michael@549: ## michael@549: ## snort.spec -- OpenPKG RPM Package Specification michael@549: ## Copyright (c) 2000-2010 OpenPKG Foundation e.V. michael@549: ## michael@549: ## Permission to use, copy, modify, and distribute this software for michael@549: ## any purpose with or without fee is hereby granted, provided that michael@549: ## the above copyright notice and this permission notice appear in all michael@549: ## copies. michael@549: ## michael@549: ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED michael@549: ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF michael@549: ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. michael@549: ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR michael@549: ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, michael@549: ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT michael@549: ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF michael@549: ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND michael@549: ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, michael@549: ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT michael@549: ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF michael@549: ## SUCH DAMAGE. michael@549: ## michael@549: michael@549: # package version michael@550: %define V_snort 2.9.3.1 michael@549: %define V_rules 2.4 michael@549: %define V_oinkmaster 2.0 michael@550: %define V_pulledpork 0.6.1 michael@549: michael@549: # package information michael@549: Name: snort michael@549: Summary: Network Intrusion Detection System michael@549: URL: http://www.snort.org/ michael@549: Vendor: B. Caswell, M. Roesch michael@549: Packager: OpenPKG Foundation e.V. michael@549: Distribution: OpenPKG Community michael@549: Class: BASE michael@549: Group: Monitoring michael@549: License: GPL michael@549: Version: %{V_snort} michael@550: Release: 20120800 michael@549: michael@549: # package options michael@549: %option with_fsl yes michael@549: %option with_mysql no michael@549: %option with_pgsql no michael@549: michael@549: # list of sources michael@549: Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz michael@549: Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz michael@549: Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz michael@550: Source3: http://pulledpork.googlecode.com/files/pulledpork-%{V_pulledpork}.tar.gz michael@550: Source4: snort.conf michael@550: Source5: rc.snort michael@550: Source6: fsl.snort michael@550: Source7: snort-update.sh michael@549: michael@549: # build information michael@549: BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc michael@549: PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp michael@550: BuildPreReq: daq, libdnet, pcre michael@550: PreReq: daq, libdnet, pcre michael@549: %if "%{with_fsl}" == "yes" michael@549: BuildPreReq: fsl michael@549: PreReq: fsl michael@549: %endif michael@549: %if "%{with_mysql}" == "yes" michael@549: BuildPreReq: mysql michael@549: PreReq: mysql michael@549: %endif michael@549: %if "%{with_pgsql}" == "yes" michael@549: BuildPreReq: postgresql michael@549: PreReq: postgresql michael@549: %endif michael@549: michael@549: %description michael@549: Snort is an open source network intrusion detection system, michael@549: capable of performing real-time traffic analysis and packet michael@549: logging on IP networks. It can perform protocol analysis, content michael@549: searching/matching and can be used to detect a variety of attacks michael@549: and probes. Snort uses a flexible rules language to describe traffic michael@549: that it should collect or pass, as well as a detection engine that michael@549: utilizes a modular plugin architecture. Snort has a real-time michael@549: alerting capability as well. Snort has three primary uses. It can be michael@549: used as a straight packet sniffer like tcpdump(1), a packet logger michael@549: (useful for network traffic debugging, etc), or as a full blown michael@549: network intrusion detection system. michael@549: michael@549: %track michael@549: prog snort = { michael@549: version = %{V_snort} michael@549: url = http://www.snort.org/downloads michael@549: regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz michael@549: } michael@549: prog snort:rules = { michael@549: version = %{V_rules} michael@549: url = http://www.snort.org/pub-bin/downloads.cgi michael@549: regex = snortrules-pr-(\d+\.\d+)\.tar\.gz michael@549: } michael@549: prog snort:oinkmaster = { michael@549: version = %{V_oinkmaster} michael@549: url = http://sourceforge.net/projects/oinkmaster/files/ michael@549: regex = oinkmaster-(__VER__)\.tar\.gz michael@549: } michael@550: prog snort:pulledpork = { michael@550: version = %{V_pulledpork} michael@550: url = http://sourceforge.net/projects/oinkmaster/files/ michael@550: url = http://pulledpork.googlecode.com/files/ michael@550: regex = pulledpork-(__VER__)\.tar\.gz michael@550: } michael@549: michael@549: %prep michael@549: %setup -q michael@549: %setup -q -D -T -a 2 michael@550: %setup -q -D -T -a 3 michael@550: %{l_shtool} subst \ michael@550: -e 's;\(# define.*\)/var/log/snort;\1%{l_prefix}/var/snort;' \ michael@549: src/snort.h michael@550: %{l_shtool} subst \ michael@550: -e 's;u_int\([0-9]*\)_t;uint\1_t;g' \ michael@550: src/dynamic-plugins/sf_engine/sf_snort_plugin_rc4.c \ michael@550: src/sfutil/sf_ip.h michael@549: michael@549: %build michael@549: # configure program michael@549: LIBS="" michael@549: %if "%{with_pgsql}" == "yes" michael@549: LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto" michael@549: %endif michael@549: case "%{l_platform -t}" in michael@549: *-sunos* ) LIBS="$LIBS -lresolv" ;; michael@549: esac michael@549: CC="%{l_cc}" \ michael@549: CFLAGS="%{l_cflags -O}" \ michael@549: CPPFLAGS="%{l_cppflags}" \ michael@549: LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \ michael@549: LIBS="$LIBS %{l_fsl_libs}" \ michael@549: ./configure \ michael@549: --prefix=%{l_prefix} \ michael@549: --sysconfdir=%{l_prefix}/etc/snort \ michael@550: --without-odbc \ michael@550: --without-oracle \ michael@549: %if "%{with_mysql}" == "yes" michael@549: --with-mysql=%{l_prefix} \ michael@549: %else michael@549: --without-mysql \ michael@549: %endif michael@549: %if "%{with_pgsql}" == "yes" michael@549: --with-postgresql=%{l_prefix} \ michael@549: %else michael@549: --without-postgresql \ michael@549: %endif michael@550: --with-daq-includes=%{l_prefix}/include \ michael@550: --with-daq-libraries=%{l_prefix}/lib \ michael@549: --with-libpcre-includes=%{l_prefix}/include \ michael@549: --with-libpcre-libraries=%{l_prefix}/lib \ michael@549: --enable-perfmonitor michael@549: michael@549: # build program michael@550: %{l_make} %{l_mflags -O} michael@549: michael@549: %install michael@549: # create installation hierarchy michael@549: %{l_shtool} mkdir -f -p -m 755 \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/sbin \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/man/man8 \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/etc/snort \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/share/snort \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp michael@549: michael@549: # install program and manual page michael@549: %{l_shtool} install -c -s -m 755 \ michael@549: src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/ michael@549: %{l_shtool} install -c -m 644 \ michael@549: snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/ michael@549: michael@549: # install default configuration michael@549: %{l_shtool} install -c -m 644 %{l_value -s -a} \ michael@549: %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/ michael@549: michael@549: # install default ruleset tarball michael@549: %{l_shtool} install -c -m 644 \ michael@549: %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz michael@549: michael@549: # install run-command script michael@549: %{l_shtool} install -c -m 755 %{l_value -s -a} \ michael@549: %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ michael@549: michael@549: # install OSSP fsl configuration michael@549: %{l_shtool} install -c -m 644 %{l_value -s -a} \ michael@549: %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ michael@549: michael@549: # install optional/additional files michael@549: %if "%{with_mysql}" == "yes" michael@549: %{l_shtool} install -c -m 644 \ michael@549: schemas/create_mysql \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/share/snort/ michael@549: %endif michael@549: %if "%{with_pgsql}" == "yes" michael@549: %{l_shtool} install -c -m 644 \ michael@549: schemas/create_postgresql \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/share/snort/ michael@549: %endif michael@549: michael@549: # install oinkmaster utility michael@549: ( cd oinkmaster-%{V_oinkmaster} michael@549: %{l_shtool} install -c -m 755 \ michael@550: -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \ michael@549: -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \ michael@549: oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster michael@549: %{l_shtool} install -c -m 644 \ michael@549: oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8 michael@549: %{l_shtool} install -c -m 644 \ michael@549: -e 's;^\(path = \);\1%{l_prefix}/bin:;' \ michael@549: -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \ michael@549: -e 's;^\(use_external_bins = 0\);\1;' \ michael@549: -e 's;^\(skipfile snort\.conf\);# \1;' \ michael@549: oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/ michael@549: ) || exit $? michael@549: michael@550: # install pulledpork utility michael@550: ( cd pulledpork-%{V_pulledpork} michael@550: %{l_shtool} install -c -m 755 \ michael@550: -e 's;/usr/local;%{l_prefix};g' \ michael@550: -e 's;#!/usr/bin/perl;#! %{l_prefix}/bin/perl;g' \ michael@550: pulledpork.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/pulledpork michael@550: %{l_shtool} install -c -m 644 \ michael@550: -e 's;\(temp_path\) *=.*;\1 = %{l_prefix}/var/snort/tmp;' \ michael@550: etc/*.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/ michael@550: ) || exit $? michael@550: michael@549: # install rule update utility michael@549: %{l_shtool} install -c -m 755 %{l_value -s -a} \ michael@549: -e 's;@V_rules@;%{V_rules};g' \ michael@549: %{SOURCE snort-update.sh} \ michael@549: $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update michael@549: michael@549: # determine installation files michael@549: %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ michael@549: %{l_files_std} \ michael@549: '%config %{l_prefix}/etc/fsl/*' \ michael@549: '%config %{l_prefix}/etc/snort/*' \ michael@549: '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \ michael@549: '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \ michael@549: '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp' michael@549: michael@549: %files -f files michael@549: michael@549: %clean michael@549: michael@549: %post michael@549: if [ $1 -eq 1 ]; then michael@549: # display final hints on initial installation michael@549: ( echo "Before starting Snort IDS, please set the configuration variable" michael@549: echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the" michael@549: echo "used network interface." michael@549: ) | %{l_rpmtool} msg -b -t notice michael@549: ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date." michael@549: echo "But this package just ships with the latest PUBLIC version of the" michael@549: echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users." michael@549: echo "This means your rules are NOT covering the latest known attacks." michael@549: echo "" michael@549: echo "Hence, we strongly recommend to become at least a REGISTERED Snort" michael@549: echo "user (see http://www.snort.org/ for details). This way you receive" michael@549: echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)" michael@549: echo "which you can configure in the file" michael@549: echo " $RPM_INSTALL_PREFIX/etc/rc.conf" michael@549: echo "via the directives" michael@549: echo " snort_update_time=\"daily\"" michael@549: echo " snort_update_source=\"oinkcode:XXXX...\"" michael@549: echo "to update your Snort rules in" michael@549: echo " $RPM_INSTALL_PREFIX/var/snort/rules/" michael@549: echo "automatically once per day with the latest version of the" michael@549: echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users." michael@549: ) | %{l_rpmtool} msg -b -t notice michael@549: fi michael@549: michael@549: # trigger a ruleset update michael@549: snort_update_source=`%{l_rc} -q snort_update_source` michael@549: if [ ".$snort_update_source" != . ]; then michael@549: su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\"" michael@549: fi michael@549: michael@549: # after upgrade, restart service michael@549: [ $1 -eq 2 ] || exit 0 michael@549: eval `%{l_rc} snort status 2>/dev/null` michael@549: [ ".$snort_active" = .yes ] && %{l_rc} snort restart michael@549: exit 0 michael@549: michael@549: %preun michael@549: # before erase, stop service and remove log files michael@549: [ $1 -eq 0 ] || exit 0 michael@549: %{l_rc} snort stop 2>/dev/null michael@549: rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true michael@549: rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true michael@549: rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true michael@549: rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true michael@549: rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true michael@549: exit 0 michael@549: