Sophie

Sophie

distrib > Mandriva > 2007.0 > x86_64 > by-pkgid > 1cbbb160b76c163e3c91863e2beb78cb > files > 2

psad-1.4.5-2mdk.src.rpm

%define name psad
%define version 1.4.5
%define release %mkrel 2

Summary: Psad analyzses iptables log messages for suspect traffic
Name: %name
Version: %version
Release: %release
License: GPL
Group: System/Servers
Url: http://www.cipherdyne.org/psad/
Source: http://www.cipherdyne.org/psad/download/%name-%version.tar.bz2
BuildRoot: %_tmppath/%{name}-buildroot
BuildRequires: perl-devel
BuildRequires: perl-Unix-Syslog
BuildRequires: perl-Net-IPv4Addr
Requires: perl-Unix-Syslog
Requires: perl-Date-Calc
Requires: sendmail-command
Requires: perl-Net-IPv4Addr
Requires: perl-IPTables-Parse
Requires: userspace-ipfilter
Requires: perl-Bit-Vector
Requires(pre): rpm-helper

%description
Port Scan Attack Detector (psad) is a collection of four lightweight
system daemons written in Perl and C that are designed to work with
Linux firewalling code (iptables in the 2.4.x kernels, and ipchains
in the 2.2.x kernels) to detect port scans. It features a set of highly
configurable danger thresholds (with sensible defaults provided),
verbose alert messages that include the source, destination, scanned
port range, begin and end times, TCP flags and corresponding nmap
options (Linux 2.4.x kernels only), email alerting, and automatic
blocking of offending IP addresses via dynamic configuration of
ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels
psad incorporates many of the TCP, UDP, and ICMP signatures included in
Snort to detect highly suspect scans for various backdoor programs
(e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and
advanced port scans (syn, fin, Xmas) which are easily leveraged against
a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP
window sizes to passively fingerprint the remote operating system from
which scans originate.

%package -n perl-IPTables-Parse
Summary: Parse iptables rules
Group: System/Configuration/Networking

%description -n perl-IPTables-Parse
Psad package provides a IPTables-Parse perl module.

%package -n perl-IPTables-ChainMgr
Summary: ChainMgr iptables perl module
Group: System/Configuration/Networking

%description -n perl-IPTables-ChainMgr
Psad package provides a IPTables-ChainMgr perl module.

%prep
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%setup -q

cd Psad
%__perl Makefile.PL PREFIX=/usr/lib/psad LIB=/usr/lib/psad
%__make

cd ../IPTables-Parse
%__perl Makefile.PL INSTALLDIRS=vendor
%__make

cd ../IPTables-ChainMgr
%__perl Makefile.PL INSTALLDIRS=vendor
%__make

%build
### build psad binaries (kmsgsd, psadwatchd, and diskmond)
%make OPTS="$RPM_OPT_FLAGS"
### build the whois client
%make OPTS="$RPM_OPT_FLAGS" -C whois
### build perl modules used by psad
%make OPTS="$RPM_OPT_FLAGS" -C Psad

%check
cd Psad
%__make test
cd ../IPTables-Parse
%__make test
cd ../IPTables-ChainMgr
PERL5LIB=../IPTables-Parse/blib/lib %__make test

%install
### log directory
mkdir -p $RPM_BUILD_ROOT/var/log/psad
### dir for psadfifo
mkdir -p $RPM_BUILD_ROOT/var/lib/psad
### dir for pidfiles
mkdir -p $RPM_BUILD_ROOT/var/run/psad

### whois_psad binary
mkdir -p $RPM_BUILD_ROOT%_bindir
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT%_sbindir
### psad config
mkdir -p $RPM_BUILD_ROOT%_sysconfdir/%name
### psad init script
mkdir -p $RPM_BUILD_ROOT%_initrddir

install -m 500 {psad,kmsgsd,psadwatchd} $RPM_BUILD_ROOT%_sbindir/
install -m 500 fwcheck_psad.pl $RPM_BUILD_ROOT%_sbindir/fwcheck_psad
install -m 755 whois/whois $RPM_BUILD_ROOT/usr/bin/whois_psad
install -m 755 init-scripts/psad-init.redhat $RPM_BUILD_ROOT%_initrddir/psad
install -m 644 {psad.conf,kmsgsd.conf,psadwatchd.conf,fw_search.conf} $RPM_BUILD_ROOT%_sysconfdir/%name/
install -m 644 {signatures,icmp_types,auto_dl,posf} $RPM_BUILD_ROOT%_sysconfdir/%name/
install -m 644 *.8 $RPM_BUILD_ROOT%{_mandir}/man8/

cd Psad
%makeinstall_std
rm -rf $RPM_BUILD_ROOT%_libdir/%name/local
rm -rf $RPM_BUILD_ROOT%_libdir/%name/`perl -MConfig -e'print$Config{archname}'`

cd ../IPTables-Parse
%makeinstall_std

cd ../IPTables-ChainMgr
%makeinstall_std

cd ..

### install snort rules files
cp -r snort_rules $RPM_BUILD_ROOT/etc/psad

%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%post
### put the current hostname into the psad C binaries
### (diskmond and psadwatchd).
perl -p -i -e 'use Sys::Hostname; my $hostname = hostname(); s/HOSTNAME(\s+)CHANGE.?ME/HOSTNAME${1}$hostname/' /etc/psad/psad.conf
perl -p -i -e 'use Sys::Hostname; my $hostname = hostname(); s/HOSTNAME(\s+)CHANGE.?ME/HOSTNAME${1}$hostname/' /etc/psad/psadwatchd.conf

/bin/touch /var/log/psad/fwdata
chown root.root /var/log/psad/fwdata
chmod 0600 /var/log/psad/fwdata
if [ ! -p /var/lib/psad/psadfifo ];
then [ -e /var/lib/psad/psadfifo ] && /bin/rm -f /var/lib/psad/psadfifo
/bin/mknod -m 600 /var/lib/psad/psadfifo p
fi
chown root.root /var/lib/psad/psadfifo
chmod 0600 /var/lib/psad/psadfifo
### make psad start at boot
/sbin/chkconfig --add psad
[ -f /etc/syslog.conf ] || exit 0
### make a backup of /etc/syslog.conf
[ -f /etc/syslog.conf.orig ] || cp -p /etc/syslog.conf /etc/syslog.conf.orig
### add the psadfifo line to /etc/syslog.conf if necessary
if ! grep -v "#" /etc/syslog.conf | grep -q psadfifo;
then echo " .. Adding psadfifo line to /etc/syslog.conf"
echo "kern.info |/var/lib/psad/psadfifo" >> /etc/syslog.conf
fi
if [ -e /var/run/syslogd.pid ];
then
echo " .. Restarting syslogd "
kill -HUP `cat /var/run/syslogd.pid`
fi
if grep -q "EMAIL.*root.*localhost" /etc/psad/psad.conf;
then
echo " .. You can edit the EMAIL_ADDRESSES variable in"
echo "    /etc/psad/psad.conf, /etc/psad/psadwatchd.conf, and"
echo "    to have email alerts sent to"
echo "    an address other than root@localhost"
fi

%preun
%_preun_service psad

%files
%defattr(-,root,root)
/var/log/psad
/var/lib/psad
/var/run/psad
%_sbindir/*
%_bindir/*
%{_mandir}/man8/*
%_initrddir/%name
%_prefix/lib/%name

%dir %_sysconfdir/%name
%config(noreplace) %_sysconfdir/%name/*.conf
%config(noreplace) %_sysconfdir/%name/auto_dl
%config(noreplace) %_sysconfdir/%name/icmp_types
%config(noreplace) %_sysconfdir/%name/posf
%config(noreplace) %_sysconfdir/%name/signatures

%dir %_sysconfdir/%name/snort_rules
%config(noreplace) %_sysconfdir/%name/snort_rules/*

%files -n perl-IPTables-Parse
%defattr(-,root,root)
%{perl_vendorlib}/IPTables/Parse.pm
%{_mandir}/man3/IPTables::Parse*

%files -n perl-IPTables-ChainMgr
%defattr(-,root,root)
%{perl_vendorlib}/IPTables/ChainMgr.pm
%{_mandir}/man3/IPTables::ChainMgr*

%changelog
* Fri Jan 20 2006 Lenny Cartier <lenny@mandriva.com> 1.4.5-2mdk
- x86_64 fix

* Tue Jan 17 2006 Lenny Cartier <lenny@mandriva.com> 1.4.5-1mdk
- 1.4.5

* Wed Dec 21 2005 Rafael Garcia-Suarez <rgarciasuarez@mandriva.com> 1.4.4-2mdk
- Fix installation of perl modules
- Remove empty dirs
- Add check section, update buildrequires

* Mon Dec 19 2005 Lenny Cartier <lenny@mandriva.com> 1.4.4-1mdk
- 1.4.4

* Tue Jul 26 2005 Nicolas Lécureuil <neoclust@mandriva.org> 1.4.2-1mdk
- Fix BuildRequires
- %%mkrel

* Tue Mar 15 2005 Lenny Cartier <lenny@mandrakesoft.com> 1.4.1-2mdk
- requires perl-Bit-Vector
- add a perl-IPTables-ChainMgr package

* Mon Mar 14 2005 Lenny Cartier <lenny@mandrakesoft.com> 1.4.1-1mdk
- 1.4.1

* Mon Oct 25 2004 Lenny Cartier <lenny@mandrakesoft.com> 1.3.4-1mdk
- 1.3.4

* Mon Sep 27 2004 Lenny Cartier <lenny@mandrakesoft.com> 1.3.3-2mdk
- requires smtpdaemon rather than sendmail

* Sun Sep 12 2004 Lenny Cartier <lenny@mandrakesoft.com> 1.3.3-1mdk
- 1.3.3

* Mon Jun 28 2004 Lenny Cartier <lenny@mandrakesoft.com> 1.3.2-1mdk
- 1.3.2

* Tue Jun 15 2004 Lenny Cartier <lenny@mandrakesoft.com> 1.3.1-1mdk
- 1.3.1

* Thu Dec 18 2003 Lenny Cartier <lenny@mandrakesoft.com> 1.3-2mdk
- Bug #6568 : depends on userspace-ipfilter

* Wed Dec 03 2003 Lenny Cartier <lenny@mandrakesoft.com> 1.3-1mdk
- 1.3

* Mon Oct 20 2003 Lenny Cartier <lenny@mandrakesoft.com> 1.2.4-1mdk
- 1.2.4
- like Michael Rash specfile remove diskmond since psad handles it automatically

* Mon Oct 13 2003 Lenny Cartier <lenny@mandrakesoft.com> 1.2.3-2mdk
- remove some perl modules
- add a sub package for perl-IPTables-Parse

* Tue Sep 23 2003 Lenny Cartier <lenny@mandrakesoft.com> 1.2.3-1mdk
- mandrakized specfile

* Fri Sep 12 2003 Michael Rash <mbr@cipherdyne.org>
-Added interface tracking for scans.
-Bugfix for not opening /etc/hosts.deny the right way in
 tcpwr_block().
-Bugfix for psadfifo path in syslog-ng config.
-Better format for summary stats section in email alerts.
-Bugfix for INIT_DIR path on non-RedHat systems.
-Bugfix for gzip path.
-Make Psad.pm installed last of all perl modules installed
 by psad.
-Added additional call to incr_syscall_ctr() in psadwatchd.c

* Mon Jul 28 2003 Michael Rash <mbr@cipherdyne.org>
- Initial version.

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional