snort/snort.spec@00e5f0537340
snort/snort.spec
Tue, 28 Aug 2012 18:31:50 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Tue, 28 Aug 2012 18:31:50 +0200
- changeset 549
- 00e5f0537340
- child 550
- b663cfca750a
- permissions
- -rw-r--r--
Import package vendor original specs for necessary manipulations.
1 ##
2 ## snort.spec -- OpenPKG RPM Package Specification
3 ## Copyright (c) 2000-2010 OpenPKG Foundation e.V. <http://openpkg.net/>
4 ##
5 ## Permission to use, copy, modify, and distribute this software for
6 ## any purpose with or without fee is hereby granted, provided that
7 ## the above copyright notice and this permission notice appear in all
8 ## copies.
9 ##
10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
21 ## SUCH DAMAGE.
22 ##
24 # package version
25 %define V_snort 2.8.6
26 %define V_rules 2.4
27 %define V_oinkmaster 2.0
29 # package information
30 Name: snort
31 Summary: Network Intrusion Detection System
32 URL: http://www.snort.org/
33 Vendor: B. Caswell, M. Roesch
34 Packager: OpenPKG Foundation e.V.
35 Distribution: OpenPKG Community
36 Class: BASE
37 Group: Monitoring
38 License: GPL
39 Version: %{V_snort}
40 Release: 20100427
42 # package options
43 %option with_fsl yes
44 %option with_mysql no
45 %option with_pgsql no
47 # list of sources
48 Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz
49 Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
50 Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
51 Source3: snort.conf
52 Source4: rc.snort
53 Source5: fsl.snort
54 Source6: snort-update.sh
55 Patch0: snort.patch
57 # build information
58 BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc
59 PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp
60 BuildPreReq: libpcap, libnet, pcre
61 PreReq: libpcap, libnet, pcre
62 %if "%{with_fsl}" == "yes"
63 BuildPreReq: fsl
64 PreReq: fsl
65 %endif
66 %if "%{with_mysql}" == "yes"
67 BuildPreReq: mysql
68 PreReq: mysql
69 %endif
70 %if "%{with_pgsql}" == "yes"
71 BuildPreReq: postgresql
72 PreReq: postgresql
73 %endif
75 %description
76 Snort is an open source network intrusion detection system,
77 capable of performing real-time traffic analysis and packet
78 logging on IP networks. It can perform protocol analysis, content
79 searching/matching and can be used to detect a variety of attacks
80 and probes. Snort uses a flexible rules language to describe traffic
81 that it should collect or pass, as well as a detection engine that
82 utilizes a modular plugin architecture. Snort has a real-time
83 alerting capability as well. Snort has three primary uses. It can be
84 used as a straight packet sniffer like tcpdump(1), a packet logger
85 (useful for network traffic debugging, etc), or as a full blown
86 network intrusion detection system.
88 %track
89 prog snort = {
90 version = %{V_snort}
91 url = http://www.snort.org/downloads
92 regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz
93 }
94 prog snort:rules = {
95 version = %{V_rules}
96 url = http://www.snort.org/pub-bin/downloads.cgi
97 regex = snortrules-pr-(\d+\.\d+)\.tar\.gz
98 }
99 prog snort:oinkmaster = {
100 version = %{V_oinkmaster}
101 url = http://sourceforge.net/projects/oinkmaster/files/
102 regex = oinkmaster-(__VER__)\.tar\.gz
103 }
105 %prep
106 %setup -q
107 %setup -q -D -T -a 2
108 %patch -p0
109 %{l_shtool} subst %{l_value -s -a} \
110 src/snort.h
112 %build
113 # configure program
114 LIBS=""
115 %if "%{with_pgsql}" == "yes"
116 LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
117 %endif
118 case "%{l_platform -t}" in
119 *-sunos* ) LIBS="$LIBS -lresolv" ;;
120 esac
121 CC="%{l_cc}" \
122 CFLAGS="%{l_cflags -O}" \
123 CPPFLAGS="%{l_cppflags}" \
124 LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
125 LIBS="$LIBS %{l_fsl_libs}" \
126 ./configure \
127 --prefix=%{l_prefix} \
128 --sysconfdir=%{l_prefix}/etc/snort \
129 %if "%{with_mysql}" == "yes"
130 --with-mysql=%{l_prefix} \
131 %else
132 --without-mysql \
133 %endif
134 %if "%{with_pgsql}" == "yes"
135 --with-postgresql=%{l_prefix} \
136 %else
137 --without-postgresql \
138 %endif
139 --with-libpcap-includes=%{l_prefix}/include \
140 --with-libpcap-libraries=%{l_prefix}/lib \
141 --with-libnet-includes=%{l_prefix}/include \
142 --with-libnet-libraries=%{l_prefix}/lib \
143 --with-libpcre-includes=%{l_prefix}/include \
144 --with-libpcre-libraries=%{l_prefix}/lib \
145 --enable-perfmonitor
147 # build program
148 %{l_make} %{l_mflags}
150 %install
151 # create installation hierarchy
152 rm -rf $RPM_BUILD_ROOT
153 %{l_shtool} mkdir -f -p -m 755 \
154 $RPM_BUILD_ROOT%{l_prefix}/sbin \
155 $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
156 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
157 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
158 $RPM_BUILD_ROOT%{l_prefix}/etc/snort \
159 $RPM_BUILD_ROOT%{l_prefix}/share/snort \
160 $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
161 $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp
163 # install program and manual page
164 %{l_shtool} install -c -s -m 755 \
165 src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
166 %{l_shtool} install -c -m 644 \
167 snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
169 # install default configuration
170 %{l_shtool} install -c -m 644 %{l_value -s -a} \
171 %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
173 # install default ruleset tarball
174 %{l_shtool} install -c -m 644 \
175 %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
176 $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz
178 # install run-command script
179 %{l_shtool} install -c -m 755 %{l_value -s -a} \
180 %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
182 # install OSSP fsl configuration
183 %{l_shtool} install -c -m 644 %{l_value -s -a} \
184 %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
186 # install optional/additional files
187 %if "%{with_mysql}" == "yes"
188 %{l_shtool} install -c -m 644 \
189 schemas/create_mysql \
190 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
191 %endif
192 %if "%{with_pgsql}" == "yes"
193 %{l_shtool} install -c -m 644 \
194 schemas/create_postgresql \
195 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
196 %endif
198 # install oinkmaster utility
199 ( cd oinkmaster-%{V_oinkmaster}
200 %{l_shtool} install -c -m 755 \
201 -e 's;#!/usr/bin/perl;#!%{l_prefix}/bin/perl;g' \
202 -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
203 oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
204 %{l_shtool} install -c -m 644 \
205 oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
206 %{l_shtool} install -c -m 644 \
207 -e 's;^\(path = \);\1%{l_prefix}/bin:;' \
208 -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
209 -e 's;^\(use_external_bins = 0\);\1;' \
210 -e 's;^\(skipfile snort\.conf\);# \1;' \
211 oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
212 ) || exit $?
214 # install rule update utility
215 %{l_shtool} install -c -m 755 %{l_value -s -a} \
216 -e 's;@V_rules@;%{V_rules};g' \
217 %{SOURCE snort-update.sh} \
218 $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update
220 # determine installation files
221 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
222 %{l_files_std} \
223 '%config %{l_prefix}/etc/fsl/*' \
224 '%config %{l_prefix}/etc/snort/*' \
225 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
226 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
227 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'
229 %files -f files
231 %clean
233 %post
234 if [ $1 -eq 1 ]; then
235 # display final hints on initial installation
236 ( echo "Before starting Snort IDS, please set the configuration variable"
237 echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
238 echo "used network interface."
239 ) | %{l_rpmtool} msg -b -t notice
240 ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
241 echo "But this package just ships with the latest PUBLIC version of the"
242 echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
243 echo "This means your rules are NOT covering the latest known attacks."
244 echo ""
245 echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
246 echo "user (see http://www.snort.org/ for details). This way you receive"
247 echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
248 echo "which you can configure in the file"
249 echo " $RPM_INSTALL_PREFIX/etc/rc.conf"
250 echo "via the directives"
251 echo " snort_update_time=\"daily\""
252 echo " snort_update_source=\"oinkcode:XXXX...\""
253 echo "to update your Snort rules in"
254 echo " $RPM_INSTALL_PREFIX/var/snort/rules/"
255 echo "automatically once per day with the latest version of the"
256 echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
257 ) | %{l_rpmtool} msg -b -t notice
258 fi
260 # trigger a ruleset update
261 snort_update_source=`%{l_rc} -q snort_update_source`
262 if [ ".$snort_update_source" != . ]; then
263 su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
264 fi
266 # after upgrade, restart service
267 [ $1 -eq 2 ] || exit 0
268 eval `%{l_rc} snort status 2>/dev/null`
269 [ ".$snort_active" = .yes ] && %{l_rc} snort restart
270 exit 0
272 %preun
273 # before erase, stop service and remove log files
274 [ $1 -eq 0 ] || exit 0
275 %{l_rc} snort stop 2>/dev/null
276 rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
277 rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
278 rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
279 rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
280 rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true
281 exit 0
