%define snort_version 1.8.3 %define _sysconfdir /etc/snort %define _initrddir /etc/rc.d/init.d # this is so the binaries won't be stripped so people will submit # meaningful bugreports # diskspace is cheap. don't ship nude binaries # bug reports need info. %define __spec_install_post %{nil} Summary: An intrusion detection system Name: snort Version: %{snort_version} Release: 4mdk License: GPL Group: Networking/Other Source0: http://www.snort.org/releases/%{name}-%{snort_version}.tar.bz2 Source1: snortd Source2: sysconfig Patch0: snort-1.8.3-icmp.patch.bz2 Url: http://www.snort.org BuildRoot: %{_tmppath}/%{name}-root Requires: libpcap >= 0.6 BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc BuildRequires: libnet BuildRequires: libpcap-devel >= 0.6 BuildRequires: libsnmp-devel BuildRequires: MySQL-devel BuildRequires: openssl-devel BuildRequires: postgresql-devel BuildRequires: texinfo BuildRequires: zlib-devel %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit %{_sysconfdir}/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. %{_sbindir}/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in %{_docdir}/%{name}-%{version} %package plain+flexresp Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description plain+flexresp Snort compiled with flexresp support. Requires snort libnet rpm. %package mysql Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description mysql Snort compiled with mysql support. %package mysql+flexresp Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description mysql+flexresp Snort compiled with mysql+flexresp support. Requires snort libnet rpm. %package postgresql Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description postgresql Snort compiled with postgresql support. %package postgresql+flexresp Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description postgresql+flexresp Snort compiled with postgresql+flexresp support. Requires snort libnet rpm. %package snmp Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description snmp Snort compiled with snmp support. Currently a bit buggy in packaging. If anyone can figure out why --enable-snmp pulls in everything else, let me know %package snmp+flexresp Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description snmp+flexresp Snort compiled with snmp+flexresp support. Requires snort libnet rpm. Currently a bit buggy in packaging. If anyone can figure out why --enable-snmp pulls in everything else, let me know %package bloat Summary: Snort with Flexible Response Group: Networking/Other Requires: snort = %{version} %description bloat Snort compiled with snmp+flexresp+mysql+postgresql support. Requires snort libnet rpm. %prep %setup -q -n %{name}-%{snort_version} %patch0 -p0 -b .icmp %build automake aclocal rm -rf building && mkdir -p building && cd building export AM_CFLAGS="-g -O2" SNORT_BASE_CONFIG="--prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir} " # there are some strange configure errors # when not doing a distclean between major builds. # plain { mkdir plain cd plain ../../configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no %make mv %{name} ../%{name}-plain # make distclean cd .. } # plain+flexresp { mkdir plain+flexresp cd plain+flexresp ../../configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --enable-flexresp %make mv %{name} ../%{name}-plain+flexresp # make distclean cd .. } # mysql+flexresp { mkdir mysql+flexresp cd mysql+flexresp ../../configure $SNORT_BASE_CONFIG --with-mysql=yes \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --enable-flexresp %make mv %{name} ../%{name}-mysql+flexresp # make distclean cd .. } # mysql { mkdir mysql cd mysql ../../configure $SNORT_BASE_CONFIG --with-mysql=yes \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no %make mv %{name} ../%{name}-mysql # make distclean cd .. } # postgresql+flexresp { mkdir postgresql+flexresp cd postgresql+flexresp ../../configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=yes \ --with-oracle=no \ --with-odbc=no \ --enable-flexresp %make mv %{name} ../%{name}-postgresql+flexresp # make distclean cd .. } # postgresql { mkdir postgresql cd postgresql ../../configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=yes \ --with-oracle=no \ --with-odbc=no %make mv %{name} ../%{name}-postgresql # make distclean cd .. } # snmp { mkdir snmp cd snmp ../../configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --with-snmp=/usr \ --with-openssl %make mv %{name} ../%{name}-snmp # make distclean cd .. } # snmp+flexresp { mkdir snmp+flexresp cd snmp+flexresp ../../configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --with-snmp \ --enable-flexresp \ --with-openssl %make mv %{name} ../%{name}-snmp+flexresp # make distclean cd .. } # bloat { mkdir bloat cd bloat ../../configure $SNORT_BASE_CONFIG --with-mysql=yes \ --with-postgresql=yes \ --with-oracle=no \ --with-odbc=no \ --with-snmp \ --enable-flexresp \ --with-openssl %make mv %{name} ../%{name}-bloat # make distclean cd .. } %install if [ -d $RPM_BUILD_ROOT ]; then rm -rf $RPM_BUILD_ROOT fi mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT/var/log/%{name} mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_initrddir} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 { pushd building install %{name}-plain $RPM_BUILD_ROOT%{_sbindir}/%{name}-plain install %{name}-plain+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-plain+flexresp install %{name}-mysql $RPM_BUILD_ROOT%{_sbindir}/%{name}-mysql install %{name}-mysql+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-mysql+flexresp install %{name}-postgresql $RPM_BUILD_ROOT%{_sbindir}/%{name}-postgresql install %{name}-postgresql+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-postgresql+flexresp install %{name}-snmp $RPM_BUILD_ROOT%{_sbindir}/%{name}-snmp install %{name}-snmp+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-snmp+flexresp install %{name}-bloat $RPM_BUILD_ROOT%{_sbindir}/%{name}-bloat popd } strip $RPM_BUILD_ROOT%{_sbindir}/* bzip2 %{name}.8 install %{name}.8* $RPM_BUILD_ROOT%{_mandir}/man8 install classification.config %{name}.conf *.rules $RPM_BUILD_ROOT%{_sysconfdir} install %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/ mkdir -p $RPM_BUILD_ROOT/etc/sysconfig install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name} #remove the contrib archive files rm -rf contrib/*.gz mv contrib/README README.contrib %clean if [ -d $RPM_BUILD_ROOT ]; then rm -rf $RPM_BUILD_ROOT fi %post ln -sf %{_sbindir}/%{name}-plain %{_sbindir}/%{name} %_post_service snortd %preun %_preun_service snortd %postun # remove the link if not upgrade if [ $1 = 0 ]; then rm -rf %{_sbindir}/%{name} fi %files %defattr(-,root,root) %doc AUTHORS BUGS COPYING CREDITS ChangeLog INSTALL NEWS README* USAGE SnortUsersManual.pdf contrib/* %attr(755,root,root) %{_sbindir}/%{name}-plain %attr(755,root,root) %{_mandir}/man8/%{name}.8* %attr(755,snort,snort) %dir /var/log/%{name} %attr(644,root,root) %config %{_sysconfdir}/classification.config %attr(644,root,root) %config %{_sysconfdir}/*.rules %attr(644,root,root) %config %{_sysconfdir}/%{name}.conf %attr(755,root,root) %config(noreplace) %{_initrddir}/snortd %attr(644,root,root) %config /etc/sysconfig/%{name} %files plain+flexresp %attr(755,root,root) %{_sbindir}/%{name}-plain+flexresp %files mysql %attr(755,root,root) %{_sbindir}/%{name}-mysql %files mysql+flexresp %attr(755,root,root) %{_sbindir}/%{name}-mysql+flexresp %files postgresql %attr(755,root,root) %{_sbindir}/%{name}-postgresql %files postgresql+flexresp %attr(755,root,root) %{_sbindir}/%{name}-postgresql+flexresp %files snmp %attr(755,root,root) %{_sbindir}/%{name}-snmp %files snmp+flexresp %attr(755,root,root) %{_sbindir}/%{name}-snmp+flexresp %files bloat %attr(755,root,root) %{_sbindir}/%{name}-bloat %post plain+flexresp if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-plain+flexresp %{_sbindir}/%{name}; fi %post mysql if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-mysql %{_sbindir}/%{name}; fi %post mysql+flexresp if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-mysql+flexresp %{_sbindir}/%{name}; fi %post postgresql if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-postgresql %{_sbindir}/%{name}; fi %post postgresql+flexresp if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-postgresql+flexresp %{_sbindir}/%{name}; fi %post snmp if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-snmp %{_sbindir}/%{name}; fi %post snmp+flexresp if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-snmp+flexresp %{_sbindir}/%{name}; fi %post bloat if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-bloat %{_sbindir}/%{name}; fi %changelog * Wed Feb 20 2002 Vincent Danen <vdanen@mandrakesoft.com> 1.8.3-4mdk - patch to fix ICMP ascii printing bug (affects 1.8.3 only) * Wed Feb 20 2002 Florin <florin@mandrakesoft.com> 1.8.3-3mdk - modify the init script according to the new sysconfig file - add the contrib files (not the archives) * Tue Feb 19 2002 Florin <florin@mandrakesoft.com> 1.8.3-2mdk - use force while creating the links in post - use noreplace for the initscript - remove the add/del of the snort user/group as they come with setup - remove the link only in uninstall cases - add the sysconfig file - use -s as default in the initscript (log to syslog) * Fri Feb 15 2002 Florin <florin@mandrakesoft.com> 1.8.3-1mdk - 1.8.3 * Thu Jan 10 2002 Stefan van der Eijk <stefan@eijk.nu> 1.8.2-3mdk - BuildRequires - replace make -j with %%make * Wed Dec 12 2001 Florin <florin@mandrakesoft.com> 1.8.2-2mdk - update the BuildRequires * Wed Nov 14 2001 Florin <florin@mandrakesoft.com> 1.8.2-1mdk - 1.8.2 - merge with the original spec file - use macros when possible - fix some typos in post section - create the link in all cases for snort-plain - fix a spelling error in description - bzip2 the man page - strip the binaries - create the snort/snort user/group in post - /var/log/snort files belong to snort.snort - add _{preun|post}_service macros * Mon Sep 24 2001 Lenny Cartier <lenny@mandrakesoft.com> 1.8.1-2mdk - add manpage * Tue Sep 04 2001 Lenny Cartier <lenny@mandrakesoft.com> 1.8.1-1mdk - 1.8.1 * Fri Aug 10 2001 Florin Grad <florin@mandrakesoft.com> 1.8p1-1mdk - 1.8p1 * Tue Feb 20 2001 Florin Grad <florin@mandrakesoft.com> 1.7-1mdk - mandrake adaptions * Mon Nov 27 2000 Chris Green <cmg@uab.edu> - removed strip - upgrade to cvs version - moved /var/snort/dev/null creation to install time * Tue Nov 21 2000 Chris Green <cmg@uab.edu> - changed to %{SnortPrefix} - upgrade to patch2 * Mon Jul 31 2000 Wim Vandersmissen <wim@bofh.st> - Integrated the -t (chroot) option and build a /home/snort chroot jail - Installs a statically linked/stripped snort - Updated %{_initrddir}/snortd to work with the chroot option * Tue Jul 25 2000 Wim Vandersmissen <wim@bofh.st> - Added some checks to find out if we're upgrading or removing the package * Sat Jul 22 2000 Wim Vandersmissen <wim@bofh.st> - Updated to version 1.6.3 - Fixed the user/group stuff (moved to %post) - Added userdel/groupdel to %postun - Automagically adds the right IP, nameservers to %{_sysconfdir}/rules.base * Sat Jul 08 2000 Dave Wreski <dave@linuxsecurity.com> - Updated to version 1.6.2 - Removed references to xntpd - Fixed minor problems with snortd init script * Fri Jul 07 2000 Dave Wreski <dave@linuxsecurity.com> - Updated to version 1.6.1 - Added user/group snort * Sat Jun 10 2000 Dave Wreski <dave@linuxsecurity.com> - Added snort init.d script (snortd) - Added Dave Dittrich's snort rules header file (ruiles.base) - Added Dave Dittrich's wget rules fetch script (check-snort) - Fixed permissions on /var/log/snort - Created /var/log/snort/archive for archival of snort logs - Added post/preun to add/remove snortd to/from rc?.d directories - Defined configuration files as %config * Tue Mar 28 2000 William Stearns <wstearns@pobox.com> - Quick update to 1.6. - Sanity checks before doing rm-rf in install and clean * Fri Dec 10 1999 Henri Gomez <gomez@slib.fr> - 1.5-0 Initial RPM release