%define snort_version 1.8.3
%define _sysconfdir /etc/snort
%define _initrddir /etc/rc.d/init.d
# this is so the binaries won't be stripped so people will submit
# meaningful bugreports
# diskspace is cheap. don't ship nude binaries
# bug reports need info.
%define __spec_install_post %{nil}
Summary: An intrusion detection system
Name: snort
Version: %{snort_version}
Release: 4mdk
License: GPL
Group: Networking/Other
Source0: http://www.snort.org/releases/%{name}-%{snort_version}.tar.bz2
Source1: snortd
Source2: sysconfig
Patch0: snort-1.8.3-icmp.patch.bz2
Url: http://www.snort.org
BuildRoot: %{_tmppath}/%{name}-root
Requires: libpcap >= 0.6
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: libnet
BuildRequires: libpcap-devel >= 0.6
BuildRequires: libsnmp-devel
BuildRequires: MySQL-devel
BuildRequires: openssl-devel
BuildRequires: postgresql-devel
BuildRequires: texinfo
BuildRequires: zlib-devel
%description
Snort is a libpcap-based packet sniffer/logger which
can be used as a lightweight network intrusion detection system.
It features rules based logging and can perform protocol analysis,
content searching/matching and can be used to detect a variety of
attacks and probes, such as buffer overflows, stealth port scans,
CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog,
a separate "alert" file, or as a WinPopup message via Samba's smbclient
This version is compiled without database support. Edit the spec file
and rebuild the rpm to enable it.
Edit %{_sysconfdir}/snort.conf to configure snort and use snort.d to start snort
This rpm is different from previous rpms and while it will not clobber
your current snortd file, you will need to modify it.
There are 9 different packages available
All of them require the base snort rpm. Additionally, you will need
to chose a binary to install.
%{_sbindir}/snort should end up being a symlink to a binary in one of
the following configurations:
plain plain+flexresp
mysql mysql+flexresp
postgresql postgresql+flexresp
snmp snmp+flexresp
bloat mysql+postgresql+flexresp+snmp
Please see the documentation in %{_docdir}/%{name}-%{version}
%package plain+flexresp
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description plain+flexresp
Snort compiled with flexresp support. Requires snort libnet rpm.
%package mysql
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description mysql
Snort compiled with mysql support.
%package mysql+flexresp
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description mysql+flexresp
Snort compiled with mysql+flexresp support. Requires snort libnet rpm.
%package postgresql
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description postgresql
Snort compiled with postgresql support.
%package postgresql+flexresp
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description postgresql+flexresp
Snort compiled with postgresql+flexresp support. Requires snort libnet rpm.
%package snmp
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description snmp
Snort compiled with snmp support.
Currently a bit buggy in packaging. If anyone can figure out why
--enable-snmp pulls in everything else, let me know
%package snmp+flexresp
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description snmp+flexresp
Snort compiled with snmp+flexresp support. Requires snort libnet rpm.
Currently a bit buggy in packaging. If anyone can figure out why
--enable-snmp pulls in everything else, let me know
%package bloat
Summary: Snort with Flexible Response
Group: Networking/Other
Requires: snort = %{version}
%description bloat
Snort compiled with snmp+flexresp+mysql+postgresql support.
Requires snort libnet rpm.
%prep
%setup -q -n %{name}-%{snort_version}
%patch0 -p0 -b .icmp
%build
automake
aclocal
rm -rf building && mkdir -p building && cd building
export AM_CFLAGS="-g -O2"
SNORT_BASE_CONFIG="--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} "
# there are some strange configure errors
# when not doing a distclean between major builds.
# plain
{
mkdir plain
cd plain
../../configure $SNORT_BASE_CONFIG --with-mysql=no \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no
%make
mv %{name} ../%{name}-plain
# make distclean
cd ..
}
# plain+flexresp
{
mkdir plain+flexresp
cd plain+flexresp
../../configure $SNORT_BASE_CONFIG --with-mysql=no \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no \
--enable-flexresp
%make
mv %{name} ../%{name}-plain+flexresp
# make distclean
cd ..
}
# mysql+flexresp
{
mkdir mysql+flexresp
cd mysql+flexresp
../../configure $SNORT_BASE_CONFIG --with-mysql=yes \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no \
--enable-flexresp
%make
mv %{name} ../%{name}-mysql+flexresp
# make distclean
cd ..
}
# mysql
{
mkdir mysql
cd mysql
../../configure $SNORT_BASE_CONFIG --with-mysql=yes \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no
%make
mv %{name} ../%{name}-mysql
# make distclean
cd ..
}
# postgresql+flexresp
{
mkdir postgresql+flexresp
cd postgresql+flexresp
../../configure $SNORT_BASE_CONFIG --with-mysql=no \
--with-postgresql=yes \
--with-oracle=no \
--with-odbc=no \
--enable-flexresp
%make
mv %{name} ../%{name}-postgresql+flexresp
# make distclean
cd ..
}
# postgresql
{
mkdir postgresql
cd postgresql
../../configure $SNORT_BASE_CONFIG --with-mysql=no \
--with-postgresql=yes \
--with-oracle=no \
--with-odbc=no
%make
mv %{name} ../%{name}-postgresql
# make distclean
cd ..
}
# snmp
{
mkdir snmp
cd snmp
../../configure $SNORT_BASE_CONFIG --with-mysql=no \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no \
--with-snmp=/usr \
--with-openssl
%make
mv %{name} ../%{name}-snmp
# make distclean
cd ..
}
# snmp+flexresp
{
mkdir snmp+flexresp
cd snmp+flexresp
../../configure $SNORT_BASE_CONFIG --with-mysql=no \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no \
--with-snmp \
--enable-flexresp \
--with-openssl
%make
mv %{name} ../%{name}-snmp+flexresp
# make distclean
cd ..
}
# bloat
{
mkdir bloat
cd bloat
../../configure $SNORT_BASE_CONFIG --with-mysql=yes \
--with-postgresql=yes \
--with-oracle=no \
--with-odbc=no \
--with-snmp \
--enable-flexresp \
--with-openssl
%make
mv %{name} ../%{name}-bloat
# make distclean
cd ..
}
%install
if [ -d $RPM_BUILD_ROOT ]; then
rm -rf $RPM_BUILD_ROOT
fi
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
mkdir -p $RPM_BUILD_ROOT/var/log/%{name}
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
{
pushd building
install %{name}-plain $RPM_BUILD_ROOT%{_sbindir}/%{name}-plain
install %{name}-plain+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-plain+flexresp
install %{name}-mysql $RPM_BUILD_ROOT%{_sbindir}/%{name}-mysql
install %{name}-mysql+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-mysql+flexresp
install %{name}-postgresql $RPM_BUILD_ROOT%{_sbindir}/%{name}-postgresql
install %{name}-postgresql+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-postgresql+flexresp
install %{name}-snmp $RPM_BUILD_ROOT%{_sbindir}/%{name}-snmp
install %{name}-snmp+flexresp $RPM_BUILD_ROOT%{_sbindir}/%{name}-snmp+flexresp
install %{name}-bloat $RPM_BUILD_ROOT%{_sbindir}/%{name}-bloat
popd
}
strip $RPM_BUILD_ROOT%{_sbindir}/*
bzip2 %{name}.8
install %{name}.8* $RPM_BUILD_ROOT%{_mandir}/man8
install classification.config %{name}.conf *.rules $RPM_BUILD_ROOT%{_sysconfdir}
install %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
#remove the contrib archive files
rm -rf contrib/*.gz
mv contrib/README README.contrib
%clean
if [ -d $RPM_BUILD_ROOT ]; then
rm -rf $RPM_BUILD_ROOT
fi
%post
ln -sf %{_sbindir}/%{name}-plain %{_sbindir}/%{name}
%_post_service snortd
%preun
%_preun_service snortd
%postun
# remove the link if not upgrade
if [ $1 = 0 ]; then
rm -rf %{_sbindir}/%{name}
fi
%files
%defattr(-,root,root)
%doc AUTHORS BUGS COPYING CREDITS ChangeLog INSTALL NEWS README* USAGE SnortUsersManual.pdf contrib/*
%attr(755,root,root) %{_sbindir}/%{name}-plain
%attr(755,root,root) %{_mandir}/man8/%{name}.8*
%attr(755,snort,snort) %dir /var/log/%{name}
%attr(644,root,root) %config %{_sysconfdir}/classification.config
%attr(644,root,root) %config %{_sysconfdir}/*.rules
%attr(644,root,root) %config %{_sysconfdir}/%{name}.conf
%attr(755,root,root) %config(noreplace) %{_initrddir}/snortd
%attr(644,root,root) %config /etc/sysconfig/%{name}
%files plain+flexresp
%attr(755,root,root) %{_sbindir}/%{name}-plain+flexresp
%files mysql
%attr(755,root,root) %{_sbindir}/%{name}-mysql
%files mysql+flexresp
%attr(755,root,root) %{_sbindir}/%{name}-mysql+flexresp
%files postgresql
%attr(755,root,root) %{_sbindir}/%{name}-postgresql
%files postgresql+flexresp
%attr(755,root,root) %{_sbindir}/%{name}-postgresql+flexresp
%files snmp
%attr(755,root,root) %{_sbindir}/%{name}-snmp
%files snmp+flexresp
%attr(755,root,root) %{_sbindir}/%{name}-snmp+flexresp
%files bloat
%attr(755,root,root) %{_sbindir}/%{name}-bloat
%post plain+flexresp
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-plain+flexresp %{_sbindir}/%{name}; fi
%post mysql
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-mysql %{_sbindir}/%{name}; fi
%post mysql+flexresp
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-mysql+flexresp %{_sbindir}/%{name}; fi
%post postgresql
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-postgresql %{_sbindir}/%{name}; fi
%post postgresql+flexresp
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-postgresql+flexresp %{_sbindir}/%{name}; fi
%post snmp
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-snmp %{_sbindir}/%{name}; fi
%post snmp+flexresp
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-snmp+flexresp %{_sbindir}/%{name}; fi
%post bloat
if [ -L %{_sbindir}/%{name} ]; then ln -sf %{_sbindir}/%{name}-bloat %{_sbindir}/%{name}; fi
%changelog
* Wed Feb 20 2002 Vincent Danen <vdanen@mandrakesoft.com> 1.8.3-4mdk
- patch to fix ICMP ascii printing bug (affects 1.8.3 only)
* Wed Feb 20 2002 Florin <florin@mandrakesoft.com> 1.8.3-3mdk
- modify the init script according to the new sysconfig file
- add the contrib files (not the archives)
* Tue Feb 19 2002 Florin <florin@mandrakesoft.com> 1.8.3-2mdk
- use force while creating the links in post
- use noreplace for the initscript
- remove the add/del of the snort user/group as they come with setup
- remove the link only in uninstall cases
- add the sysconfig file
- use -s as default in the initscript (log to syslog)
* Fri Feb 15 2002 Florin <florin@mandrakesoft.com> 1.8.3-1mdk
- 1.8.3
* Thu Jan 10 2002 Stefan van der Eijk <stefan@eijk.nu> 1.8.2-3mdk
- BuildRequires
- replace make -j with %%make
* Wed Dec 12 2001 Florin <florin@mandrakesoft.com> 1.8.2-2mdk
- update the BuildRequires
* Wed Nov 14 2001 Florin <florin@mandrakesoft.com> 1.8.2-1mdk
- 1.8.2
- merge with the original spec file
- use macros when possible
- fix some typos in post section
- create the link in all cases for snort-plain
- fix a spelling error in description
- bzip2 the man page
- strip the binaries
- create the snort/snort user/group in post
- /var/log/snort files belong to snort.snort
- add _{preun|post}_service macros
* Mon Sep 24 2001 Lenny Cartier <lenny@mandrakesoft.com> 1.8.1-2mdk
- add manpage
* Tue Sep 04 2001 Lenny Cartier <lenny@mandrakesoft.com> 1.8.1-1mdk
- 1.8.1
* Fri Aug 10 2001 Florin Grad <florin@mandrakesoft.com> 1.8p1-1mdk
- 1.8p1
* Tue Feb 20 2001 Florin Grad <florin@mandrakesoft.com> 1.7-1mdk
- mandrake adaptions
* Mon Nov 27 2000 Chris Green <cmg@uab.edu>
- removed strip
- upgrade to cvs version
- moved /var/snort/dev/null creation to install time
* Tue Nov 21 2000 Chris Green <cmg@uab.edu>
- changed to %{SnortPrefix}
- upgrade to patch2
* Mon Jul 31 2000 Wim Vandersmissen <wim@bofh.st>
- Integrated the -t (chroot) option and build a /home/snort chroot jail
- Installs a statically linked/stripped snort
- Updated %{_initrddir}/snortd to work with the chroot option
* Tue Jul 25 2000 Wim Vandersmissen <wim@bofh.st>
- Added some checks to find out if we're upgrading or removing the package
* Sat Jul 22 2000 Wim Vandersmissen <wim@bofh.st>
- Updated to version 1.6.3
- Fixed the user/group stuff (moved to %post)
- Added userdel/groupdel to %postun
- Automagically adds the right IP, nameservers to %{_sysconfdir}/rules.base
* Sat Jul 08 2000 Dave Wreski <dave@linuxsecurity.com>
- Updated to version 1.6.2
- Removed references to xntpd
- Fixed minor problems with snortd init script
* Fri Jul 07 2000 Dave Wreski <dave@linuxsecurity.com>
- Updated to version 1.6.1
- Added user/group snort
* Sat Jun 10 2000 Dave Wreski <dave@linuxsecurity.com>
- Added snort init.d script (snortd)
- Added Dave Dittrich's snort rules header file (ruiles.base)
- Added Dave Dittrich's wget rules fetch script (check-snort)
- Fixed permissions on /var/log/snort
- Created /var/log/snort/archive for archival of snort logs
- Added post/preun to add/remove snortd to/from rc?.d directories
- Defined configuration files as %config
* Tue Mar 28 2000 William Stearns <wstearns@pobox.com>
- Quick update to 1.6.
- Sanity checks before doing rm-rf in install and clean
* Fri Dec 10 1999 Henri Gomez <gomez@slib.fr>
- 1.5-0 Initial RPM release
distrib
>
Mandriva
>
8.2
>
i586
>
media
>
main-src
>
by-pkgid
>
3f97da52f220bb8503e74dd4aab6256e
>
files
>
3
