OpenPKG Specs / annotate

snort/snort.spec@6b18bb69901e (annotated)

snort/snort.spec

Tue, 28 Aug 2012 18:36:35 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Tue, 28 Aug 2012 18:36:35 +0200
changeset 579
6b18bb69901e
parent 549
00e5f0537340
permissions
-rw-r--r--

Correct the paths of patched scripts, refine password generation,
mitigate fdatasync(2) detection problems, correct dependencies, remove
outdated autoconf components, correct conf file paths and attributes,
complete and correct log file rotation handing, and note warnings
useful for diagnosing builds.

michael@549 1 ##
michael@549 2 ## snort.spec -- OpenPKG RPM Package Specification
michael@549 3 ## Copyright (c) 2000-2010 OpenPKG Foundation e.V. <http://openpkg.net/>
michael@549 4 ##
michael@549 5 ## Permission to use, copy, modify, and distribute this software for
michael@549 6 ## any purpose with or without fee is hereby granted, provided that
michael@549 7 ## the above copyright notice and this permission notice appear in all
michael@549 8 ## copies.
michael@549 9 ##
michael@549 10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
michael@549 11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
michael@549 12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
michael@549 13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
michael@549 14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
michael@549 15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
michael@549 16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
michael@549 17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
michael@549 18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
michael@549 19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
michael@549 20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
michael@549 21 ## SUCH DAMAGE.
michael@549 22 ##
michael@549 23
michael@549 24 # package version
michael@550 25 %define V_snort 2.9.3.1
michael@549 26 %define V_rules 2.4
michael@549 27 %define V_oinkmaster 2.0
michael@550 28 %define V_pulledpork 0.6.1
michael@549 29
michael@549 30 # package information
michael@549 31 Name: snort
michael@549 32 Summary: Network Intrusion Detection System
michael@549 33 URL: http://www.snort.org/
michael@549 34 Vendor: B. Caswell, M. Roesch
michael@549 35 Packager: OpenPKG Foundation e.V.
michael@549 36 Distribution: OpenPKG Community
michael@549 37 Class: BASE
michael@549 38 Group: Monitoring
michael@549 39 License: GPL
michael@549 40 Version: %{V_snort}
michael@550 41 Release: 20120800
michael@549 42
michael@549 43 # package options
michael@549 44 %option with_fsl yes
michael@549 45 %option with_mysql no
michael@549 46 %option with_pgsql no
michael@549 47
michael@549 48 # list of sources
michael@549 49 Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz
michael@549 50 Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
michael@549 51 Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
michael@550 52 Source3: http://pulledpork.googlecode.com/files/pulledpork-%{V_pulledpork}.tar.gz
michael@550 53 Source4: snort.conf
michael@550 54 Source5: rc.snort
michael@550 55 Source6: fsl.snort
michael@550 56 Source7: snort-update.sh
michael@549 57
michael@549 58 # build information
michael@549 59 BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc
michael@549 60 PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp
michael@550 61 BuildPreReq: daq, libdnet, pcre
michael@550 62 PreReq: daq, libdnet, pcre
michael@549 63 %if "%{with_fsl}" == "yes"
michael@549 64 BuildPreReq: fsl
michael@549 65 PreReq: fsl
michael@549 66 %endif
michael@549 67 %if "%{with_mysql}" == "yes"
michael@549 68 BuildPreReq: mysql
michael@549 69 PreReq: mysql
michael@549 70 %endif
michael@549 71 %if "%{with_pgsql}" == "yes"
michael@549 72 BuildPreReq: postgresql
michael@549 73 PreReq: postgresql
michael@549 74 %endif
michael@549 75
michael@549 76 %description
michael@549 77 Snort is an open source network intrusion detection system,
michael@549 78 capable of performing real-time traffic analysis and packet
michael@549 79 logging on IP networks. It can perform protocol analysis, content
michael@549 80 searching/matching and can be used to detect a variety of attacks
michael@549 81 and probes. Snort uses a flexible rules language to describe traffic
michael@549 82 that it should collect or pass, as well as a detection engine that
michael@549 83 utilizes a modular plugin architecture. Snort has a real-time
michael@549 84 alerting capability as well. Snort has three primary uses. It can be
michael@549 85 used as a straight packet sniffer like tcpdump(1), a packet logger
michael@549 86 (useful for network traffic debugging, etc), or as a full blown
michael@549 87 network intrusion detection system.
michael@549 88
michael@549 89 %track
michael@549 90 prog snort = {
michael@549 91 version = %{V_snort}
michael@549 92 url = http://www.snort.org/downloads
michael@549 93 regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz
michael@549 94 }
michael@549 95 prog snort:rules = {
michael@549 96 version = %{V_rules}
michael@549 97 url = http://www.snort.org/pub-bin/downloads.cgi
michael@549 98 regex = snortrules-pr-(\d+\.\d+)\.tar\.gz
michael@549 99 }
michael@549 100 prog snort:oinkmaster = {
michael@549 101 version = %{V_oinkmaster}
michael@549 102 url = http://sourceforge.net/projects/oinkmaster/files/
michael@549 103 regex = oinkmaster-(__VER__)\.tar\.gz
michael@549 104 }
michael@550 105 prog snort:pulledpork = {
michael@550 106 version = %{V_pulledpork}
michael@550 107 url = http://sourceforge.net/projects/oinkmaster/files/
michael@550 108 url = http://pulledpork.googlecode.com/files/
michael@550 109 regex = pulledpork-(__VER__)\.tar\.gz
michael@550 110 }
michael@549 111
michael@549 112 %prep
michael@549 113 %setup -q
michael@549 114 %setup -q -D -T -a 2
michael@550 115 %setup -q -D -T -a 3
michael@550 116 %{l_shtool} subst \
michael@550 117 -e 's;\(# define.*\)/var/log/snort;\1%{l_prefix}/var/snort;' \
michael@549 118 src/snort.h
michael@550 119 %{l_shtool} subst \
michael@550 120 -e 's;u_int\([0-9]*\)_t;uint\1_t;g' \
michael@550 121 src/dynamic-plugins/sf_engine/sf_snort_plugin_rc4.c \
michael@550 122 src/sfutil/sf_ip.h
michael@549 123
michael@549 124 %build
michael@549 125 # configure program
michael@549 126 LIBS=""
michael@549 127 %if "%{with_pgsql}" == "yes"
michael@549 128 LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
michael@549 129 %endif
michael@549 130 case "%{l_platform -t}" in
michael@549 131 *-sunos* ) LIBS="$LIBS -lresolv" ;;
michael@549 132 esac
michael@549 133 CC="%{l_cc}" \
michael@549 134 CFLAGS="%{l_cflags -O}" \
michael@549 135 CPPFLAGS="%{l_cppflags}" \
michael@549 136 LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
michael@549 137 LIBS="$LIBS %{l_fsl_libs}" \
michael@549 138 ./configure \
michael@549 139 --prefix=%{l_prefix} \
michael@549 140 --sysconfdir=%{l_prefix}/etc/snort \
michael@550 141 --without-odbc \
michael@550 142 --without-oracle \
michael@549 143 %if "%{with_mysql}" == "yes"
michael@549 144 --with-mysql=%{l_prefix} \
michael@549 145 %else
michael@549 146 --without-mysql \
michael@549 147 %endif
michael@549 148 %if "%{with_pgsql}" == "yes"
michael@549 149 --with-postgresql=%{l_prefix} \
michael@549 150 %else
michael@549 151 --without-postgresql \
michael@549 152 %endif
michael@550 153 --with-daq-includes=%{l_prefix}/include \
michael@550 154 --with-daq-libraries=%{l_prefix}/lib \
michael@549 155 --with-libpcre-includes=%{l_prefix}/include \
michael@549 156 --with-libpcre-libraries=%{l_prefix}/lib \
michael@549 157 --enable-perfmonitor
michael@549 158
michael@549 159 # build program
michael@550 160 %{l_make} %{l_mflags -O}
michael@549 161
michael@549 162 %install
michael@549 163 # create installation hierarchy
michael@549 164 %{l_shtool} mkdir -f -p -m 755 \
michael@549 165 $RPM_BUILD_ROOT%{l_prefix}/sbin \
michael@549 166 $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
michael@549 167 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
michael@549 168 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
michael@549 169 $RPM_BUILD_ROOT%{l_prefix}/etc/snort \
michael@549 170 $RPM_BUILD_ROOT%{l_prefix}/share/snort \
michael@549 171 $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
michael@549 172 $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp
michael@549 173
michael@549 174 # install program and manual page
michael@549 175 %{l_shtool} install -c -s -m 755 \
michael@549 176 src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
michael@549 177 %{l_shtool} install -c -m 644 \
michael@549 178 snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
michael@549 179
michael@549 180 # install default configuration
michael@549 181 %{l_shtool} install -c -m 644 %{l_value -s -a} \
michael@549 182 %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
michael@549 183
michael@549 184 # install default ruleset tarball
michael@549 185 %{l_shtool} install -c -m 644 \
michael@549 186 %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
michael@549 187 $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz
michael@549 188
michael@549 189 # install run-command script
michael@549 190 %{l_shtool} install -c -m 755 %{l_value -s -a} \
michael@549 191 %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
michael@549 192
michael@549 193 # install OSSP fsl configuration
michael@549 194 %{l_shtool} install -c -m 644 %{l_value -s -a} \
michael@549 195 %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
michael@549 196
michael@549 197 # install optional/additional files
michael@549 198 %if "%{with_mysql}" == "yes"
michael@549 199 %{l_shtool} install -c -m 644 \
michael@549 200 schemas/create_mysql \
michael@549 201 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
michael@549 202 %endif
michael@549 203 %if "%{with_pgsql}" == "yes"
michael@549 204 %{l_shtool} install -c -m 644 \
michael@549 205 schemas/create_postgresql \
michael@549 206 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
michael@549 207 %endif
michael@549 208
michael@549 209 # install oinkmaster utility
michael@549 210 ( cd oinkmaster-%{V_oinkmaster}
michael@549 211 %{l_shtool} install -c -m 755 \
michael@550 212 -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \
michael@549 213 -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
michael@549 214 oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
michael@549 215 %{l_shtool} install -c -m 644 \
michael@549 216 oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
michael@549 217 %{l_shtool} install -c -m 644 \
michael@549 218 -e 's;^\(path = \);\1%{l_prefix}/bin:;' \
michael@549 219 -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
michael@549 220 -e 's;^\(use_external_bins = 0\);\1;' \
michael@549 221 -e 's;^\(skipfile snort\.conf\);# \1;' \
michael@549 222 oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
michael@549 223 ) || exit $?
michael@549 224
michael@550 225 # install pulledpork utility
michael@550 226 ( cd pulledpork-%{V_pulledpork}
michael@550 227 %{l_shtool} install -c -m 755 \
michael@550 228 -e 's;/usr/local;%{l_prefix};g' \
michael@550 229 -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \
michael@550 230 pulledpork.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/pulledpork
michael@550 231 %{l_shtool} install -c -m 644 \
michael@550 232 -e 's;\(temp_path\) *=.*;\1 = %{l_prefix}/var/snort/tmp;' \
michael@550 233 etc/*.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
michael@550 234 ) || exit $?
michael@550 235
michael@549 236 # install rule update utility
michael@549 237 %{l_shtool} install -c -m 755 %{l_value -s -a} \
michael@549 238 -e 's;@V_rules@;%{V_rules};g' \
michael@549 239 %{SOURCE snort-update.sh} \
michael@549 240 $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update
michael@549 241
michael@549 242 # determine installation files
michael@549 243 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
michael@549 244 %{l_files_std} \
michael@549 245 '%config %{l_prefix}/etc/fsl/*' \
michael@549 246 '%config %{l_prefix}/etc/snort/*' \
michael@549 247 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
michael@549 248 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
michael@549 249 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'
michael@549 250
michael@549 251 %files -f files
michael@549 252
michael@549 253 %clean
michael@549 254
michael@549 255 %post
michael@549 256 if [ $1 -eq 1 ]; then
michael@549 257 # display final hints on initial installation
michael@549 258 ( echo "Before starting Snort IDS, please set the configuration variable"
michael@549 259 echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
michael@549 260 echo "used network interface."
michael@549 261 ) | %{l_rpmtool} msg -b -t notice
michael@549 262 ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
michael@549 263 echo "But this package just ships with the latest PUBLIC version of the"
michael@549 264 echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
michael@549 265 echo "This means your rules are NOT covering the latest known attacks."
michael@549 266 echo ""
michael@549 267 echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
michael@549 268 echo "user (see http://www.snort.org/ for details). This way you receive"
michael@549 269 echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
michael@549 270 echo "which you can configure in the file"
michael@549 271 echo " $RPM_INSTALL_PREFIX/etc/rc.conf"
michael@549 272 echo "via the directives"
michael@549 273 echo " snort_update_time=\"daily\""
michael@549 274 echo " snort_update_source=\"oinkcode:XXXX...\""
michael@549 275 echo "to update your Snort rules in"
michael@549 276 echo " $RPM_INSTALL_PREFIX/var/snort/rules/"
michael@549 277 echo "automatically once per day with the latest version of the"
michael@549 278 echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
michael@549 279 ) | %{l_rpmtool} msg -b -t notice
michael@549 280 fi
michael@549 281
michael@549 282 # trigger a ruleset update
michael@549 283 snort_update_source=`%{l_rc} -q snort_update_source`
michael@549 284 if [ ".$snort_update_source" != . ]; then
michael@549 285 su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
michael@549 286 fi
michael@549 287
michael@549 288 # after upgrade, restart service
michael@549 289 [ $1 -eq 2 ] || exit 0
michael@549 290 eval `%{l_rc} snort status 2>/dev/null`
michael@549 291 [ ".$snort_active" = .yes ] && %{l_rc} snort restart
michael@549 292 exit 0
michael@549 293
michael@549 294 %preun
michael@549 295 # before erase, stop service and remove log files
michael@549 296 [ $1 -eq 0 ] || exit 0
michael@549 297 %{l_rc} snort stop 2>/dev/null
michael@549 298 rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
michael@549 299 rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
michael@549 300 rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
michael@549 301 rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
michael@549 302 rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true
michael@549 303 exit 0
michael@549 304

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial