]>
Commit | Line | Data |
---|---|---|
946f7ae3 | 1 | # |
2 | # TODO: - snort rules - fix description | |
9d61ae4f | 3 | # - clamav support - cleanup, add some docs |
cb19b407 | 4 | # - snort_inline - prepare separate sets of config-files, rules |
9d61ae4f | 5 | # and startup script, adds some docs |
12e2e783 | 6 | # - snort 2.6 |
01f3f79b | 7 | # |
e817c488 | 8 | # Conditional build: |
06de0dc4 | 9 | %bcond_without pgsql # build without PostgreSQL storage support |
10 | %bcond_without mysql # build without MySQL storage support | |
11 | %bcond_without snmp # build without SNMP support | |
ed9cb559 | 12 | %bcond_without inline # build without inline support |
13 | %bcond_without prelude # build without prelude support | |
9d61ae4f | 14 | %bcond_without clamav # build w/o ClamAV preprocessor support (anti-vir) |
12e2e783 | 15 | %bcond_with registered # build with rules available for registered users |
01f3f79b | 16 | # |
92ea8dee | 17 | Summary: Network intrusion detection system (IDS/IPS) |
cbf82e1d ER |
18 | Summary(pl.UTF-8): System wykrywania intruzów w sieciach (IDS/IPS) |
19 | Summary(pt_BR.UTF-8): Ferramenta de detecção de intrusos | |
20 | Summary(ru.UTF-8): Snort - система обнаружения попыток вторжения в сеть | |
21 | Summary(uk.UTF-8): Snort - система виявлення спроб вторгнення в мережу | |
8775223f | 22 | Name: snort |
676c4c99 | 23 | Version: 2.6.1.3 |
24 | Release: 1 | |
12e2e783 | 25 | License: GPL v2 (vrt rules on VRT-License) |
b3907a72 | 26 | Group: Networking |
d9e19996 | 27 | Source0: http://www.snort.org/dl/current/%{name}-%{version}.tar.gz |
676c4c99 | 28 | # Source0-md5: 8b46997afd728fbdaafdc9b1d0278b07 |
57c9b91b AM |
29 | Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/%{name}rules-pr-2.4.tar.gz |
30 | # Source1-md5: 35d9a2486f8c0280bb493aa03c011927 | |
12e2e783 | 31 | %if %{with registered} |
e2f7cb39 | 32 | Source2: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/%{name}rules-snapshot-2.4.tar.gz |
33 | # NoSource2-md5: 79af87cda3321bd64279038f9352c1b3 | |
12e2e783 | 34 | NoSource: 2 |
35 | %endif | |
36 | Source3: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz | |
676c4c99 | 37 | # Source3-md5: 0328072d64553eff81ac52da4e0d947e |
12e2e783 | 38 | Source4: %{name}.init |
39 | Source5: %{name}.logrotate | |
2eb1dd1f | 40 | Patch0: %{name}-libnet1.patch |
93847025 | 41 | Patch1: %{name}-lib64.patch |
9d61ae4f | 42 | # http://www.bleedingsnort.com/staticpages/index.php?page=snort-clamav |
676c4c99 | 43 | #Patch2: %{name}-2.6.0.2-clamav.diff |
5ad2f8a8 | 44 | URL: http://www.snort.org/ |
08df69e6 JB |
45 | BuildRequires: autoconf |
46 | BuildRequires: automake | |
cb19b407 | 47 | %{?with_clamav:BuildRequires: clamav-devel} |
27fdff69 | 48 | %{?with_inline:BuildRequires: iptables-devel} |
5d617823 | 49 | BuildRequires: libnet1-devel = 1.0.2a |
b3907a72 | 50 | BuildRequires: libpcap-devel |
ed9cb559 | 51 | %{?with_prelude:BuildRequires: libprelude-devel} |
e994eac2 | 52 | %{?with_mysql:BuildRequires: mysql-devel} |
53 | %{?with_snmp:BuildRequires: net-snmp-devel >= 5.0.7} | |
95620817 | 54 | BuildRequires: openssl-devel >= 0.9.7d |
2cc2dce2 | 55 | BuildRequires: pcre-devel |
d9c3717f | 56 | %{?with_pgsql:BuildRequires: postgresql-devel} |
31126327 | 57 | BuildRequires: rpmbuild(macros) >= 1.202 |
2fa6d1a5 | 58 | BuildRequires: rpmbuild(macros) >= 1.268 |
d87f0eb8 | 59 | BuildRequires: zlib-devel |
27fdff69 | 60 | Requires(post,preun): /sbin/chkconfig |
61 | Requires(postun): /usr/sbin/groupdel | |
62 | Requires(postun): /usr/sbin/userdel | |
08df69e6 | 63 | Requires(pre): /bin/id |
d9c3717f | 64 | Requires(pre): /usr/bin/getgid |
08df69e6 JB |
65 | Requires(pre): /usr/sbin/groupadd |
66 | Requires(pre): /usr/sbin/useradd | |
5d617823 | 67 | Requires: libnet1 = 1.0.2a |
27fdff69 | 68 | Requires: rc-scripts >= 0.2.0 |
d9c3717f | 69 | Provides: group(snort) |
e994eac2 | 70 | %{?with_mysql:Provides: snort(mysql) = %{version}} |
71 | %{?with_pgsql:Provides: snort(pgsql) = %{version}} | |
d9c3717f | 72 | Provides: user(snort) |
cb19b407 | 73 | Obsoletes: snort-rules |
5ad2f8a8 | 74 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
75 | ||
76 | %define _sysconfdir /etc/snort | |
77 | %define _bindir %{_sbindir} | |
ab81a4d5 | 78 | |
79 | %description | |
99fed451 AM |
80 | Snort is an open source network intrusion detection system, capable of |
81 | performing real-time traffic analysis and packet logging on IP | |
82 | networks. It can perform protocol analysis and content | |
83 | searching/matching in order to detect a variety of attacks and probes, | |
84 | such as buffer overflows, stealth port scans, CGI attacks, SMB probes, | |
85 | OS fingerprinting attempts, and much more. Snort uses a flexible rules | |
86 | language to describe traffic that it should collect or pass, as well | |
87 | as a detection engine that utilizes a modular plugin architecture. | |
88 | Snort has a real- time alerting capability as well, incorporating | |
89 | alerting mechanisms for syslog, user specified files, a UNIX socket, | |
90 | or WinPopup messages to Windows clients using Samba's smbclient. | |
b3907a72 | 91 | |
67a06db2 | 92 | Sourcefire VRT Certified Rules requires registration. |
93 | https://www.snort.org/pub-bin/register.cgi | |
94 | ||
27666db8 JR |
95 | %description -l pl.UTF-8 |
96 | Snort to bazujący na open source NIDS (network intrusion detection | |
97 | systems) wykonujący w czasie rzeczywistym analizę ruchu oraz logowanie | |
98 | pakietów w sieciach IP. Jego możliwości to analiza protokołu oraz | |
99 | zawartości w poszukiwaniu różnego rodzaju ataków lub prób takich jak | |
100 | przepełnienia bufora, skanowanie portów typu stealth, ataki CGI, | |
101 | próbkowanie SMB, OS fingerprinting i dużo więcej. Snort używa | |
102 | elastycznego języka regułek do opisu ruchu, który należy | |
103 | przeanalizować jak również silnika wykrywającego, wykorzystującego | |
104 | modułową architekturę. Snort umożliwia alarmowanie w czasie | |
105 | rzeczywistym poprzez sysloga, osobny plik lub jako wiadomość WinPopup | |
99fed451 AM |
106 | poprzez klienta Samby: smbclient. |
107 | ||
27666db8 | 108 | Reguły certyfikowane poprzez Sourcefire wymagają rejestracji. |
67a06db2 | 109 | https://www.snort.org/pub-bin/register.cgi |
110 | ||
27666db8 JR |
111 | %description -l pt_BR.UTF-8 |
112 | Snort é um sniffer baseado em libpcap que pode ser usado como um | |
113 | pequeno sistema de detecção de intrusos. Tem como característica o | |
114 | registro de pacotes baseado em regras e também pode executar uma | |
115 | análise do protocolo, pesquisa de padrões e detectar uma variedade de | |
0955b0c3 | 116 | assinaturas de ataques, como estouros de buffer, varreduras "stealth" |
117 | de portas, ataques CGI, pesquisas SMB, tentativas de descobrir o | |
118 | sistema operacional e muito mais. Possui um sistema de alerta em tempo | |
119 | real, com alertas enviados para o syslog, um arquivo de alertas em | |
120 | separado ou como uma mensagem Winpopup. | |
ab81a4d5 | 121 | |
27666db8 JR |
122 | %description -l ru.UTF-8 |
123 | Snort - это сниффер пакетов, который может использоваться как система | |
124 | обнаружения попыток вторжения в сеть. Snort поддерживает | |
125 | протоколирование пакетов на основе правил, может выполнять анализ | |
126 | протоколов, поиск в содержимом пакетов. Может также использоваться для | |
127 | обнаружения атак и "разведок", таких как попытки атак типа | |
128 | "переполнение буфера", скрытого сканирования портов, CGI атак, SMB | |
129 | разведок, попыток обнаружения типа ОС и много другого. Snort может | |
130 | информировать о событиях в реальном времени, посылая сообщения в | |
131 | syslog, отдельный файл или как WinPopup сообщения через smbclient. | |
cd357cee | 132 | |
27666db8 JR |
133 | %description -l uk.UTF-8 |
134 | Snort - це сніфер пакетів, що може використовуватись як система | |
135 | виявлення спроб вторгнень в мережу. Snort підтримує протоколювання | |
136 | пакетів на основі правил, може виконувати аналіз протоколів, пошук у | |
137 | вмісті пакетів. Може також використовуватись для виявлення атак та | |
138 | "розвідок", таких як спроби атак типу "переповнення буфера", | |
139 | прихованого сканування портів, CGI атак, SMB розвідок, спроб виявлення | |
140 | типу ОС та багато іншого. Snort може інформувати про події в реальному | |
141 | часі, надсилаючи повідомлення до syslog, окремого файлу чи як WinPopup | |
142 | повідомлення через smbclient. | |
cd357cee | 143 | |
ab81a4d5 | 144 | %prep |
12e2e783 | 145 | %setup -q %{!?with_registered:-a1} %{?with_registered:-a2} -a3 |
2eb1dd1f | 146 | %patch0 -p1 |
3764a1c8 AM |
147 | %if "%{_lib}" == "lib64" |
148 | %patch1 -p1 | |
93847025 | 149 | %endif |
676c4c99 | 150 | #%{?with_clamav:%patch2 -p1} |
ab81a4d5 | 151 | |
6a0c25e4 | 152 | sed -i "s#var\ RULE_PATH.*#var RULE_PATH /etc/snort/rules#g" rules/snort.conf |
153 | _DIR=$(pwd) | |
154 | cd rules | |
155 | for I in community-*.rules; do | |
156 | echo "include \$RULE_PATH/$I" >> snort.conf | |
157 | done | |
158 | cd $_DIR | |
159 | ||
ab81a4d5 | 160 | %build |
a19d556d | 161 | %{__aclocal} |
89e97d3b | 162 | %{__autoconf} |
163 | %{__automake} | |
e1df464a | 164 | # we don't need libnsl, so don't use it |
b3907a72 | 165 | %configure \ |
af18b2c0 | 166 | no_libnsl=yes \ |
b3907a72 | 167 | --enable-smbalerts \ |
99fed451 | 168 | --enable-flexresp \ |
b59b1a6c | 169 | %{?with_inline:--enable-inline } \ |
ed9cb559 | 170 | %{?with_inline:--with-libipq-includes=%{_includedir}/libipq } \ |
4a699f86 | 171 | --with-libnet-includes=%{_includedir} \ |
e994eac2 | 172 | --with%{!?with_snmp:out}-snmp \ |
99fed451 | 173 | --without-odbc \ |
80d0fb79 | 174 | --enable-perfmonitor \ |
e994eac2 | 175 | --with%{!?with_pgsql:out}-postgresql \ |
ed9cb559 | 176 | --with%{!?with_mysql:out}-mysql \ |
9d61ae4f | 177 | %{?with_prelude:--enable-prelude } \ |
178 | %{?with_clamav:--enable-clamav --with-clamav-defdir=/var/lib/clamav} | |
99fed451 | 179 | |
5d5d00ac | 180 | %{__make} |
ab81a4d5 | 181 | |
182 | %install | |
183 | rm -rf $RPM_BUILD_ROOT | |
0fe9b503 | 184 | install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,%{name},cron.daily,logrotate.d} \ |
185 | $RPM_BUILD_ROOT%{_var}/log/{%{name},archiv/%{name}} \ | |
75d3e2a6 | 186 | $RPM_BUILD_ROOT%{_datadir}/mibs/site \ |
27fdff69 | 187 | $RPM_BUILD_ROOT%{_sysconfdir}/rules |
ab81a4d5 | 188 | |
5ad2f8a8 | 189 | %{__make} install \ |
190 | DESTDIR=$RPM_BUILD_ROOT | |
2917f470 | 191 | |
75d3e2a6 | 192 | install rules/*.config $RPM_BUILD_ROOT%{_sysconfdir} |
eaefc4eb | 193 | install etc/unicode.map $RPM_BUILD_ROOT%{_sysconfdir} |
75d3e2a6 | 194 | install rules/*.rules $RPM_BUILD_ROOT%{_sysconfdir}/rules |
12e2e783 | 195 | install %{SOURCE4} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
196 | install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/%{name} | |
6a0c25e4 | 197 | install rules/snort.conf $RPM_BUILD_ROOT%{_sysconfdir} |
198 | ||
f32f1233 | 199 | mv schemas/create_mysql schemas/create_mysql.sql |
200 | mv schemas/create_postgresql schemas/create_postgresql.sql | |
201 | ||
b3907a72 AM |
202 | %clean |
203 | rm -rf $RPM_BUILD_ROOT | |
2917f470 | 204 | |
b3907a72 | 205 | %pre |
31126327 | 206 | %groupadd -g 46 -r snort |
946f7ae3 | 207 | %useradd -u 46 -g snort -M -r -d %{_var}/log/snort -s /bin/false -c "SNORT IDS/IPS" snort |
7e9750d1 | 208 | |
b3907a72 | 209 | %post |
2fa6d1a5 ER |
210 | /sbin/chkconfig --add snort |
211 | %service snort restart | |
2917f470 MP |
212 | |
213 | %preun | |
51402fe7 | 214 | if [ "$1" = "0" ] ; then |
2fa6d1a5 | 215 | %service snort stop |
51402fe7 | 216 | /sbin/chkconfig --del snort |
217 | fi | |
2917f470 MP |
218 | |
219 | %postun | |
51402fe7 | 220 | if [ "$1" = "0" ] ; then |
d9c3717f | 221 | %userremove snort |
222 | %groupremove snort | |
51402fe7 | 223 | fi |
ab81a4d5 | 224 | |
225 | %files | |
b3907a72 | 226 | %defattr(644,root,root,755) |
676c4c99 | 227 | %doc doc/{AUTHORS,BUGS,CREDITS,NEWS,PROBLEMS,README*,TODO,USAGE,WISHLIST,*.pdf} |
f32f1233 | 228 | %doc schemas/create_{mysql,postgresql}.sql |
980aa956 | 229 | %attr(755,root,root) %{_sbindir}/* |
d9c3717f | 230 | %attr(770,root,snort) %dir %{_var}/log/snort |
b3907a72 | 231 | %attr(770,root,snort) %dir %{_var}/log/archiv/%{name} |
5ad2f8a8 | 232 | %attr(750,root,snort) %dir %{_sysconfdir} |
eaefc4eb | 233 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/unicode.map |
01f3f79b JB |
234 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.config |
235 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/snort.conf | |
75d3e2a6 | 236 | %attr(750,root,snort) %dir %{_sysconfdir}/rules |
6a0c25e4 | 237 | %attr(640,root,snort) %{_sysconfdir}/rules/* |
a1d385b8 | 238 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
c8222e39 | 239 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/* |
99fed451 | 240 | %{_mandir}/man?/* |
676c4c99 | 241 | %dir /usr/lib/snort_dynamicengine |
242 | %dir /usr/lib/snort_dynamicpreprocessor | |
243 | %attr(755,root,root) /usr/lib/snort_dynamicengine/libsf_engine.so* | |
244 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so* | |
245 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so* | |
246 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so* | |
247 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so* | |
248 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so* |