%define name prelude %define majver 0 %define version 0.4.2 %define release 6mdk Summary: An Hybrid Intrusion Detection System Name: %{name} Version: %{version} Release: %{release} Source0: %{name}-%{version}.tar.bz2 Source1: prelude.init License: GPL Group: Networking/Other BuildRequires: byacc flex BuildRoot: %{_tmppath}/prelude-root Provides: prelude = %{version}-%{release} Requires: libprelude = %{version}-%{release}, prelude-report = %{version}-%{release} %package -n libprelude%{majver} Summary: Shared code between Prelude, Prelude Report, and plugins. Group: System/Libraries Provides: libprelude = %{version}-%{release} %package -n prelude-doc Summary: Prelude API documentation. Group: Books/Other Provides: prelude-doc = %{version}-%{release} %package -n prelude-report Summary: The Prelude Report server Group: System/Servers Provides: prelude-report = %{version}-%{release} Requires: libprelude = %{version}-%{release}, openssl, prelude = %{version}-%{release} %description Prelude is an Hybrid Intrusion Detection System, written entirely from scratch, in C. Prelude is divided in several parts: * The Prelude NIDS sensor, responsible for real time packet capture and analysis : - The signature engine, designed to be completly generic and evolutionary. It is currently able to read Snort rulesets. By simply adding parser, it should permit to load rulesets from any NIDS easily. - The protocol plugins, which can handle packets at a higher level than prelude does, ie: you got a tcp packet, and a Protocol plugin detect that packet data contain an ssh header, so it will decode the ssh header, and ask to the associated Detection plugin to analyze the decoded header. - A set of detection plugins whose job is to analyze the data they are interested in (they register the protocol they are interested in at initialization time), and will eventually emit a security warning. Detection plugin should only be used for complex intrusion detection that can't be done using the signature engine. * A report server, which sensors contact in order to report an alert, that generates user readable report using plugins. - The reporting plugins, whose job is to decode the reports issued by the Detection plugin, and translate them in a user readable form (eg: syslog report, html report, etc). %description -n libprelude%{majver} This library contain shared code between Prelude, Prelude Report, and their respective plugins. %description -n prelude-report The main task of the Prelude Report server is to get alerts from Prelude sensors and generate user readable report with the gathered alerts. The reports are generated using plugins. %description -n prelude-doc Prelude API documentation. %prep %setup -q %define _localstatedir /var %build %configure make CFLAGS="$RPM_OPT_FLAGS" %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT %makeinstall mkdir -p $RPM_BUILD_ROOT%{_initrddir} install -m 755 %SOURCE1 \ $RPM_BUILD_ROOT%{_initrddir}/prelude mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d cat > $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%name << EOF %{_localstatedir}/log/prelude/prelude.log { missingok postrotate [ -f /var/lock/subsys/prelude ] && %{_initrddir}/prelude restart endscript } EOF mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/log/prelude/{html,xml} touch $RPM_BUILD_ROOT/%{_localstatedir}/log/prelude/prelude.log %clean rm -rf $RPM_BUILD_ROOT %post %_post_service prelude %preun %_preun_service prelude %post -n libprelude%{majver} -p /sbin/ldconfig %postun -n libprelude%{majver} -p /sbin/ldconfig %files -n libprelude%{majver} %defattr(-,root,root) %{_libdir}/libprelude.so.* %files -n prelude %defattr(-,root,root) %doc AUTHORS COPYING ChangeLog NEWS README TODO CREDITS %{_bindir}/prelude %{_libdir}/prelude/detects/* %{_libdir}/prelude/protocols/* %config(noreplace) %{_sysconfdir}/prelude/prelude.conf %config(noreplace) %{_initrddir}/prelude %dir %config %{_sysconfdir}/prelude %files -n prelude-report %defattr(-,root,root) %{_bindir}/prelude_report %{_libdir}/prelude/reports/* %{_localstatedir}/prelude %config(noreplace) %{_sysconfdir}/prelude/prelude-report.conf %config(noreplace) %{_sysconfdir}/logrotate.d/%name %dir %{_localstatedir}/log/prelude %dir %{_localstatedir}/log/prelude/html %dir %{_localstatedir}/log/prelude/xml %ghost %{_localstatedir}/log/prelude/prelude.log %files -n prelude-doc %defattr(-,root,root) %{_docdir}/prelude %changelog * Wed Sep 19 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.4.2-6mdk - require Prelude Report in order to not confuse the user. - Doesn't require libpcap anymore * Sun Sep 16 2001 Geoffrey Lee <snailtalk@mandrakesoft.com> 0.4.2-5mdk - Fix some (French-like?) English. ;p - Quiet untar of source so we don't get an ugly output on the screen. - Don't list prelude.conf twice. - Tag /etc/prelude as a directory. - Don't use /var/tmp as the BuildRoot. * Sun Sep 16 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.4.2-4mdk - make the startup script more robust * Wed Sep 12 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.4.2-3mdk - added logrotate file - all config => noreplace - fixed initscript wrt to draknet - prelude-report depends on prelude - corrected the log dir location. * Thu Sep 06 2001 Stefan van der Eijk <stefan@eijk.nu> 0.4.2-2mdk - BuildRequires: byacc flex libpcap-devel - Copyright --> License - replace RPM_SOURCE_DIR/prelude.init with SOURCE1 (rpmlint) * Mon Aug 27 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.4.2-1mdk - Update to 0.4.2 * Thu Mar 29 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.3-1mdk - first packaging attempt.