snort/snort.spec@a2c6460cfb16
snort/snort.spec
Mon, 28 Jan 2013 17:37:18 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 28 Jan 2013 17:37:18 +0100
- changeset 758
- a2c6460cfb16
- parent 549
- 00e5f0537340
- permissions
- -rw-r--r--
Correct socket error reporting improvement with IPv6 portable code,
after helpful recommendation by Saúl Ibarra Corretgé on OSips devlist.
1 ##
2 ## snort.spec -- OpenPKG RPM Package Specification
3 ## Copyright (c) 2000-2010 OpenPKG Foundation e.V. <http://openpkg.net/>
4 ##
5 ## Permission to use, copy, modify, and distribute this software for
6 ## any purpose with or without fee is hereby granted, provided that
7 ## the above copyright notice and this permission notice appear in all
8 ## copies.
9 ##
10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
21 ## SUCH DAMAGE.
22 ##
24 # package version
25 %define V_snort 2.9.3.1
26 %define V_rules 2.4
27 %define V_oinkmaster 2.0
28 %define V_pulledpork 0.6.1
30 # package information
31 Name: snort
32 Summary: Network Intrusion Detection System
33 URL: http://www.snort.org/
34 Vendor: B. Caswell, M. Roesch
35 Packager: OpenPKG Foundation e.V.
36 Distribution: OpenPKG Community
37 Class: BASE
38 Group: Monitoring
39 License: GPL
40 Version: %{V_snort}
41 Release: 20120800
43 # package options
44 %option with_fsl yes
45 %option with_mysql no
46 %option with_pgsql no
48 # list of sources
49 Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz
50 Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
51 Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
52 Source3: http://pulledpork.googlecode.com/files/pulledpork-%{V_pulledpork}.tar.gz
53 Source4: snort.conf
54 Source5: rc.snort
55 Source6: fsl.snort
56 Source7: snort-update.sh
58 # build information
59 BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc
60 PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp
61 BuildPreReq: daq, libdnet, pcre
62 PreReq: daq, libdnet, pcre
63 %if "%{with_fsl}" == "yes"
64 BuildPreReq: fsl
65 PreReq: fsl
66 %endif
67 %if "%{with_mysql}" == "yes"
68 BuildPreReq: mysql
69 PreReq: mysql
70 %endif
71 %if "%{with_pgsql}" == "yes"
72 BuildPreReq: postgresql
73 PreReq: postgresql
74 %endif
76 %description
77 Snort is an open source network intrusion detection system,
78 capable of performing real-time traffic analysis and packet
79 logging on IP networks. It can perform protocol analysis, content
80 searching/matching and can be used to detect a variety of attacks
81 and probes. Snort uses a flexible rules language to describe traffic
82 that it should collect or pass, as well as a detection engine that
83 utilizes a modular plugin architecture. Snort has a real-time
84 alerting capability as well. Snort has three primary uses. It can be
85 used as a straight packet sniffer like tcpdump(1), a packet logger
86 (useful for network traffic debugging, etc), or as a full blown
87 network intrusion detection system.
89 %track
90 prog snort = {
91 version = %{V_snort}
92 url = http://www.snort.org/downloads
93 regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz
94 }
95 prog snort:rules = {
96 version = %{V_rules}
97 url = http://www.snort.org/pub-bin/downloads.cgi
98 regex = snortrules-pr-(\d+\.\d+)\.tar\.gz
99 }
100 prog snort:oinkmaster = {
101 version = %{V_oinkmaster}
102 url = http://sourceforge.net/projects/oinkmaster/files/
103 regex = oinkmaster-(__VER__)\.tar\.gz
104 }
105 prog snort:pulledpork = {
106 version = %{V_pulledpork}
107 url = http://sourceforge.net/projects/oinkmaster/files/
108 url = http://pulledpork.googlecode.com/files/
109 regex = pulledpork-(__VER__)\.tar\.gz
110 }
112 %prep
113 %setup -q
114 %setup -q -D -T -a 2
115 %setup -q -D -T -a 3
116 %{l_shtool} subst \
117 -e 's;\(# define.*\)/var/log/snort;\1%{l_prefix}/var/snort;' \
118 src/snort.h
119 %{l_shtool} subst \
120 -e 's;u_int\([0-9]*\)_t;uint\1_t;g' \
121 src/dynamic-plugins/sf_engine/sf_snort_plugin_rc4.c \
122 src/sfutil/sf_ip.h
124 %build
125 # configure program
126 LIBS=""
127 %if "%{with_pgsql}" == "yes"
128 LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
129 %endif
130 case "%{l_platform -t}" in
131 *-sunos* ) LIBS="$LIBS -lresolv" ;;
132 esac
133 CC="%{l_cc}" \
134 CFLAGS="%{l_cflags -O}" \
135 CPPFLAGS="%{l_cppflags}" \
136 LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
137 LIBS="$LIBS %{l_fsl_libs}" \
138 ./configure \
139 --prefix=%{l_prefix} \
140 --sysconfdir=%{l_prefix}/etc/snort \
141 --without-odbc \
142 --without-oracle \
143 %if "%{with_mysql}" == "yes"
144 --with-mysql=%{l_prefix} \
145 %else
146 --without-mysql \
147 %endif
148 %if "%{with_pgsql}" == "yes"
149 --with-postgresql=%{l_prefix} \
150 %else
151 --without-postgresql \
152 %endif
153 --with-daq-includes=%{l_prefix}/include \
154 --with-daq-libraries=%{l_prefix}/lib \
155 --with-libpcre-includes=%{l_prefix}/include \
156 --with-libpcre-libraries=%{l_prefix}/lib \
157 --enable-perfmonitor
159 # build program
160 %{l_make} %{l_mflags -O}
162 %install
163 # create installation hierarchy
164 %{l_shtool} mkdir -f -p -m 755 \
165 $RPM_BUILD_ROOT%{l_prefix}/sbin \
166 $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
167 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
168 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
169 $RPM_BUILD_ROOT%{l_prefix}/etc/snort \
170 $RPM_BUILD_ROOT%{l_prefix}/share/snort \
171 $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
172 $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp
174 # install program and manual page
175 %{l_shtool} install -c -s -m 755 \
176 src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
177 %{l_shtool} install -c -m 644 \
178 snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
180 # install default configuration
181 %{l_shtool} install -c -m 644 %{l_value -s -a} \
182 %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
184 # install default ruleset tarball
185 %{l_shtool} install -c -m 644 \
186 %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
187 $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz
189 # install run-command script
190 %{l_shtool} install -c -m 755 %{l_value -s -a} \
191 %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
193 # install OSSP fsl configuration
194 %{l_shtool} install -c -m 644 %{l_value -s -a} \
195 %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
197 # install optional/additional files
198 %if "%{with_mysql}" == "yes"
199 %{l_shtool} install -c -m 644 \
200 schemas/create_mysql \
201 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
202 %endif
203 %if "%{with_pgsql}" == "yes"
204 %{l_shtool} install -c -m 644 \
205 schemas/create_postgresql \
206 $RPM_BUILD_ROOT%{l_prefix}/share/snort/
207 %endif
209 # install oinkmaster utility
210 ( cd oinkmaster-%{V_oinkmaster}
211 %{l_shtool} install -c -m 755 \
212 -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \
213 -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
214 oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
215 %{l_shtool} install -c -m 644 \
216 oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
217 %{l_shtool} install -c -m 644 \
218 -e 's;^\(path = \);\1%{l_prefix}/bin:;' \
219 -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
220 -e 's;^\(use_external_bins = 0\);\1;' \
221 -e 's;^\(skipfile snort\.conf\);# \1;' \
222 oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
223 ) || exit $?
225 # install pulledpork utility
226 ( cd pulledpork-%{V_pulledpork}
227 %{l_shtool} install -c -m 755 \
228 -e 's;/usr/local;%{l_prefix};g' \
229 -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \
230 pulledpork.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/pulledpork
231 %{l_shtool} install -c -m 644 \
232 -e 's;\(temp_path\) *=.*;\1 = %{l_prefix}/var/snort/tmp;' \
233 etc/*.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
234 ) || exit $?
236 # install rule update utility
237 %{l_shtool} install -c -m 755 %{l_value -s -a} \
238 -e 's;@V_rules@;%{V_rules};g' \
239 %{SOURCE snort-update.sh} \
240 $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update
242 # determine installation files
243 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
244 %{l_files_std} \
245 '%config %{l_prefix}/etc/fsl/*' \
246 '%config %{l_prefix}/etc/snort/*' \
247 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
248 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
249 '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'
251 %files -f files
253 %clean
255 %post
256 if [ $1 -eq 1 ]; then
257 # display final hints on initial installation
258 ( echo "Before starting Snort IDS, please set the configuration variable"
259 echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
260 echo "used network interface."
261 ) | %{l_rpmtool} msg -b -t notice
262 ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
263 echo "But this package just ships with the latest PUBLIC version of the"
264 echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
265 echo "This means your rules are NOT covering the latest known attacks."
266 echo ""
267 echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
268 echo "user (see http://www.snort.org/ for details). This way you receive"
269 echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
270 echo "which you can configure in the file"
271 echo " $RPM_INSTALL_PREFIX/etc/rc.conf"
272 echo "via the directives"
273 echo " snort_update_time=\"daily\""
274 echo " snort_update_source=\"oinkcode:XXXX...\""
275 echo "to update your Snort rules in"
276 echo " $RPM_INSTALL_PREFIX/var/snort/rules/"
277 echo "automatically once per day with the latest version of the"
278 echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
279 ) | %{l_rpmtool} msg -b -t notice
280 fi
282 # trigger a ruleset update
283 snort_update_source=`%{l_rc} -q snort_update_source`
284 if [ ".$snort_update_source" != . ]; then
285 su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
286 fi
288 # after upgrade, restart service
289 [ $1 -eq 2 ] || exit 0
290 eval `%{l_rc} snort status 2>/dev/null`
291 [ ".$snort_active" = .yes ] && %{l_rc} snort restart
292 exit 0
294 %preun
295 # before erase, stop service and remove log files
296 [ $1 -eq 0 ] || exit 0
297 %{l_rc} snort stop 2>/dev/null
298 rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
299 rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
300 rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
301 rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
302 rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true
303 exit 0
