diff -r efb4f295e1cf -r 00e5f0537340 snort/snort.spec --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/snort/snort.spec Tue Aug 28 18:31:50 2012 +0200 @@ -0,0 +1,282 @@ +## +## snort.spec -- OpenPKG RPM Package Specification +## Copyright (c) 2000-2010 OpenPKG Foundation e.V. +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## + +# package version +%define V_snort 2.8.6 +%define V_rules 2.4 +%define V_oinkmaster 2.0 + +# package information +Name: snort +Summary: Network Intrusion Detection System +URL: http://www.snort.org/ +Vendor: B. Caswell, M. Roesch +Packager: OpenPKG Foundation e.V. +Distribution: OpenPKG Community +Class: BASE +Group: Monitoring +License: GPL +Version: %{V_snort} +Release: 20100427 + +# package options +%option with_fsl yes +%option with_mysql no +%option with_pgsql no + +# list of sources +Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz +Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz +Source2: http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz +Source3: snort.conf +Source4: rc.snort +Source5: fsl.snort +Source6: snort-update.sh +Patch0: snort.patch + +# build information +BuildPreReq: OpenPKG, openpkg >= 20100101, make, gcc +PreReq: OpenPKG, openpkg >= 20100101, perl, perl-www, perl-sys, perl-comp +BuildPreReq: libpcap, libnet, pcre +PreReq: libpcap, libnet, pcre +%if "%{with_fsl}" == "yes" +BuildPreReq: fsl +PreReq: fsl +%endif +%if "%{with_mysql}" == "yes" +BuildPreReq: mysql +PreReq: mysql +%endif +%if "%{with_pgsql}" == "yes" +BuildPreReq: postgresql +PreReq: postgresql +%endif + +%description + Snort is an open source network intrusion detection system, + capable of performing real-time traffic analysis and packet + logging on IP networks. It can perform protocol analysis, content + searching/matching and can be used to detect a variety of attacks + and probes. Snort uses a flexible rules language to describe traffic + that it should collect or pass, as well as a detection engine that + utilizes a modular plugin architecture. Snort has a real-time + alerting capability as well. Snort has three primary uses. It can be + used as a straight packet sniffer like tcpdump(1), a packet logger + (useful for network traffic debugging, etc), or as a full blown + network intrusion detection system. + +%track + prog snort = { + version = %{V_snort} + url = http://www.snort.org/downloads + regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz + } + prog snort:rules = { + version = %{V_rules} + url = http://www.snort.org/pub-bin/downloads.cgi + regex = snortrules-pr-(\d+\.\d+)\.tar\.gz + } + prog snort:oinkmaster = { + version = %{V_oinkmaster} + url = http://sourceforge.net/projects/oinkmaster/files/ + regex = oinkmaster-(__VER__)\.tar\.gz + } + +%prep + %setup -q + %setup -q -D -T -a 2 + %patch -p0 + %{l_shtool} subst %{l_value -s -a} \ + src/snort.h + +%build + # configure program + LIBS="" +%if "%{with_pgsql}" == "yes" + LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto" +%endif + case "%{l_platform -t}" in + *-sunos* ) LIBS="$LIBS -lresolv" ;; + esac + CC="%{l_cc}" \ + CFLAGS="%{l_cflags -O}" \ + CPPFLAGS="%{l_cppflags}" \ + LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \ + LIBS="$LIBS %{l_fsl_libs}" \ + ./configure \ + --prefix=%{l_prefix} \ + --sysconfdir=%{l_prefix}/etc/snort \ +%if "%{with_mysql}" == "yes" + --with-mysql=%{l_prefix} \ +%else + --without-mysql \ +%endif +%if "%{with_pgsql}" == "yes" + --with-postgresql=%{l_prefix} \ +%else + --without-postgresql \ +%endif + --with-libpcap-includes=%{l_prefix}/include \ + --with-libpcap-libraries=%{l_prefix}/lib \ + --with-libnet-includes=%{l_prefix}/include \ + --with-libnet-libraries=%{l_prefix}/lib \ + --with-libpcre-includes=%{l_prefix}/include \ + --with-libpcre-libraries=%{l_prefix}/lib \ + --enable-perfmonitor + + # build program + %{l_make} %{l_mflags} + +%install + # create installation hierarchy + rm -rf $RPM_BUILD_ROOT + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/sbin \ + $RPM_BUILD_ROOT%{l_prefix}/man/man8 \ + $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \ + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ + $RPM_BUILD_ROOT%{l_prefix}/etc/snort \ + $RPM_BUILD_ROOT%{l_prefix}/share/snort \ + $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \ + $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp + + # install program and manual page + %{l_shtool} install -c -s -m 755 \ + src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/ + %{l_shtool} install -c -m 644 \ + snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/ + + # install default configuration + %{l_shtool} install -c -m 644 %{l_value -s -a} \ + %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/ + + # install default ruleset tarball + %{l_shtool} install -c -m 644 \ + %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \ + $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz + + # install run-command script + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ + + # install OSSP fsl configuration + %{l_shtool} install -c -m 644 %{l_value -s -a} \ + %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ + + # install optional/additional files +%if "%{with_mysql}" == "yes" + %{l_shtool} install -c -m 644 \ + schemas/create_mysql \ + $RPM_BUILD_ROOT%{l_prefix}/share/snort/ +%endif +%if "%{with_pgsql}" == "yes" + %{l_shtool} install -c -m 644 \ + schemas/create_postgresql \ + $RPM_BUILD_ROOT%{l_prefix}/share/snort/ +%endif + + # install oinkmaster utility + ( cd oinkmaster-%{V_oinkmaster} + %{l_shtool} install -c -m 755 \ + -e 's;#!/usr/bin/perl;#!%{l_prefix}/bin/perl;g' \ + -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \ + oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster + %{l_shtool} install -c -m 644 \ + oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8 + %{l_shtool} install -c -m 644 \ + -e 's;^\(path = \);\1%{l_prefix}/bin:;' \ + -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \ + -e 's;^\(use_external_bins = 0\);\1;' \ + -e 's;^\(skipfile snort\.conf\);# \1;' \ + oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/ + ) || exit $? + + # install rule update utility + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + -e 's;@V_rules@;%{V_rules};g' \ + %{SOURCE snort-update.sh} \ + $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update + + # determine installation files + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ + %{l_files_std} \ + '%config %{l_prefix}/etc/fsl/*' \ + '%config %{l_prefix}/etc/snort/*' \ + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \ + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \ + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp' + +%files -f files + +%clean + +%post + if [ $1 -eq 1 ]; then + # display final hints on initial installation + ( echo "Before starting Snort IDS, please set the configuration variable" + echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the" + echo "used network interface." + ) | %{l_rpmtool} msg -b -t notice + ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date." + echo "But this package just ships with the latest PUBLIC version of the" + echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users." + echo "This means your rules are NOT covering the latest known attacks." + echo "" + echo "Hence, we strongly recommend to become at least a REGISTERED Snort" + echo "user (see http://www.snort.org/ for details). This way you receive" + echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)" + echo "which you can configure in the file" + echo " $RPM_INSTALL_PREFIX/etc/rc.conf" + echo "via the directives" + echo " snort_update_time=\"daily\"" + echo " snort_update_source=\"oinkcode:XXXX...\"" + echo "to update your Snort rules in" + echo " $RPM_INSTALL_PREFIX/var/snort/rules/" + echo "automatically once per day with the latest version of the" + echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users." + ) | %{l_rpmtool} msg -b -t notice + fi + + # trigger a ruleset update + snort_update_source=`%{l_rc} -q snort_update_source` + if [ ".$snort_update_source" != . ]; then + su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\"" + fi + + # after upgrade, restart service + [ $1 -eq 2 ] || exit 0 + eval `%{l_rc} snort status 2>/dev/null` + [ ".$snort_active" = .yes ] && %{l_rc} snort restart + exit 0 + +%preun + # before erase, stop service and remove log files + [ $1 -eq 0 ] || exit 0 + %{l_rc} snort stop 2>/dev/null + rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true + rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true + exit 0 +