OpenPKG Specs / annotate

snort/snort.spec@a2c6460cfb16 (annotated)

snort/snort.spec

Mon, 28 Jan 2013 17:37:18 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 28 Jan 2013 17:37:18 +0100
changeset 758
a2c6460cfb16
parent 549
00e5f0537340
permissions
-rw-r--r--

Correct socket error reporting improvement with IPv6 portable code,
after helpful recommendation by Saúl Ibarra Corretgé on OSips devlist.

michael@549 1 ##
michael@549 2 ## snort.spec -- OpenPKG RPM Package Specification
michael@549 3 ## Copyright (c) 2000-2010 OpenPKG Foundation e.V. <http://openpkg.net/>
michael@549 4 ##
michael@549 5 ## Permission to use, copy, modify, and distribute this software for
michael@549 6 ## any purpose with or without fee is hereby granted, provided that
michael@549 7 ## the above copyright notice and this permission notice appear in all
michael@549 8 ## copies.
michael@549 9 ##
michael@549 10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
michael@549 11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
michael@549 12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
michael@549 13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
michael@549 14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
michael@549 15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
michael@549 16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
michael@549 17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
michael@549 18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
michael@549 19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
michael@549 20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
michael@549 21 ## SUCH DAMAGE.
michael@549 22 ##
michael@549 23
michael@549 24 # package version
michael@550 25 %define V_snort 2.9.3.1
michael@549 26 %define V_rules 2.4
michael@549 27 %define V_oinkmaster 2.0
michael@550 28 %define V_pulledpork 0.6.1
michael@549 29
michael@549 30 # package information
michael@549 31 Name: snort
michael@549 32 Summary: Network Intrusion Detection System
michael@549 33 URL: http://www.snort.org/
michael@549 34 Vendor: B. Caswell, M. Roesch
michael@549 35 Packager: OpenPKG Foundation e.V.
michael@549 36 Distribution: OpenPKG Community
michael@549 37 Class: BASE
michael@549 38 Group: Monitoring
michael@549 39 License: GPL
michael@549 40 Version: %{V_snort}
michael@550 41 Release: 20120800
michael@549 42
michael@549 43 # package options
michael@549 44 %option with_fsl yes
michael@549 45 %option with_mysql no
michael@549 46 %option with_pgsql no
michael@549 47
michael@549 48 # list of sources
michael@549 49 Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz
michael@549 50 Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
michael@549 51 Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
michael@550 52 Source3: http://pulledpork.googlecode.com/files/pulledpork-%{V_pulledpork}.tar.gz
michael@550 53 Source4: snort.conf
michael@550 54 Source5: rc.snort
michael@550 55 Source6: fsl.snort
michael@550 56 Source7: snort-update.sh
michael@549 57
michael@549 58 # build information
michael@549 59 BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc
michael@549 60 PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp
michael@550 61 BuildPreReq: daq, libdnet, pcre
michael@550 62 PreReq: daq, libdnet, pcre
michael@549 63 %if "%{with_fsl}" == "yes"
michael@549 64 BuildPreReq: fsl
michael@549 65 PreReq: fsl
michael@549 66 %endif
michael@549 67 %if "%{with_mysql}" == "yes"
michael@549 68 BuildPreReq: mysql
michael@549 69 PreReq: mysql
michael@549 70 %endif
michael@549 71 %if "%{with_pgsql}" == "yes"
michael@549 72 BuildPreReq: postgresql
michael@549 73 PreReq: postgresql
michael@549 74 %endif
michael@549 75
michael@549 76 %description
michael@549 77 Snort is an open source network intrusion detection system,
michael@549 78 capable of performing real-time traffic analysis and packet
michael@549 79 logging on IP networks. It can perform protocol analysis, content
michael@549 80 searching/matching and can be used to detect a variety of attacks
michael@549 81 and probes. Snort uses a flexible rules language to describe traffic
michael@549 82 that it should collect or pass, as well as a detection engine that
michael@549 83 utilizes a modular plugin architecture. Snort has a real-time
michael@549 84 alerting capability as well. Snort has three primary uses. It can be
michael@549 85 used as a straight packet sniffer like tcpdump(1), a packet logger
michael@549 86 (useful for network traffic debugging, etc), or as a full blown
michael@549 87 network intrusion detection system.
michael@549 88
michael@549 89 %track
michael@549 90 prog snort = {
michael@549 91 version = %{V_snort}
michael@549 92 url = http://www.snort.org/downloads
michael@549 93 regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz
michael@549 94 }
michael@549 95 prog snort:rules = {
michael@549 96 version = %{V_rules}
michael@549 97 url = http://www.snort.org/pub-bin/downloads.cgi
michael@549 98 regex = snortrules-pr-(\d+\.\d+)\.tar\.gz
michael@549 99 }
michael@549 100 prog snort:oinkmaster = {
michael@549 101 version = %{V_oinkmaster}
michael@549 102 url = http://sourceforge.net/projects/oinkmaster/files/
michael@549 103 regex = oinkmaster-(__VER__)\.tar\.gz
michael@549 104 }
michael@550 105 prog snort:pulledpork = {
michael@550 106 version = %{V_pulledpork}
michael@550 107 url = http://sourceforge.net/projects/oinkmaster/files/
michael@550 108 url = http://pulledpork.googlecode.com/files/
michael@550 109 regex = pulledpork-(__VER__)\.tar\.gz
michael@550 110 }
michael@549 111
michael@549 112 %prep
michael@549 113 %setup -q
michael@549 114 %setup -q -D -T -a 2
michael@550 115 %setup -q -D -T -a 3
michael@550 116 %{l_shtool} subst \
michael@550 117 -e 's;\(# define.*\)/var/log/snort;\1%{l_prefix}/var/snort;' \
michael@549 118 src/snort.h
michael@550 119 %{l_shtool} subst \
michael@550 120 -e 's;u_int\([0-9]*\)_t;uint\1_t;g' \
michael@550 121 src/dynamic-plugins/sf_engine/sf_snort_plugin_rc4.c \
michael@550 122 src/sfutil/sf_ip.h
michael@549 123
michael@549 124 %build
michael@549 125 # configure program
michael@549 126 LIBS=""
michael@549 127 %if "%{with_pgsql}" == "yes"
michael@549 128 LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
michael@549 129 %endif
michael@549 130 case "%{l_platform -t}" in
michael@549 131 *-sunos* ) LIBS="$LIBS -lresolv" ;;
michael@549 132 esac
michael@549 133 CC="%{l_cc}" \
michael@549 134 CFLAGS="%{l_cflags -O}" \
michael@549 135 CPPFLAGS="%{l_cppflags}" \
michael@549 136 LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
michael@549 137 LIBS="$LIBS %{l_fsl_libs}" \
michael@549 138 ./configure \
michael@549 139 --prefix=%{l_prefix} \
michael@549 140 --sysconfdir=%{l_prefix}/etc/snort \
michael@550 141 --without-odbc \
michael@550 142 --without-oracle \
michael@549 143 %if "%{with_mysql}" == "yes"
michael@549 144 --with-mysql=%{l_prefix} \
michael@549 145 %else
michael@549 146 --without-mysql \
michael@549 147 %endif
michael@549 148 %if "%{with_pgsql}" == "yes"
michael@549 149 --with-postgresql=%{l_prefix} \
michael@549 150 %else
michael@549 151 --without-postgresql \
michael@549 152 %endif
michael@550 153 --with-daq-includes=%{l_prefix}/include \
michael@550 154 --with-daq-libraries=%{l_prefix}/lib \
michael@549 155 --with-libpcre-includes=%{l_prefix}/include \
michael@549 156 --with-libpcre-libraries=%{l_prefix}/lib \
michael@549 157 --enable-perfmonitor
michael@549 158
michael@549 159 # build program
michael@550 160 %{l_make} %{l_mflags -O}
michael@549 161
michael@549 162 %install
michael@549 163 # create installation hierarchy
michael@549 164 %{l_shtool} mkdir -f -p -m 755 \
michael@549 165 $RPM_BUILD_ROOT%{l_prefix}/sbin \
michael@549 166 $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
michael@549 167 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
michael@549 168 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
michael@549 169 $RPM_BUILD_ROOT%{l_prefix}/etc/snort \
michael@549 170 $RPM_BUILD_ROOT%{l_prefix}/share/snort \
michael@549 171 $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
michael@549 172 $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp
michael@549 173
michael@549 174 # install program and manual page
michael@549 175 %{l_shtool} install -c -s -m 755 \
michael@549 176 src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
michael@549 177 %{l_shtool} install -c -m 644 \
michael@549 178 snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
michael@549 179
michael@549 180 # install default configuration
michael@549 181 %{l_shtool} install -c -m 644 %{l_value -s -a} \
michael@549 182 %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
michael@549 183
michael@549 184 # install default ruleset tarball
michael@549 185 %{l_shtool} install -c -m 644 \
michael@549 186 %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
michael@549 187 $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz
michael@549 188
michael@549 189 # install run-command script
michael@549 190 %{l_shtool} install -c -m 755 %{l_value -s -a} \
michael@549 191 %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
michael@549 192
michael@549 193 # install OSSP fsl configuration
michael@549 194 %{l_shtool} install -c -m 644 %{l_value -s -a} \
michael@549 195 %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
michael@549 196
michael@549 197 # install optional/additional files
michael@549 198 %if "%{with_mysql}" == "yes"
michael@549 199 %{l_shtool} install -c -m 644 \
michael@549 200 schemas/create_mysql \
michael@549 201 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
michael@549 202 %endif
michael@549 203 %if "%{with_pgsql}" == "yes"
michael@549 204 %{l_shtool} install -c -m 644 \
michael@549 205 schemas/create_postgresql \
michael@549 206 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
michael@549 207 %endif
michael@549 208
michael@549 209 # install oinkmaster utility
michael@549 210 ( cd oinkmaster-%{V_oinkmaster}
michael@549 211 %{l_shtool} install -c -m 755 \
michael@550 212 -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \
michael@549 213 -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
michael@549 214 oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
michael@549 215 %{l_shtool} install -c -m 644 \
michael@549 216 oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
michael@549 217 %{l_shtool} install -c -m 644 \
michael@549 218 -e 's;^\(path = \);\1%{l_prefix}/bin:;' \
michael@549 219 -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
michael@549 220 -e 's;^\(use_external_bins = 0\);\1;' \
michael@549 221 -e 's;^\(skipfile snort\.conf\);# \1;' \
michael@549 222 oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
michael@549 223 ) || exit $?
michael@549 224
michael@550 225 # install pulledpork utility
michael@550 226 ( cd pulledpork-%{V_pulledpork}
michael@550 227 %{l_shtool} install -c -m 755 \
michael@550 228 -e 's;/usr/local;%{l_prefix};g' \
michael@550 229 -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \
michael@550 230 pulledpork.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/pulledpork
michael@550 231 %{l_shtool} install -c -m 644 \
michael@550 232 -e 's;\(temp_path\) *=.*;\1 = %{l_prefix}/var/snort/tmp;' \
michael@550 233 etc/*.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
michael@550 234 ) || exit $?
michael@550 235
michael@549 236 # install rule update utility
michael@549 237 %{l_shtool} install -c -m 755 %{l_value -s -a} \
michael@549 238 -e 's;@V_rules@;%{V_rules};g' \
michael@549 239 %{SOURCE snort-update.sh} \
michael@549 240 $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update
michael@549 241
michael@549 242 # determine installation files
michael@549 243 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
michael@549 244 %{l_files_std} \
michael@549 245 '%config %{l_prefix}/etc/fsl/*' \
michael@549 246 '%config %{l_prefix}/etc/snort/*' \
michael@549 247 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
michael@549 248 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
michael@549 249 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'
michael@549 250
michael@549 251 %files -f files
michael@549 252
michael@549 253 %clean
michael@549 254
michael@549 255 %post
michael@549 256 if [ $1 -eq 1 ]; then
michael@549 257 # display final hints on initial installation
michael@549 258 ( echo "Before starting Snort IDS, please set the configuration variable"
michael@549 259 echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
michael@549 260 echo "used network interface."
michael@549 261 ) | %{l_rpmtool} msg -b -t notice
michael@549 262 ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
michael@549 263 echo "But this package just ships with the latest PUBLIC version of the"
michael@549 264 echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
michael@549 265 echo "This means your rules are NOT covering the latest known attacks."
michael@549 266 echo ""
michael@549 267 echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
michael@549 268 echo "user (see http://www.snort.org/ for details). This way you receive"
michael@549 269 echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
michael@549 270 echo "which you can configure in the file"
michael@549 271 echo " $RPM_INSTALL_PREFIX/etc/rc.conf"
michael@549 272 echo "via the directives"
michael@549 273 echo " snort_update_time=\"daily\""
michael@549 274 echo " snort_update_source=\"oinkcode:XXXX...\""
michael@549 275 echo "to update your Snort rules in"
michael@549 276 echo " $RPM_INSTALL_PREFIX/var/snort/rules/"
michael@549 277 echo "automatically once per day with the latest version of the"
michael@549 278 echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
michael@549 279 ) | %{l_rpmtool} msg -b -t notice
michael@549 280 fi
michael@549 281
michael@549 282 # trigger a ruleset update
michael@549 283 snort_update_source=`%{l_rc} -q snort_update_source`
michael@549 284 if [ ".$snort_update_source" != . ]; then
michael@549 285 su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
michael@549 286 fi
michael@549 287
michael@549 288 # after upgrade, restart service
michael@549 289 [ $1 -eq 2 ] || exit 0
michael@549 290 eval `%{l_rc} snort status 2>/dev/null`
michael@549 291 [ ".$snort_active" = .yes ] && %{l_rc} snort restart
michael@549 292 exit 0
michael@549 293
michael@549 294 %preun
michael@549 295 # before erase, stop service and remove log files
michael@549 296 [ $1 -eq 0 ] || exit 0
michael@549 297 %{l_rc} snort stop 2>/dev/null
michael@549 298 rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
michael@549 299 rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
michael@549 300 rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
michael@549 301 rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
michael@549 302 rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true
michael@549 303 exit 0
michael@549 304

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial