Add install-conf command to build system.

This patch adds support for customisation of suricata.yaml and
automatic download of emerging threat GPL rules. By running
'make install-full' after 'make install', files necessary to run
suricata are copied in the configuration directory and the latest
ruleset is downloaded and installed. Suricata can then be run
without files edition.
This patch has a special treatment for the windows build which
requires some different paths.
suricata.yaml is also updated to load all rules files provided by
emergingthreat ruleset.

Makefile.am

@@ -2,7 +2,7 @@
 # have all needed files, that a GNU package needs
 AUTOMAKE_OPTIONS = foreign 1.4
 ACLOCAL_AMFLAGS = -I m4
-EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml \
+EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
              classification.config \
              reference.config
 if BUILD_LIBHTP
@@ -10,3 +10,23 @@ if BUILD_LIBHTP
 endif
 SUBDIRS = $(HTP_DIR) src qa rules doc
 
+install-data-am:
+	@echo "Run 'make install-conf' if you want to install initial configuration files. Or 'make install-full' to install configuration and rules";
+
+install-full: install-conf install-rules
+
+install-conf:
+	install -d $(sysconfdir)
+	test -e $(sysconfdir)/suricata.yaml || install -m 600 $(top_srcdir)/suricata.yaml $(sysconfdir)
+	test -e $(sysconfdir)/classification.config || install -m 600 $(top_srcdir)/classification.config $(sysconfdir)
+	test -e $(sysconfdir)/reference.config || install -m 600 $(top_srcdir)/reference.config $(sysconfdir)
+	install -d $(localstatedir)/log/suricata
+
+install-rules:
+	install -d $(sysconfdir)/rules
+	wget -qO - http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz | tar zkxv -C $(sysconfdir)
+	test -e $(sysconfdir)/rules/decoder-events.rules || install -m 600 $(top_srcdir)/rules/decoder-events.rules $(sysconfdir)/rules/
+	test -e $(sysconfdir)/rules/stream-events.rules || install -m 600 $(top_srcdir)/rules/stream-events.rules $(sysconfdir)/rules/
+	test -e $(sysconfdir)/rules/smtp-events.rules || install -m 600 $(top_srcdir)/rules/smtp-events.rules $(sysconfdir)/rules/
+	test -e $(sysconfdir)/rules/http-events.rules || install -m 600 $(top_srcdir)/rules/http-events.rules $(sysconfdir)/rules/
+	@echo "You can now start suricata by running as root something like '$(bindir)/suricata -c $(sysconfdir)/suricata.yaml -i eth0'"

configure.in

@@ -121,7 +121,7 @@ AC_INIT(configure.in)
     AC_MSG_CHECKING([host os])
 
     # If no host os was detected, try with uname
-	if test -z "$host" ; then
+    if test -z "$host" ; then
 	    host="`uname`"
     fi
     echo -n "installation for $host OS... \c"
@@ -148,6 +148,10 @@ AC_INIT(configure.in)
            *-*-mingw32*)
                     CFLAGS="${CFLAGS} -DOS_WIN32"
                     LDFLAGS="${LDFLAGS} -lws2_32"
+		    WINDOWS_PATH="yes"
+                    ;;
+           *-*-cygwin)
+		    WINDOWS_PATH="yes"
                     ;;
 	   *)
 		AC_MSG_WARN([unsupported OS this may or may not work])
@@ -1166,7 +1170,45 @@ AC_SUBST(CFLAGS)
 AC_SUBST(LDFLAGS)
 AC_SUBST(CPPFLAGS)
 
-AC_OUTPUT(Makefile src/Makefile qa/Makefile qa/coccinelle/Makefile rules/Makefile doc/Makefile)
+define([EXPAND_VARIABLE],
+[$2=[$]$1
+if test $prefix = 'NONE'; then
+	prefix="/usr/local"
+fi
+while true; do
+  case "[$]$2" in
+    *\[$]* ) eval "$2=[$]$2" ;;
+    *) break ;;
+  esac
+done
+eval "$2=[$]$2$3"
+])dnl EXPAND_VARIABLE
+
+# suricata log dir
+if test "$WINDOWS_PATH" = "yes"; then
+  systemtype="`systeminfo | grep \"System Type\"`"
+  case $systemtype in
+    *x64*)
+      e_logdir="C:\\Program Files (x86)\\Suricata\\log\\"
+      e_sysconfdir="C:\\Program Files (x86)\\Suricata\\"
+      e_magic_file="C:\\Program Files (x86)\\Suricata\\magic.mgc"
+      ;;
+    *)
+      e_logdir="C:\\Program Files\\Suricata\\log\\"
+      e_sysconfdir="C:\\Program Files\\Suricata\\"
+      e_magic_file="C:\\Program Files\\Suricata\\magic.mgc"
+      ;;
+  esac
+else
+  EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata")
+  EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/")
+  e_magic_file="/usr/share/file/magic"
+fi
+AC_SUBST(e_logdir)
+AC_SUBST(e_sysconfdir)
+AC_SUBST(e_magic_file)
+
+AC_OUTPUT(Makefile src/Makefile qa/Makefile qa/coccinelle/Makefile rules/Makefile doc/Makefile suricata.yaml)
 
 echo "
 Suricata Configuration:
@@ -1187,5 +1229,9 @@ Suricata Configuration:
   GCC Profile enabled:      ${enable_gccprofile}
   Old barnyard2 support:    ${enable_old_barnyard2}
   Non-bundled htp:          ${enable_non_bundled_htp}
-  PCRE jit:                 ${pcre_jit_available}
-"
+  PCRE jit:                 ${pcre_jit_available}"
+
+echo "
+To build and install run 'make' and 'make install'.
+You can run 'make install-conf' if you want to install initial configuration files.
+Running 'make install-full' will install configuration and rules and provide you a ready-to-run suricata."

suricata.yaml.in

@@ -40,7 +40,7 @@ action-order:
 # The default logging directory.  Any log or output file will be
 # placed here if its not specified with a full path name.  This can be
 # overridden with the -l command line parameter.
-default-log-dir: /var/log/suricata
+default-log-dir: @e_logdir@
 
 # Configure the type of alert (and other) logging you would like.
 outputs:
@@ -164,6 +164,7 @@ outputs:
 
 # Magic file. The extension .mgc is added to the value here.
 #magic-file: /usr/share/file/magic
+magic-file: @e_magic_file@
 
 # When running in NFQ inline mode, it is possible to use a simulated
 # non-terminal NFQUEUE verdict.
@@ -651,85 +652,61 @@ ipfw:
 
 # Set the default rule path here to search for the files.
 # if not set, it will look at the current working dir
-default-rule-path: /etc/suricata/rules/
+default-rule-path: @e_sysconfdir@rules
 rule-files:
- - attack-responses.rules
- - backdoor.rules
- - bad-traffic.rules
- - chat.rules
- - ddos.rules
- - deleted.rules
- - dns.rules
- - dos.rules
- - experimental.rules
- - exploit.rules
- - finger.rules
- - ftp.rules
- - icmp-info.rules
- - icmp.rules
- - imap.rules
- - info.rules
- - local.rules
- - misc.rules
- - multimedia.rules
- - mysql.rules
- - netbios.rules
- - nntp.rules
- - oracle.rules
- - other-ids.rules
- - p2p.rules
- - policy.rules
- - pop2.rules
- - pop3.rules
- - porn.rules
- - rpc.rules
- - rservices.rules
- - scada.rules
- - scan.rules
- - shellcode.rules
- - smtp.rules
- - snmp.rules
- - specific-threats.rules
- - spyware-put.rules
- - sql.rules
- - telnet.rules
- - tftp.rules
- - virus.rules
- - voip.rules
- - web-activex.rules
- - web-attacks.rules
- - web-cgi.rules
- - web-client.rules
- - web-coldfusion.rules
- - web-frontpage.rules
- - web-iis.rules
- - web-misc.rules
- - web-php.rules
- - x11.rules
+ - botcc.rules
+ - ciarmy.rules
+ - compromised.rules
+ - drop.rules
+ - dshield.rules
+ - emerging-activex.rules
  - emerging-attack_response.rules
+ - emerging-chat.rules
+ - emerging-current_events.rules
+ - emerging-deleted.rules
+ - emerging-dns.rules
  - emerging-dos.rules
  - emerging-exploit.rules
- - emerging-game.rules
+ - emerging-ftp.rules
+ - emerging-games.rules
+ - emerging-icmp_info.rules
+ - emerging-icmp.rules
+ - emerging-imap.rules
  - emerging-inappropriate.rules
  - emerging-malware.rules
+ - emerging-misc.rules
+ - emerging-mobile_malware.rules
+ - emerging-netbios.rules
  - emerging-p2p.rules
  - emerging-policy.rules
+ - emerging-pop3.rules
+ - emerging-rpc.rules
+ - emerging-scada.rules
  - emerging-scan.rules
+ - emerging-shellcode.rules
+ - emerging-smtp.rules
+ - emerging-snmp.rules
+ - emerging-sql.rules
+ - emerging-telnet.rules
+ - emerging-tftp.rules
+ - emerging-trojan.rules
+ - emerging-user_agents.rules
  - emerging-virus.rules
  - emerging-voip.rules
- - emerging-web.rules
  - emerging-web_client.rules
  - emerging-web_server.rules
  - emerging-web_specific_apps.rules
- - emerging-user_agents.rules
- - emerging-current_events.rules
+ - emerging-worm.rules
+ - rbn-malvertisers.rules
+ - rbn.rules
+ - tor.rules
  - decoder-events.rules # available in suricata sources under rules dir
  - stream-events.rules  # available in suricata sources under rules dir
  - http-events.rules    # available in suricata sources under rules dir
  - smtp-events.rules    # available in suricata sources under rules dir
 
-classification-file: /etc/suricata/classification.config
-reference-config-file: /etc/suricata/reference.config
+classification-file: @e_sysconfdir@classification.config
+reference-config-file: @e_sysconfdir@reference.config
 
 # Holds variables that would be used by the engine.
 vars: