Initial import

8 files changed, 318 insertions, 0 deletions

diff --git a/package/snort-wireless/Config.in b/package/snort-wireless/Config.in
new file mode 100644
index 000000000..d8cb07f7d
--- /dev/null
+++ b/package/snort-wireless/Config.in
@@ -0,0 +1,17 @@
+config ADK_PACKAGE_SNORT_WIRELESS
+	prompt "snort-wireless.................... Ligthweight Wireless Network Intrusion Detection System (NIDS)"
+	tristate
+	select ADK_PACKAGE_LIBNET
+	select ADK_PACKAGE_LIBPCAP
+	select ADK_PACKAGE_LIBPCRE
+	default n
+	help
+	  
+	  A ligthweight Wireless Network Intrusion Detection System (NIDS)
+	  
+	  http://www.snort-wireless.org/
+	  
+	  Depends: 
+	    - libnet
+	    - libpcap
+	    - libpcre
diff --git a/package/snort-wireless/Makefile b/package/snort-wireless/Makefile
new file mode 100644
index 000000000..965ece735
--- /dev/null
+++ b/package/snort-wireless/Makefile
@@ -0,0 +1,49 @@
+# $Id$
+#-
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=		snort-wireless
+PKG_VERSION:=		2.4.3-alpha04
+PKG_RELEASE:=		9
+PKG_MD5SUM:=		1aa699ae279bf7a1140cf6cca02f9999
+MASTER_SITES:=		http://www.snort-wireless.org/files/
+
+include $(TOPDIR)/mk/package.mk
+
+$(eval $(call PKG_template,SNORT_WIRELESS,snort-wireless,${PKG_VERSION}-${PKG_RELEASE},${ARCH}))
+
+CONFIGURE_STYLE=	gnu
+CONFIGURE_ARGS+=	--enable-flexresp \
+			--with-libnet-includes="${STAGING_DIR}/usr/include" \
+			--with-libnet-libraries="${STAGING_DIR}/usr/lib" \
+			--with-libpcap-includes="${STAGING_DIR}/usr/include" \
+			--with-libpcap-libraries="${STAGING_DIR}/usr/lib" \
+			--with-libpcre-includes="${STAGING_DIR}/usr/include" \
+			--with-libpcre-libraries="${STAGING_DIR}/usr/lib" \
+			--without-mysql \
+			--without-postgresql \
+			--disable-inline
+BUILD_STYLE=		auto
+INSTALL_STYLE=		auto
+
+post-install:
+	${INSTALL_DIR} ${IDIR_SNORT_WIRELESS}/usr/bin
+	${INSTALL_DIR} ${IDIR_SNORT_WIRELESS}/etc/init.d
+	${INSTALL_DIR} ${IDIR_SNORT_WIRELESS}/etc/snort
+	${INSTALL_BIN} ./files/snort-wireless.init \
+		${IDIR_SNORT_WIRELESS}/etc/init.d/snort
+	${INSTALL_DATA} ${WRKBUILD}/etc/snort.conf ${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_DATA} ${WRKBUILD}/etc/classification.config \
+		${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_DATA} ${WRKBUILD}/etc/gen-msg.map ${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_DATA} ${WRKBUILD}/etc/reference.config ${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_DATA} ${WRKBUILD}/etc/sid-msg.map ${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_DATA} ${WRKBUILD}/etc/threshold.conf ${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_DATA} ${WRKBUILD}/etc/unicode.map ${IDIR_SNORT_WIRELESS}/etc/snort/
+	${INSTALL_BIN} ${WRKINST}/usr/bin/snort ${IDIR_SNORT_WIRELESS}/usr/bin
+
+
+include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/snort-wireless/files/snort-wireless.init b/package/snort-wireless/files/snort-wireless.init
new file mode 100644
index 000000000..6986f6118
--- /dev/null
+++ b/package/snort-wireless/files/snort-wireless.init
@@ -0,0 +1,27 @@
+#!/bin/sh
+#FWINIT 75
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+	test x"${snort_wireless:-NO}" = x"NO" && exit 0
+	exec sh $0 start
+	;;
+start)
+	[ -d /var/log/snort ] || mkdir -p /var/log/snort
+	snort ${snort_wireless_flags}
+	;;
+stop)
+	killall snort
+	;;
+restart)
+	sh $0 stop
+	sh $0 start
+	;;
+*)
+	echo "Usage: $0 {start | stop | restart}"
+	exit 1
+	;;
+esac
+exit $?
diff --git a/package/snort-wireless/ipkg/snort-wireless.conffiles b/package/snort-wireless/ipkg/snort-wireless.conffiles
new file mode 100644
index 000000000..a224c4c1d
--- /dev/null
+++ b/package/snort-wireless/ipkg/snort-wireless.conffiles
@@ -0,0 +1,2 @@
+/etc/snort/snort.conf
+/etc/snort/threshold.conf
diff --git a/package/snort-wireless/ipkg/snort-wireless.control b/package/snort-wireless/ipkg/snort-wireless.control
new file mode 100644
index 000000000..11bede931
--- /dev/null
+++ b/package/snort-wireless/ipkg/snort-wireless.control
@@ -0,0 +1,6 @@
+Package: snort-wireless
+Priority: optional
+Section: net
+Depends: libnet, libpcap, libpcre
+Description: a flexible Wireless Network Intrusion Detection System (NIDS),
+ built without database logging support
diff --git a/package/snort-wireless/ipkg/snort-wireless.postinst b/package/snort-wireless/ipkg/snort-wireless.postinst
new file mode 100644
index 000000000..a348b7a82
--- /dev/null
+++ b/package/snort-wireless/ipkg/snort-wireless.postinst
@@ -0,0 +1,4 @@
+#!/bin/sh
+. $IPKG_INSTROOT/etc/functions.sh
+add_rcconf snort-wireless snort_wireless NO
+add_rcconf snort-wireless snort_wireless_flags "-i eth0.1 -c /etc/snort/snort.conf -D -N -q -s"
diff --git a/package/snort-wireless/patches/500-no-config-search.patch b/package/snort-wireless/patches/500-no-config-search.patch
new file mode 100644
index 000000000..d674ba66a
--- /dev/null
+++ b/package/snort-wireless/patches/500-no-config-search.patch
@@ -0,0 +1,35 @@
+--- snort-2.3.2-orig/src/snort.c	2005-01-13 21:36:20.000000000 +0100
++++ snort-2.3.2-1/src/snort.c	2005-04-04 20:03:34.000000000 +0200
+@@ -1949,7 +1949,7 @@
+ {
+     struct stat st;
+     int i;
+-    char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};
++    char *conf_files[]={"/etc/snort/snort.conf", NULL};
+     char *fname = NULL;
+     char *home_dir = NULL;
+     char *rval = NULL;
+@@ -1970,23 +1970,6 @@
+         i++;
+     }
+ 
+-    /* search for .snortrc in the HOMEDIR */
+-    if(!rval)
+-    {
+-        if((home_dir = getenv("HOME")))
+-        {
+-            /* create the full path */
+-            fname = (char *)malloc(strlen(home_dir) + strlen("/.snortrc") + 1);
+-            if(!fname)
+-                FatalError("Out of memory searching for config file\n");
+-
+-            if(stat(fname, &st) != -1)
+-                rval = fname;
+-            else
+-                free(fname);
+-        }
+-    }
+-
+     return rval;
+ }
+ 
diff --git a/package/snort-wireless/patches/750-lightweight-config.patch b/package/snort-wireless/patches/750-lightweight-config.patch
new file mode 100644
index 000000000..daea3be5a
--- /dev/null
+++ b/package/snort-wireless/patches/750-lightweight-config.patch
@@ -0,0 +1,178 @@
+--- snort-wireless-2.4.3-alpha04/etc/snort.conf	2005-10-21 09:41:01.000000000 +0200
++++ /Users/florian/telechargements/snort.conf	2005-10-30 13:20:17.000000000 +0100
+@@ -6,6 +6,7 @@
+ #
+ ###################################################
+ # This file contains a sample snort configuration. 
++# Most preprocessors and rules were disabled to save memory.
+ # You can take the following steps to create your own custom configuration:
+ #
+ #  1) Set the variables for your network
+@@ -42,10 +43,10 @@
+ # or you can specify the variable to be any IP address
+ # like this:
+ 
+-var HOME_NET any
++var HOME_NET 192.168.1.0/24
+ 
+ # Set up the external network addresses as well.  A good start may be "any"
+-var EXTERNAL_NET any
++var EXTERNAL_NET !$HOME_NET
+ 
+ # Configure your wireless AP lists.  This allows snort to look for attacks
+ # against your wireless network, such as rogue access points or adhoc wireless
+@@ -137,7 +138,7 @@
+ # Path to your rules files (this can be a relative path)
+ # Note for Windows users:  You are advised to make this an absolute path,
+ # such as:  c:\snort\rules
+-var RULE_PATH ../rules
++var RULE_PATH /etc/snort/rules
+ 
+ # Configure the snort decoder
+ # ============================
+@@ -413,11 +414,11 @@
+ # lots of options available here. See doc/README.http_inspect.
+ # unicode.map should be wherever your snort.conf lives, or given
+ # a full path to where snort can find it.
+-preprocessor http_inspect: global \
+-    iis_unicode_map unicode.map 1252 
++#preprocessor http_inspect: global \
++#    iis_unicode_map unicode.map 1252 
+ 
+-preprocessor http_inspect_server: server default \
+-    profile all ports { 80 8080 8180 } oversize_dir_length 500
++#preprocessor http_inspect_server: server default \
++#    profile all ports { 80 8080 8180 } oversize_dir_length 500
+ 
+ #
+ #  Example unique server configuration
+@@ -451,7 +452,7 @@
+ # no_alert_incomplete - don't alert when a single segment
+ #                       exceeds the current packet size
+ 
+-preprocessor rpc_decode: 111 32771
++#preprocessor rpc_decode: 111 32771
+ 
+ # bo: Back Orifice detector
+ # -------------------------
+@@ -474,7 +475,7 @@
+ #   3       Back Orifice Server Traffic Detected
+ #   4       Back Orifice Snort Buffer Attack
+ 
+-preprocessor bo
++#preprocessor bo
+ 
+ # telnet_decode: Telnet negotiation string normalizer
+ # ---------------------------------------------------
+@@ -486,7 +487,7 @@
+ # This preprocessor requires no arguments.
+ # Portscan uses Generator ID 109 and does not generate any SID currently.
+ 
+-preprocessor telnet_decode
++#preprocessor telnet_decode
+ 
+ # sfPortscan
+ # ----------
+@@ -537,9 +538,9 @@
+ #       are still watched as scanner hosts.  The 'ignore_scanned' option is
+ #       used to tune alerts from very active hosts such as syslog servers, etc.
+ #
+-preprocessor sfportscan: proto  { all } \
+-                         memcap { 10000000 } \
+-                         sense_level { low }
++#preprocessor sfportscan: proto  { all } \
++#                         memcap { 10000000 } \
++#                         sense_level { low }
+ 
+ # arpspoof
+ #----------------------------------------
+@@ -814,41 +815,41 @@
+ include $RULE_PATH/bad-traffic.rules
+ include $RULE_PATH/exploit.rules
+ include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
+-
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
+-
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
+-
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/tftp.rules
++
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-php.rules
++
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/x11.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/snmp.rules
++
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
+ 
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/other-ids.rules
+ # include $RULE_PATH/web-attacks.rules
+ # include $RULE_PATH/backdoor.rules
+ # include $RULE_PATH/shellcode.rules
+@@ -856,11 +857,11 @@
+ # include $RULE_PATH/porn.rules
+ # include $RULE_PATH/info.rules
+ # include $RULE_PATH/icmp-info.rules
+- include $RULE_PATH/virus.rules
++# include $RULE_PATH/virus.rules
+ # include $RULE_PATH/chat.rules
+ # include $RULE_PATH/multimedia.rules
+ # include $RULE_PATH/p2p.rules
+-include $RULE_PATH/experimental.rules
++#include $RULE_PATH/experimental.rules
+ #include $RULE_PATH/wifi.rules
+ 
+ # Include any thresholding or suppression commands. See threshold.conf in the