%define name prelude
%define majver 0
%define version 0.4.2
%define release 6mdk
Summary: An Hybrid Intrusion Detection System
Name: %{name}
Version: %{version}
Release: %{release}
Source0: %{name}-%{version}.tar.bz2
Source1: prelude.init
License: GPL
Group: Networking/Other
BuildRequires: byacc flex
BuildRoot: %{_tmppath}/prelude-root
Provides: prelude = %{version}-%{release}
Requires: libprelude = %{version}-%{release}, prelude-report = %{version}-%{release}
%package -n libprelude%{majver}
Summary: Shared code between Prelude, Prelude Report, and plugins.
Group: System/Libraries
Provides: libprelude = %{version}-%{release}
%package -n prelude-doc
Summary: Prelude API documentation.
Group: Books/Other
Provides: prelude-doc = %{version}-%{release}
%package -n prelude-report
Summary: The Prelude Report server
Group: System/Servers
Provides: prelude-report = %{version}-%{release}
Requires: libprelude = %{version}-%{release}, openssl, prelude = %{version}-%{release}
%description
Prelude is an Hybrid Intrusion Detection System,
written entirely from scratch, in C.
Prelude is divided in several parts:
* The Prelude NIDS sensor, responsible for real time packet capture and
analysis :
- The signature engine, designed to be completly generic and evolutionary.
It is currently able to read Snort rulesets. By simply adding parser,
it should permit to load rulesets from any NIDS easily.
- The protocol plugins, which can handle packets at a higher level than
prelude does, ie: you got a tcp packet, and a Protocol plugin detect that
packet data contain an ssh header, so it will decode the ssh header,
and ask to the associated Detection plugin to analyze the decoded header.
- A set of detection plugins whose job is to analyze the data they are
interested in (they register the protocol they are interested in at
initialization time), and will eventually emit a security warning. Detection
plugin should only be used for complex intrusion detection that can't be
done using the signature engine.
* A report server, which sensors contact in order to report an alert, that
generates user readable report using plugins.
- The reporting plugins, whose job is to decode the reports issued by the
Detection plugin, and translate them in a user readable form (eg: syslog
report, html report, etc).
%description -n libprelude%{majver}
This library contain shared code between Prelude, Prelude Report,
and their respective plugins.
%description -n prelude-report
The main task of the Prelude Report server is to get alerts from
Prelude sensors and generate user readable report with the gathered alerts.
The reports are generated using plugins.
%description -n prelude-doc
Prelude API documentation.
%prep
%setup -q
%define _localstatedir /var
%build
%configure
make CFLAGS="$RPM_OPT_FLAGS"
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT
%makeinstall
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
install -m 755 %SOURCE1 \
$RPM_BUILD_ROOT%{_initrddir}/prelude
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
cat > $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%name << EOF
%{_localstatedir}/log/prelude/prelude.log {
missingok
postrotate
[ -f /var/lock/subsys/prelude ] && %{_initrddir}/prelude restart
endscript
}
EOF
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/log/prelude/{html,xml}
touch $RPM_BUILD_ROOT/%{_localstatedir}/log/prelude/prelude.log
%clean
rm -rf $RPM_BUILD_ROOT
%post
%_post_service prelude
%preun
%_preun_service prelude
%post -n libprelude%{majver} -p /sbin/ldconfig
%postun -n libprelude%{majver} -p /sbin/ldconfig
%files -n libprelude%{majver}
%defattr(-,root,root)
%{_libdir}/libprelude.so.*
%files -n prelude
%defattr(-,root,root)
%doc AUTHORS COPYING ChangeLog NEWS README TODO CREDITS
%{_bindir}/prelude
%{_libdir}/prelude/detects/*
%{_libdir}/prelude/protocols/*
%config(noreplace) %{_sysconfdir}/prelude/prelude.conf
%config(noreplace) %{_initrddir}/prelude
%dir %config %{_sysconfdir}/prelude
%files -n prelude-report
%defattr(-,root,root)
%{_bindir}/prelude_report
%{_libdir}/prelude/reports/*
%{_localstatedir}/prelude
%config(noreplace) %{_sysconfdir}/prelude/prelude-report.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%name
%dir %{_localstatedir}/log/prelude
%dir %{_localstatedir}/log/prelude/html
%dir %{_localstatedir}/log/prelude/xml
%ghost %{_localstatedir}/log/prelude/prelude.log
%files -n prelude-doc
%defattr(-,root,root)
%{_docdir}/prelude
%changelog
* Wed Sep 19 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.4.2-6mdk
- require Prelude Report in order to not confuse the user.
- Doesn't require libpcap anymore
* Sun Sep 16 2001 Geoffrey Lee <snailtalk@mandrakesoft.com> 0.4.2-5mdk
- Fix some (French-like?) English. ;p
- Quiet untar of source so we don't get an ugly output on the screen.
- Don't list prelude.conf twice.
- Tag /etc/prelude as a directory.
- Don't use /var/tmp as the BuildRoot.
* Sun Sep 16 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.4.2-4mdk
- make the startup script more robust
* Wed Sep 12 2001 Frederic Lepied <flepied@mandrakesoft.com> 0.4.2-3mdk
- added logrotate file
- all config => noreplace
- fixed initscript wrt to draknet
- prelude-report depends on prelude
- corrected the log dir location.
* Thu Sep 06 2001 Stefan van der Eijk <stefan@eijk.nu> 0.4.2-2mdk
- BuildRequires: byacc flex libpcap-devel
- Copyright --> License
- replace RPM_SOURCE_DIR/prelude.init with SOURCE1 (rpmlint)
* Mon Aug 27 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.4.2-1mdk
- Update to 0.4.2
* Thu Mar 29 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.3-1mdk
- first packaging attempt.
distrib
>
Mandriva
>
8.2
>
i586
>
media
>
main-src
>
by-pkgid
>
bd5d048234b116cb35bd4a8713476629
>
files
>
3
