# SHORT DESC: Intrusion Detection System
# LONG DESC: Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.  Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.  Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.

# COMPILE REQUIREMENT: postgresql
# COMPILE REQUIREMENT: libdnet


patch -p1 << \__EOF__ || exit 1
--- snort-2.8.3.2/src/output-plugins/spo_database.c	2008-12-30 10:44:16.000000000 -0500
+++ snort-2.8.3.2-patched/src/output-plugins/spo_database.c	2009-04-09 10:00:05.278793914 -0400
@@ -303,6 +303,7 @@
 int           Insert(char *, DatabaseData *);
 int           Select(char *, DatabaseData *);
 void          Connect(DatabaseData *);
+void          Disconnect(DatabaseData *);
 void          DatabasePrintUsage();
 void          FreeSharedDataList();
 
@@ -563,17 +564,6 @@
 
     Connect(data);
 
-    /* get password out of memory since we only need it for Connect */
-    if (data->password != NULL)
-    {
-        /* it'll be null terminated */
-        while (*data->password != '\0')
-        {
-            *data->password = '\0';
-            data->password++;
-        }
-    }
-
     data->shared->sid = Select(select_sensor_id,data);
     if(data->shared->sid == 0)
     {
@@ -2552,6 +2542,11 @@
                 ErrorMessage("database: postgresql_error: %s\n",
                              PQerrorMessage(data->p_connection));
             }
+            ErrorMessage("Disconnecting from database [INSERT].");
+            Disconnect(data);
+
+            ErrorMessage("Reconnecting to database [INSERT].");
+            Connect(data);
         } 
         PQclear(data->p_result);
     }
@@ -2756,6 +2751,11 @@
                 ErrorMessage("database: postgresql_error: %s\n",
                              PQerrorMessage(data->p_connection));
             }
+            ErrorMessage("Disconnecting from database [SELECT].");
+            Disconnect(data);
+
+            ErrorMessage("Reconnecting to database [SELECT].");
+            Connect(data);
         }
         PQclear(data->p_result);
     }
@@ -2928,7 +2928,8 @@
         if(PQstatus(data->p_connection) == CONNECTION_BAD)
         {
             PQfinish(data->p_connection);
-            FatalError("database: Connection to database '%s' failed\n", data->shared->dbname);
+            ErrorMessage("database: Connection to database '%s' failed\n", data->shared->dbname);
+            data->p_connection = NULL;
         }
     }
 #endif
__EOF__

(
	./configure --prefix=/usr --libdir="${libdir}" --sysconfdir=/etc --localstatedir=/var --enable-prelude --enable-ipv6 --enable-flexresp2 --with-postgresql --with-mysql && \
	make && \
	make install || exit 1
) || (
	make distclean
	./configure --prefix=/usr --libdir="${libdir}" --sysconfdir=/etc --localstatedir=/var --enable-ipv6 --enable-flexresp2 --with-postgresql --with-mysql && \
	make && \
	make install || exit 1
) || exit 1