" = "xyes"; then +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], +- [DAQ version supports address space ID in header.]) +-fi ++#AC_MSG_CHECKING([for daq address space ID]) ++#AC_RUN_IFELSE( ++#[AC_LANG_PROGRAM( ++#[[ ++##include <daq.h> ++#]], ++#[[ ++# DAQ_PktHdr_t hdr; ++# hdr.address_space_id = 0; ++#]])], ++have_daq_address_space_id="yes" ++#[have_daq_address_space_id="no"]) ++#AC_MSG_RESULT($have_daq_address_space_id) ++#if test "x$have_daq_address_space_id" = "xyes"; then ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], ++# [DAQ version supports address space ID in header.]) ++#fi + + AC_MSG_CHECKING([for daq flow ID]) + AC_RUN_IFELSE( diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-daq-flow-id.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-daq-flow-id.patch new file mode 100644 index 000000000..04df37c94 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-daq-flow-id.patch @@ -0,0 +1,60 @@ +From 5aa42a3137c657b5eddd4608343aa1854bd7cd27 Mon Sep 17 00:00:00 2001 +From: Zhiquan Li <zhiquan.li@windriver.com> +Date: Mon, 16 Nov 2015 10:23:00 +0800 +Subject: [PATCH] snort: 2.9.6.0 -> 2.9.7.5 + +Upstream-Status:Inappropriate [embedded specific] + +fix the below error: +checking for daq flow ID... configure: +configure: error: cannot run test program while cross compiling + +--- + configure.in | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/configure.in b/configure.in +index e7636ce..2fbd298 100644 +--- a/configure.in ++++ b/configure.in +@@ -716,23 +716,23 @@ have_daq_address_space_id="yes" + # [DAQ version supports address space ID in header.]) + #fi + +-AC_MSG_CHECKING([for daq flow ID]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.flow_id = 0; +-]])], +-[have_daq_flow_id="yes"], +-[have_daq_flow_id="no"]) +-AC_MSG_RESULT($have_daq_flow_id) +-if test "x$have_daq_flow_id" = "xyes"; then +- AC_DEFINE([HAVE_DAQ_FLOW_ID],[1], +- [DAQ version supports flow ID in header.]) +-fi ++#AC_MSG_CHECKING([for daq flow ID]) ++#AC_RUN_IFELSE( ++#[AC_LANG_PROGRAM( ++#[[ ++##include <daq.h> ++#]], ++#[[ ++# DAQ_PktHdr_t hdr; ++# hdr.flow_id = 0; ++#]])], ++have_daq_flow_id="yes" ++#[have_daq_flow_id="no"]) ++#AC_MSG_RESULT($have_daq_flow_id) ++#if test "x$have_daq_flow_id" = "xyes"; then ++# AC_DEFINE([HAVE_DAQ_FLOW_ID],[1], ++# [DAQ version supports flow ID in header.]) ++#fi + + AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) + AC_RUN_IFELSE( diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-daq-verdict-retry.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-daq-verdict-retry.patch new file mode 100644 index 000000000..15958a72d --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-daq-verdict-retry.patch @@ -0,0 +1,60 @@ +From b916443d43f2e1eeacfbed0033274a0270ef634d Mon Sep 17 00:00:00 2001 +From: Zhiquan Li <zhiquan.li@windriver.com> +Date: Mon, 16 Nov 2015 10:23:00 +0800 +Subject: [PATCH] snort: 2.9.6.0 -> 2.9.7.5 + +Upstream-Status:Inappropriate [embedded specific] + +fix the below error: +checking for DAQ_VERDICT_RETRY... configure: +configure: error: cannot run test program while cross compiling + +--- + configure.in | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/configure.in b/configure.in +index 2fbd298..62573a8 100644 +--- a/configure.in ++++ b/configure.in +@@ -734,23 +734,23 @@ have_daq_flow_id="yes" + # [DAQ version supports flow ID in header.]) + #fi + +-AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_Verdict verdict; +- verdict = DAQ_VERDICT_RETRY; +-]])], +-[have_daq_verdict_retry="yes"], +-[have_daq_verdict_retry="no"]) +-AC_MSG_RESULT($have_daq_verdict_retry) +-if test "x$have_daq_verdict_retry" = "xyes"; then +- AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1], +- [DAQ version supports DAQ_VERDICT_RETRY in DAQ_Verdict.]) +-fi ++#AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) ++#AC_RUN_IFELSE( ++#[AC_LANG_PROGRAM( ++#[[ ++##include <daq.h> ++#]], ++#[[ ++# DAQ_Verdict verdict; ++# verdict = DAQ_VERDICT_RETRY; ++#]])], ++have_daq_verdict_retry="yes" ++#[have_daq_verdict_retry="no"]) ++#AC_MSG_RESULT($have_daq_verdict_retry) ++#if test "x$have_daq_verdict_retry" = "xyes"; then ++# AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1], ++# [DAQ version supports DAQ_VERDICT_RETRY in DAQ_Verdict.]) ++#fi + + # any sparc platform has to have this one defined. + AC_MSG_CHECKING(for sparc) diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-inaddr-none.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-inaddr-none.patch new file mode 100644 index 000000000..79e9f076b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-inaddr-none.patch @@ -0,0 +1,85 @@ +From a1fdbced4166cb0f35d23b63a59312d86860485a Mon Sep 17 00:00:00 2001 +From: Chunrong Guo <B40290@freescale.com> +Date: Mon, 4 Nov 2013 10:39:56 +0800 +Subject: [PATCH] snort: add recipe + +Upstream-Status: Inappropriate [embedded specific] + +fix the below error: +checking for INADDR_NONE... configure: +configure: error: cannot run test program while cross compiling + +Signed-off-by: Chunrong Guo <B40290@freescale.com> + +--- + configure.in | 50 ++++++++++++++++---------------------------------- + 1 file changed, 16 insertions(+), 34 deletions(-) + +diff --git a/configure.in b/configure.in +index 20d15eb..6fe5d68 100644 +--- a/configure.in ++++ b/configure.in +@@ -274,25 +274,7 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,int64_t]) + AC_CHECK_TYPES([boolean]) + + # In case INADDR_NONE is not defined (like on Solaris) +-have_inaddr_none="no" +-AC_MSG_CHECKING([for INADDR_NONE]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <sys/types.h> +-#include <netinet/in.h> +-#include <arpa/inet.h> +-]], +-[[ +- if (inet_addr("10,5,2") == INADDR_NONE); +- return 0; +-]])], +-[have_inaddr_none="yes"], +-[have_inaddr_none="no"]) +-AC_MSG_RESULT($have_inaddr_none) +-if test "x$have_inaddr_none" = "xno"; then +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) +-fi ++have_inaddr_none="yes" + + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include <stdio.h> +@@ -421,21 +403,21 @@ if test "x$LPCAP" = "xno"; then + fi + fi + +-AC_MSG_CHECKING([for pcap_lex_destroy]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <pcap.h> +-]], +-[[ +- pcap_lex_destroy(); +-]])], +-[have_pcap_lex_destroy="yes"], +-[have_pcap_lex_destroy="no"]) +-AC_MSG_RESULT($have_pcap_lex_destroy) +-if test "x$have_pcap_lex_destroy" = "xyes"; then +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) +-fi ++#AC_MSG_CHECKING([for pcap_lex_destroy]) ++#AC_RUN_IFELSE( ++#[AC_LANG_PROGRAM( ++#[[ ++##include <pcap.h> ++#]], ++#[[ ++# pcap_lex_destroy(); ++#]])], ++have_pcap_lex_destroy="yes" ++#[have_pcap_lex_destroy="no"]) ++#AC_MSG_RESULT($have_pcap_lex_destroy) ++#if test "x$have_pcap_lex_destroy" = "xyes"; then ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) ++#fi + + AC_MSG_CHECKING([for pcap_lib_version]) + AC_LINK_IFELSE( diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/fix-host-contamination-when-enable-static-daq.patch b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/fix-host-contamination-when-enable-static-daq.patch new file mode 100644 index 000000000..0404ea0fa --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/fix-host-contamination-when-enable-static-daq.patch @@ -0,0 +1,30 @@ +From f46d096015d7402a37a59eb66b8f6b7fbf0cdff0 Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Wed, 24 May 2017 17:38:53 +0800 +Subject: [PATCH] snort: enable static daq + +Upstream-Status: Inappropriate [embedded specific] + +When enable static daq for snort, it calls to daq-modules-config to get link +library and library path. Library path is useless for oe and cause host +contamination issue. So filter it. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +--- + configure.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.in b/configure.in +index fded45b..a247bb9 100644 +--- a/configure.in ++++ b/configure.in +@@ -658,7 +658,7 @@ fi + + if test "x$enable_static_daq" = "xyes"; then + LDAQ="" +- LIBS="${LIBS} `daq-modules-config --static --libs`" ++ LIBS="${LIBS} `daq-modules-config --static --libs | sed 's#-L[^ ]*##g'`" + AC_CHECK_LIB([daq_static], [daq_load_modules], + [LIBS="-ldaq_static ${LIBS}"], [LDAQ="no"], [ ]) + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/snort.init b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/snort.init new file mode 100644 index 000000000..d8a00c43f --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort/snort.init @@ -0,0 +1,109 @@ +#!/bin/sh +# +# Snort Startup Script modified for OpenEmbedded +# + +# Script variables + +LAN_INTERFACE="$2" +RETURN_VAL=0 +BINARY=/usr/bin/snort +PATH=/bin:/usr/bin +PID=/var/run/snort_${LAN_INTERFACE}_ids.pid +DEL_PID=$PID +LOGDIR="/var/log/snort" +DATE=`/bin/date +%Y%m%d` +CONFIG_FILE=/etc/snort/snort.conf +PROG=snort +USER=root +GROUP=root + +if [ ! -x "$BINARY" ]; then + echo "ERROR: $BINARY not found." + exit 1 +fi + +if [ ! -r "$CONFIG_FILE" ]; then + echo "ERROR: $CONFIG_FILE not found." + exit 1 +fi + +start() +{ + + [ -n "$LAN_INTERFACE" ] || return 0 + # Check if log diratory is present. Otherwise, create it. + if [ ! -d $LOGDIR/$DATE ]; then + mkdir -d $LOGDIR/$DATE + /bin/chown -R $USER:$USER $LOGDIR/$DATE + /bin/chmod -R 700 $LOGDIR/$DATE + fi + + /bin/echo "Starting $PROG: " + # Snort parameters + # -D Run Snort in background (daemon) mode + # -i <if> Listen on interface <if> + # -u <uname> Run snort uid as <uname> user (or uid) + # -g <gname> Run snort uid as <gname> group (or gid) + # -c Load configuration file + # -N Turn off logging (alerts still work) (removed to enable logging) :) + # -l Log to directory + # -t Chroots process to directory after initialization + # -R <id> Include 'id' in snort_intf<id>.pid file name + + $BINARY -D -i $LAN_INTERFACE -u $USER -g $GROUP -c $CONFIG_FILE -l $LOGDIR/$DATE -t $LOGDIR/$DATE -R _ids + /bin/echo "$PROG startup complete." + return $RETURN_VAL +} + +stop() +{ + if [ -s $PID ]; then + /bin/echo "Stopping $PROG with PID `cat $PID`: " + kill -TERM `cat $PID` 2>/dev/null + RETURN_VAL=$? + /bin/echo "$PROG shutdown complete." + [ -e $DEL_PID ] && rm -f $DEL_PID + [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck + else + /bin/echo "ERROR: PID in $PID file not found." + RETURN_VAL=1 + fi + return $RETURN_VAL +} + +status() { + if [ -s $PID ]; then + echo "$PROG is running as pid `cat $PID`:" + else + echo "$PROG is not running." + fi +} + +restart() +{ + stop + start + RETURN_VAL=$? + return $RETURN_VAL +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status + ;; + restart|reload) + restart + ;; + *) + /bin/echo "Usage: $0 {start|stop|status|restart|reload}" + RETURN_VAL=1 +esac + +exit $RETURN_VAL diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.7.5.bb b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.7.5.bb new file mode 100644 index 000000000..2034b85fb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.7.5.bb @@ -0,0 +1,105 @@ +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." +HOMEPAGE = "http://www.snort.org/" +SECTION = "net" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" + +DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native" +DEPENDS_append_libc-musl = " libtirpc" + +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ + file://snort.init \ + file://disable-inaddr-none.patch \ + file://disable-dap-address-space-id.patch \ + file://disable-daq-flow-id.patch \ + file://disable-daq-verdict-retry.patch \ + file://0001-libpcap-search-sysroot-for-headers.patch \ + file://0001-fix-do_package-failed-since-snort-2.9.7.0.patch \ + file://fix-host-contamination-when-enable-static-daq.patch \ +" + +SRC_URI[tarball.md5sum] = "fd271788c0f8876be87a858a9142f202" +SRC_URI[tarball.sha256sum] = "ad03f11b5301b16642199a86aa90388eaa53f5003f83b0c5595745a490047be1" + +inherit autotools gettext update-rc.d pkgconfig + +INITSCRIPT_NAME = "snort" +INITSCRIPT_PARAMS = "defaults" + +EXTRA_OECONF = " \ + --enable-gre \ + --enable-linux-smp-stats \ + --enable-reload \ + --enable-reload-error-restart \ + --enable-targetbased \ + --enable-static-daq \ + --with-dnet-includes=${STAGING_INCDIR} \ + --with-dnet-libraries=${STAGING_LIBDIR} \ + --with-libpcre-includes=${STAGING_INCDIR} \ + --with-libpcre-libraries=${STAGING_LIBDIR} \ + --with-daq-includes=${STAGING_INCDIR} \ + --with-daq-libraries=${STAGING_LIBDIR} \ +" + +# if you want to disable it, you need to patch configure.in first +# AC_CHECK_HEADERS([openssl/sha.h],, SHA_H="no") +# is called even with --without-openssl-includes +PACKAGECONFIG ?= "openssl lzma" +PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl," +PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz," + +CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc" +LDFLAGS_append_libc-musl = " -ltirpc" + +do_install_append() { + install -d ${D}${sysconfdir}/snort/rules + install -d ${D}${sysconfdir}/snort/preproc_rules + install -d ${D}${sysconfdir}/init.d + for i in map config conf dtd; do + cp ${S}/etc/*.$i ${D}${sysconfdir}/snort/ + done + + # fix the hardcoded path and lib name + # comment out the rules that are not provided + sed -i -e 's#/usr/local/lib#${libdir}#' \ + -e 's#\.\./\(.*rules\)#${sysconfdir}/snort/\1#' \ + -e 's#\(libsf_engine.so\)#\1.0#' \ + -e 's/^\(include $RULE_PATH\)/#\1/' \ + -e 's/^\(dynamicdetection\)/#\1/' \ + -e '/preprocessor reputation/,/blacklist/ s/^/#/' \ + ${D}${sysconfdir}/snort/snort.conf + + cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/ + install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort + mkdir -p ${D}${localstatedir}/log/snort + install -d ${D}/var/log/snort + + sed -i 's/-fdebug-prefix-map[^ ]*//g; s#${STAGING_DIR_TARGET}##g' ${D}${libdir}/pkgconfig/*.pc +} + +FILES_${PN} += " \ + ${libdir}/snort_dynamicengine/*.so.* \ + ${libdir}/snort_dynamicpreprocessor/*.so.* \ + ${libdir}/snort_dynamicrules/*.so.* \ +" +FILES_${PN}-dbg += " \ + ${libdir}/snort_dynamicengine/.debug \ + ${libdir}/snort_dynamicpreprocessor/.debug \ + ${libdir}/snort_dynamicrules/.debug \ +" +FILES_${PN}-staticdev += " \ + ${libdir}/snort_dynamicengine/*.a \ + ${libdir}/snort_dynamicpreprocessor/*.a \ + ${libdir}/snort_dynamicrules/*.a \ + ${libdir}/snort/dynamic_preproc/*.a \ + ${libdir}/snort/dynamic_output/*.a \ +" +FILES_${PN}-dev += " \ + ${libdir}/snort_dynamicengine/*.la \ + ${libdir}/snort_dynamicpreprocessor/*.la \ + ${libdir}/snort_dynamicrules/*.la \ + ${libdir}/snort_dynamicengine/*.so \ + ${libdir}/snort_dynamicpreprocessor/*.so \ + ${libdir}/snort_dynamicrules/*.so \ + ${prefix}/src/snort_dynamicsrc \ +" |