Search
j0ke.net Open Build Service
>
Projects
>
ha
:
firewall
>
snort295
> snort.spec
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File snort.spec of Package snort295 (Revision 14)
Currently displaying revision
14
,
show latest
# $Id$ # Snort.org's SPEC file for Snort #!BuildIgnore: post-build-checks ################################################################ # rpmbuild Package Options # ======================== # # See README.build_rpms for more details. # # --with flexresp # Add flexresp capability to whatever package(s) you are # building. # # --with inline # Add inline capability to whatever package(s) you are # building. This will create its own inline package. # # See pg 399 of _Red_Hat_RPM_Guide_ for rpmbuild --with and --without options. ################################################################ # Other useful bits %define SnortRulesDir %{_sysconfdir}/snort/rules %define SnortPreProcRulesDir %{_sysconfdir}/snort/preproc_rules %define noShell /bin/false # Handle the options noted above. # Default of no flexresp, but --with flexresp will enable it %define flexresp 0 %{?_with_flexresp:%define flexresp 1} # Default of no IPv6 Preprocessor, but --with ipv6spp will enable it %define ipv6spp 0 %{?_with_ipv6spp:%define ipv6spp 1} %define snortsam 0 %{?_with_snortsam:%define snortsam 1} %define debug 0 %{?_with_debug:%define debug 1} # If not inline then we'll conflict with it %define conflicts snort-inline # Default of no Inline, but --with inline will enable it %define inline 0 %define inlinetext %{nil} %{?_with_inline:%define inline 1} %{?_with_inline:%define inlinetext -inline } %{?_with_inline:%define conflicts snort } %define vendor Snort.org %define for_distro RPMs %define release 1 %define realname snort # Look for a directory to see if we're building under cAos # Exit status is usually 0 if the dir exists, 1 if not, so # we reverse that with the '!' %define caos %([ ! -d /usr/lib/rpm/caos ]; echo $?) %if %{caos} # We are building for cAos (www.caosity.org) and the autobuilder doesn't # have command line options so we have to fake the options for whatever # packages we actually want here, in addition to tweaking the package # info. %define vendor cAos Linux %define for_distro RPMs for cAos Linux %define release 1.caos %endif %if 0%{?opensuse_bs} %define vendor Linux-Adminstrator Networks %define for_distro RPMs for (open)SuSE(Enterprise)/CentOS/RHEL/Fedora Linux %define ipv6spp 0 %define snortsam 1 %define debug 0 %define release 1 %endif %if 0%{?suse_version} PreReq: %fillup_prereq %endif Name: %{realname}%{inlinetext} %{?_with_inline:%define Name: %{realname}-inline } Version: 2.9.5.6 Epoch: 1 Release: %{release} Summary: An open source Network Intrusion Detection System (NIDS) Group: Applications/Internet License: GPL Url: http://www.snort.org/ Source0: http://www.snort.org/dl/2.9.0/%{realname}-%{version}.tar.bz2 Source2: snortd.suse.init Source10: spp_ipv6_20120120.tar.bz2 Source11: spp_ipv6-configs.tar.bz2 Source12: spp_ipv6-snort.sample.conf Source20: snort-rpmlintrc Patch0: snortsam-2.9.3.diff Patch1: autojunk.patch Patch2: snort-razorback-pkgconfig.patch Patch3: snortsam-2.9.3_2.9.4.diff Patch4: spp_ipv6-Makefile.patch Patch5: snortsam-2.9.4_2.9.5.diff BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Packager: Official Snort.org %{for_distro} Vendor: %{vendor} Requires: logrotate BuildRequires: autoconf, automake, pcre-devel, libpcap-devel zlib-devel flex bison libdnet-devel daq-devel libuuid-devel libconfig-devel pkgconfig BuildRequires: razorback-devel >= 0.1.3 Conflicts: %{conflicts} %if %{flexresp} BuildRequires: libnet %define EnableFlexresp --enable-flexresp %endif # Itables-devel removed from BuildReq as RH does not supply that package. # Will replace iptables-devel buildreq with a scripted solution. --jh %if %{inline} BuildRequires: libnet %define EnableInline --enable-inline %endif %description Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. You MUST edit /etc/snort/snort.conf to configure snort before it will work! There are 5 different packages available. All of them require the base snort rpm (this one). Additionally, you may need to chose a different binary to install if you want database support. If you install a different binary package %{_sbindir}/snort should end up being a symlink to a binary in one of the following configurations: plain Snort (this package, required) inline Snort with inline support (optional) Please see the documentation in %{_docdir}/%{realname}-%{version} for more information on snort features and configuration. %prep %setup -q -n %{realname}-%{version} -a 10 -a 11 %if %{snortsam} %patch0 -p1 %patch1 -p0 %endif %patch2 %if %{ipv6spp} cd spp_ipv6 %patch4 cd .. %endif %if %{snortsam} %patch3 %patch5 %endif cp /usr/share/aclocal/pkg.m4 m4/ ## start: needed for snortsam patch %if %{snortsam} chmod +x autojunk.sh if [ -s configure ] ; then mv configure configure.bak fi %endif ## end: needed for snortsam patch # When building from a Snort.org CVS snapshot tarball, you have to run # autojunk before you can build. if [ \( ! -s configure \) -a \( -x autojunk.sh \) ]; then ./autojunk.sh fi # Make sure it worked, or die with a useful error message. if [ ! -s configure ]; then echo "Can't find ./configure. ./autojunk.sh not present or not executable?" exit 2 fi %build BuildSnort() { %__mkdir "$1" cd "$1" %__ln_s ../configure ./configure if [ "$1" = "plain" ] ; then ./configure $SNORT_BASE_CONFIG \ %{?EnableFlexresp} %{?EnableFlexresp2} \ %{?EnableInline} fi %__make %__mv src/snort ../%{name}-"$1" cd .. } CFLAGS="$RPM_OPT_FLAGS" export AM_CFLAGS="-g -O2" SNORT_BASE_CONFIG="--prefix=%{_prefix} \ %if %{debug} --enable-gdb --enable-debug --enable-debug-msgs \ %endif --bindir=%{_sbindir} \ --sysconfdir=%{_sysconfdir}/snort \ --with-libpcap-includes=%{_includedir} \ --enable-targetbased --enable-zlib --enable-normalizer --enable-reload \ " # Always build snort-plain BuildSnort plain ## build ipv6 preproc %if %{ipv6spp} cd spp_ipv6 %__make %endif %install # Remove leftover CVS files in the tarball, if any... find . -type 'd' -name "CVS" -print | xargs %{__rm} -rf InstallSnort() { if [ "$1" = "plain" ]; then %__rm -rf $RPM_BUILD_ROOT %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_sbindir} %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{SnortRulesDir} %if %{ipv6spp} %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{SnortPreProcRulesDir} %endif %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/snort %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_var}/log/snort %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_initrddir} %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_mandir}/man8 %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_docdir}/%{realname}-%{version} %__install -p -m 0755 %{name}-plain $RPM_BUILD_ROOT%{_sbindir}/%{name}-plain %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicengine %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicpreprocessor %__mkdir_p -m 0755 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicrules %__install -p -m 0755 plain/src/dynamic-plugins/sf_engine/.libs/libsf_engine.so.0 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicengine %__ln_s -f %{_libdir}/%{realname}-%{version}_dynamicengine/libsf_engine.so.0 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicengine/libsf_engine.so for service in smtp ftptelnet dns ssh ssl dce2 sdf pop sip reputation imap dnp3 gtp modbus ; do %__install -p -m 0755 plain/src/dynamic-preprocessors/build/%{_prefix}/lib/snort_dynamicpreprocessor/libsf_${service}_preproc.so.0 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicpreprocessor %__ln_s -f %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_${service}_preproc.so.0 $RPM_BUILD_ROOT%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_${service}_preproc.so done %__install -p -m 0644 snort.8 $RPM_BUILD_ROOT%{_mandir}/man8 %__gzip $RPM_BUILD_ROOT%{_mandir}/man8/snort.8 %if 0%{?suse_version} %__install -p -m 0755 %{S:2} $RPM_BUILD_ROOT%{_initrddir}/snortd %else %__install -p -m 0755 rpm/snortd $RPM_BUILD_ROOT%{_initrddir} %endif %if 0%{?suse_version} %__install -D -p -m 0644 rpm/snort.sysconfig $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.snort %else %__install -p -m 0644 rpm/snort.sysconfig $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/%{realname} %endif %__install -p -m 0644 rpm/snort.logrotate $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/snort %__install -p -m 0644 etc/reference.config etc/classification.config \ etc/unicode.map etc/gen-msg.map \ etc/threshold.conf etc/snort.conf \ $RPM_BUILD_ROOT/%{_sysconfdir}/snort %__install -d $RPM_BUILD_ROOT/%{SnortPreProcRulesDir} %__install -p -m 0644 preproc_rules/decoder.rules \ preproc_rules/preprocessor.rules \ preproc_rules/sensitive-data.rules \ $RPM_BUILD_ROOT/%{SnortPreProcRulesDir} find doc -maxdepth 1 -type f -not -name 'Makefile*' -exec %__install -p -m 0644 {} $RPM_BUILD_ROOT%{_docdir}/%{realname}-%{version} \; %__rm -f $RPM_BUILD_ROOT%{_docdir}/%{realname}-%{version}/Makefile.* fi } # Fix the RULE_PATH %__sed -e 's;var RULE_PATH ../rules;var RULE_PATH %{SnortRulesDir};' \ < etc/snort.conf > etc/snort.conf.new %__rm -f etc/snort.conf %__mv etc/snort.conf.new etc/snort.conf # var SO_RULE_PATH so_rules %__sed -e 's;var SO_RULE_PATH ../so_rules;var SO_RULE_PATH /etc/snort/so_rules;' \ < etc/snort.conf > etc/snort.conf.new %__rm -f etc/snort.conf %__mv etc/snort.conf.new etc/snort.conf #var PREPROC_RULE_PATH preproc_rules %__sed -e 's;var PREPROC_RULE_PATH ../preproc_rules;var PREPROC_RULE_PATH /etc/snort/preproc_rules;' \ < etc/snort.conf > etc/snort.conf.new %__rm -f etc/snort.conf %__mv etc/snort.conf.new etc/snort.conf # Fix dynamic-preproc paths %__sed -e 's;dynamicpreprocessor directory \/usr\/local/lib\/snort_dynamicpreprocessor;dynamicpreprocessor directory %{_libdir}\/%{realname}-%{version}_dynamicpreprocessor;' < etc/snort.conf > etc/snort.conf.new %__rm -f etc/snort.conf %__mv etc/snort.conf.new etc/snort.conf # Fix dynamic-engine paths %__sed -e 's;dynamicengine \/usr\/local/lib\/snort_dynamicengine;dynamicengine %{_libdir}\/%{realname}-%{version}_dynamicengine;' < etc/snort.conf > etc/snort.conf.new %__rm -f etc/snort.conf %__mv etc/snort.conf.new etc/snort.conf # Fix dynamic-modules paths %__sed -e 's;dynamicdetection directory \/usr\/local\/lib\/snort_dynamicrules;dynamicdetection directory %{_libdir}\/%{realname}-%{version}_dynamicrules;' < etc/snort.conf > etc/snort.conf.new %__rm -f etc/snort.conf %__mv etc/snort.conf.new etc/snort.conf # Always install snort-plain InstallSnort plain # install ipv6 preproc %if %{ipv6spp} %__install -m0755 spp_ipv6/build/spp_ipv6.so %{buildroot}%{_libdir}/%{realname}-%{version}_dynamicpreprocessor/ #%__install -m0644 preprocessor.rules %{buildroot}%{SnortPreProcRulesDir}/preprocessor.rules cat preprocessor.rules >> %{buildroot}%{SnortPreProcRulesDir}/preprocessor.rules %__install -m0644 ipv6.rules %{buildroot}%{SnortRulesDir}/ipv6.rules cat gen-msg.map >> %{buildroot}%{_sysconfdir}/snort/gen-msg.map cp %{S:12} $RPM_BUILD_ROOT%{_docdir}/%{realname}-%{version}/ %endif # rcsnort link ln -sf ../../etc/init.d/%{name}d $RPM_BUILD_ROOT/usr/sbin/rc%{name}d %clean %__rm -rf $RPM_BUILD_ROOT %pre # Don't do all this stuff if we are upgrading if [ $1 = 1 ] ; then /usr/sbin/groupadd snort 2> /dev/null || true /usr/sbin/useradd -M -d %{_var}/log/snort -s %{noShell} -c "Snort" -g snort snort 2>/dev/null || true fi %post %if 0%{?suse_version} %{fillup_only} %endif # only on install, not upgrade if [ "$1" == "1" ] ; then # Make a symlink if there is no link for snort-plain if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then \ %__rm -f %{_sbindir}/snort; %__ln_s %{_sbindir}/%{name}-plain %{_sbindir}/snort fi fi # We should restart it to activate the new binary if it was upgraded %{_initrddir}/snortd condrestart 1>/dev/null 2>/dev/null # Don't do all this stuff if we are upgrading if [ $1 = 1 ] ; then %__chown -R snort.snort %{_var}/log/snort /sbin/chkconfig --add snortd || : fi %preun if [ $1 = 0 ] ; then # We get errors about not running, but we don't care %{_initrddir}/snortd stop 2>/dev/null 1>/dev/null /sbin/chkconfig --del snortd || : fi %postun # Try and restart, but don't bail if it fails if [ $1 -ge 1 ] ; then %{_initrddir}/snortd condrestart 1>/dev/null 2>/dev/null || : fi # Only do this if we are actually removing snort if [ $1 = 0 ] ; then %if 0%{?suse_version} %insserv_cleanup %endif if [ -L %{_sbindir}/snort ]; then %__rm -f %{_sbindir}/snort fi /usr/sbin/userdel snort 2>/dev/null fi %files %defattr(-,root,root) %attr(0755,root,root) %{_sbindir}/%{name}-plain %attr(0755,root,root) %{_sbindir}/rc%{name}d %attr(0644,root,root) %{_mandir}/man8/snort.8.* %attr(0755,root,root) %dir %{SnortRulesDir} %if %{ipv6spp} %attr(0755,root,root) %dir %{SnortPreProcRulesDir} %attr(0644,root,root) %config(noreplace) %{SnortRulesDir}/ipv6.rules %endif %attr(0644,root,root) %config(noreplace) %{SnortPreProcRulesDir}/preprocessor.rules %attr(0644,root,root) %config(noreplace) %{SnortPreProcRulesDir}/decoder.rules %attr(0644,root,root) %config(noreplace) %{SnortPreProcRulesDir}/sensitive-data.rules %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/snort/classification.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/snort/reference.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/snort/threshold.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/snort/*.map %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/snort %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/snort/snort.conf %if 0%{?suse_version} %attr(0644,root,root) /var/adm/fillup-templates/sysconfig.snort %else %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/snort %endif %attr(0755,root,root) %config(noreplace) %{_initrddir}/snortd %attr(0755,snort,snort) %dir %{_var}/log/snort %attr(0755,root,root) %dir %{_sysconfdir}/snort %attr(0644,root,root) %{_docdir}/%{realname}-%{version}/* %attr(0755,root,root) %dir %{_libdir}/%{realname}-%{version}_dynamicengine %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicengine/libsf_engine.* %attr(0755,root,root) %dir %{_libdir}/%{realname}-%{version}_dynamicpreprocessor %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_smtp_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_ftptelnet_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_dns_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_ssh_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_ssl_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_sip_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_dce2_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_sdf_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_pop_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_imap_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_reputation_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_dnp3_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_gtp_preproc.* %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/libsf_modbus_preproc.* %if %{ipv6spp} %attr(0755,root,root) %{_libdir}/%{realname}-%{version}_dynamicpreprocessor/spp_ipv6.* %endif %attr(0755,root,root) %dir %{_libdir}/%{realname}-%{version}_dynamicrules %dir %{_docdir}/%{realname}-%{version} %docdir %{_docdir}/%{realname}-%{version} %changelog