1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/snort/snort.spec Tue Aug 28 18:31:50 2012 +0200
1.3 @@ -0,0 +1,282 @@
1.4 +##
1.5 +## snort.spec -- OpenPKG RPM Package Specification
1.6 +## Copyright (c) 2000-2010 OpenPKG Foundation e.V. <http://openpkg.net/>
1.7 +##
1.8 +## Permission to use, copy, modify, and distribute this software for
1.9 +## any purpose with or without fee is hereby granted, provided that
1.10 +## the above copyright notice and this permission notice appear in all
1.11 +## copies.
1.12 +##
1.13 +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
1.14 +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1.15 +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.16 +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
1.17 +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.18 +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.19 +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
1.20 +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
1.21 +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
1.22 +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
1.23 +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.24 +## SUCH DAMAGE.
1.25 +##
1.26 +
1.27 +# package version
1.28 +%define V_snort 2.8.6
1.29 +%define V_rules 2.4
1.30 +%define V_oinkmaster 2.0
1.31 +
1.32 +# package information
1.33 +Name: snort
1.34 +Summary: Network Intrusion Detection System
1.35 +URL: http://www.snort.org/
1.36 +Vendor: B. Caswell, M. Roesch
1.37 +Packager: OpenPKG Foundation e.V.
1.38 +Distribution: OpenPKG Community
1.39 +Class: BASE
1.40 +Group: Monitoring
1.41 +License: GPL
1.42 +Version: %{V_snort}
1.43 +Release: 20100427
1.44 +
1.45 +# package options
1.46 +%option with_fsl yes
1.47 +%option with_mysql no
1.48 +%option with_pgsql no
1.49 +
1.50 +# list of sources
1.51 +Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz
1.52 +Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
1.53 +Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
1.54 +Source3: snort.conf
1.55 +Source4: rc.snort
1.56 +Source5: fsl.snort
1.57 +Source6: snort-update.sh
1.58 +Patch0: snort.patch
1.59 +
1.60 +# build information
1.61 +BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc
1.62 +PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp
1.63 +BuildPreReq: libpcap, libnet, pcre
1.64 +PreReq: libpcap, libnet, pcre
1.65 +%if "%{with_fsl}" == "yes"
1.66 +BuildPreReq: fsl
1.67 +PreReq: fsl
1.68 +%endif
1.69 +%if "%{with_mysql}" == "yes"
1.70 +BuildPreReq: mysql
1.71 +PreReq: mysql
1.72 +%endif
1.73 +%if "%{with_pgsql}" == "yes"
1.74 +BuildPreReq: postgresql
1.75 +PreReq: postgresql
1.76 +%endif
1.77 +
1.78 +%description
1.79 + Snort is an open source network intrusion detection system,
1.80 + capable of performing real-time traffic analysis and packet
1.81 + logging on IP networks. It can perform protocol analysis, content
1.82 + searching/matching and can be used to detect a variety of attacks
1.83 + and probes. Snort uses a flexible rules language to describe traffic
1.84 + that it should collect or pass, as well as a detection engine that
1.85 + utilizes a modular plugin architecture. Snort has a real-time
1.86 + alerting capability as well. Snort has three primary uses. It can be
1.87 + used as a straight packet sniffer like tcpdump(1), a packet logger
1.88 + (useful for network traffic debugging, etc), or as a full blown
1.89 + network intrusion detection system.
1.90 +
1.91 +%track
1.92 + prog snort = {
1.93 + version = %{V_snort}
1.94 + url = http://www.snort.org/downloads
1.95 + regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz
1.96 + }
1.97 + prog snort:rules = {
1.98 + version = %{V_rules}
1.99 + url = http://www.snort.org/pub-bin/downloads.cgi
1.100 + regex = snortrules-pr-(\d+\.\d+)\.tar\.gz
1.101 + }
1.102 + prog snort:oinkmaster = {
1.103 + version = %{V_oinkmaster}
1.104 + url = http://sourceforge.net/projects/oinkmaster/files/
1.105 + regex = oinkmaster-(__VER__)\.tar\.gz
1.106 + }
1.107 +
1.108 +%prep
1.109 + %setup -q
1.110 + %setup -q -D -T -a 2
1.111 + %patch -p0
1.112 + %{l_shtool} subst %{l_value -s -a} \
1.113 + src/snort.h
1.114 +
1.115 +%build
1.116 + # configure program
1.117 + LIBS=""
1.118 +%if "%{with_pgsql}" == "yes"
1.119 + LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
1.120 +%endif
1.121 + case "%{l_platform -t}" in
1.122 + *-sunos* ) LIBS="$LIBS -lresolv" ;;
1.123 + esac
1.124 + CC="%{l_cc}" \
1.125 + CFLAGS="%{l_cflags -O}" \
1.126 + CPPFLAGS="%{l_cppflags}" \
1.127 + LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
1.128 + LIBS="$LIBS %{l_fsl_libs}" \
1.129 + ./configure \
1.130 + --prefix=%{l_prefix} \
1.131 + --sysconfdir=%{l_prefix}/etc/snort \
1.132 +%if "%{with_mysql}" == "yes"
1.133 + --with-mysql=%{l_prefix} \
1.134 +%else
1.135 + --without-mysql \
1.136 +%endif
1.137 +%if "%{with_pgsql}" == "yes"
1.138 + --with-postgresql=%{l_prefix} \
1.139 +%else
1.140 + --without-postgresql \
1.141 +%endif
1.142 + --with-libpcap-includes=%{l_prefix}/include \
1.143 + --with-libpcap-libraries=%{l_prefix}/lib \
1.144 + --with-libnet-includes=%{l_prefix}/include \
1.145 + --with-libnet-libraries=%{l_prefix}/lib \
1.146 + --with-libpcre-includes=%{l_prefix}/include \
1.147 + --with-libpcre-libraries=%{l_prefix}/lib \
1.148 + --enable-perfmonitor
1.149 +
1.150 + # build program
1.151 + %{l_make} %{l_mflags}
1.152 +
1.153 +%install
1.154 + # create installation hierarchy
1.155 + rm -rf $RPM_BUILD_ROOT
1.156 + %{l_shtool} mkdir -f -p -m 755 \
1.157 + $RPM_BUILD_ROOT%{l_prefix}/sbin \
1.158 + $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
1.159 + $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
1.160 + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
1.161 + $RPM_BUILD_ROOT%{l_prefix}/etc/snort \
1.162 + $RPM_BUILD_ROOT%{l_prefix}/share/snort \
1.163 + $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
1.164 + $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp
1.165 +
1.166 + # install program and manual page
1.167 + %{l_shtool} install -c -s -m 755 \
1.168 + src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
1.169 + %{l_shtool} install -c -m 644 \
1.170 + snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
1.171 +
1.172 + # install default configuration
1.173 + %{l_shtool} install -c -m 644 %{l_value -s -a} \
1.174 + %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
1.175 +
1.176 + # install default ruleset tarball
1.177 + %{l_shtool} install -c -m 644 \
1.178 + %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
1.179 + $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz
1.180 +
1.181 + # install run-command script
1.182 + %{l_shtool} install -c -m 755 %{l_value -s -a} \
1.183 + %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
1.184 +
1.185 + # install OSSP fsl configuration
1.186 + %{l_shtool} install -c -m 644 %{l_value -s -a} \
1.187 + %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
1.188 +
1.189 + # install optional/additional files
1.190 +%if "%{with_mysql}" == "yes"
1.191 + %{l_shtool} install -c -m 644 \
1.192 + schemas/create_mysql \
1.193 + $RPM_BUILD_ROOT%{l_prefix}/share/snort/
1.194 +%endif
1.195 +%if "%{with_pgsql}" == "yes"
1.196 + %{l_shtool} install -c -m 644 \
1.197 + schemas/create_postgresql \
1.198 + $RPM_BUILD_ROOT%{l_prefix}/share/snort/
1.199 +%endif
1.200 +
1.201 + # install oinkmaster utility
1.202 + ( cd oinkmaster-%{V_oinkmaster}
1.203 + %{l_shtool} install -c -m 755 \
1.204 + -e 's;#!/usr/bin/perl;#!%{l_prefix}/bin/perl;g' \
1.205 + -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
1.206 + oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
1.207 + %{l_shtool} install -c -m 644 \
1.208 + oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
1.209 + %{l_shtool} install -c -m 644 \
1.210 + -e 's;^\(path = \);\1%{l_prefix}/bin:;' \
1.211 + -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
1.212 + -e 's;^\(use_external_bins = 0\);\1;' \
1.213 + -e 's;^\(skipfile snort\.conf\);# \1;' \
1.214 + oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
1.215 + ) || exit $?
1.216 +
1.217 + # install rule update utility
1.218 + %{l_shtool} install -c -m 755 %{l_value -s -a} \
1.219 + -e 's;@V_rules@;%{V_rules};g' \
1.220 + %{SOURCE snort-update.sh} \
1.221 + $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update
1.222 +
1.223 + # determine installation files
1.224 + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
1.225 + %{l_files_std} \
1.226 + '%config %{l_prefix}/etc/fsl/*' \
1.227 + '%config %{l_prefix}/etc/snort/*' \
1.228 + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
1.229 + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
1.230 + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'
1.231 +
1.232 +%files -f files
1.233 +
1.234 +%clean
1.235 +
1.236 +%post
1.237 + if [ $1 -eq 1 ]; then
1.238 + # display final hints on initial installation
1.239 + ( echo "Before starting Snort IDS, please set the configuration variable"
1.240 + echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
1.241 + echo "used network interface."
1.242 + ) | %{l_rpmtool} msg -b -t notice
1.243 + ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
1.244 + echo "But this package just ships with the latest PUBLIC version of the"
1.245 + echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
1.246 + echo "This means your rules are NOT covering the latest known attacks."
1.247 + echo ""
1.248 + echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
1.249 + echo "user (see http://www.snort.org/ for details). This way you receive"
1.250 + echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
1.251 + echo "which you can configure in the file"
1.252 + echo " $RPM_INSTALL_PREFIX/etc/rc.conf"
1.253 + echo "via the directives"
1.254 + echo " snort_update_time=\"daily\""
1.255 + echo " snort_update_source=\"oinkcode:XXXX...\""
1.256 + echo "to update your Snort rules in"
1.257 + echo " $RPM_INSTALL_PREFIX/var/snort/rules/"
1.258 + echo "automatically once per day with the latest version of the"
1.259 + echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
1.260 + ) | %{l_rpmtool} msg -b -t notice
1.261 + fi
1.262 +
1.263 + # trigger a ruleset update
1.264 + snort_update_source=`%{l_rc} -q snort_update_source`
1.265 + if [ ".$snort_update_source" != . ]; then
1.266 + su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
1.267 + fi
1.268 +
1.269 + # after upgrade, restart service
1.270 + [ $1 -eq 2 ] || exit 0
1.271 + eval `%{l_rc} snort status 2>/dev/null`
1.272 + [ ".$snort_active" = .yes ] && %{l_rc} snort restart
1.273 + exit 0
1.274 +
1.275 +%preun
1.276 + # before erase, stop service and remove log files
1.277 + [ $1 -eq 0 ] || exit 0
1.278 + %{l_rc} snort stop 2>/dev/null
1.279 + rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
1.280 + rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
1.281 + rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
1.282 + rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
1.283 + rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true
1.284 + exit 0
1.285 +
