]>
Commit | Line | Data |
---|---|---|
946f7ae3 | 1 | # |
2 | # TODO: - snort rules - fix description | |
9d61ae4f | 3 | # - clamav support - cleanup, add some docs |
cb19b407 | 4 | # - snort_inline - prepare separate sets of config-files, rules |
9d61ae4f | 5 | # and startup script, adds some docs |
12e2e783 | 6 | # - snort 2.6 |
01f3f79b | 7 | # |
e817c488 | 8 | # Conditional build: |
06de0dc4 | 9 | %bcond_without pgsql # build without PostgreSQL storage support |
10 | %bcond_without mysql # build without MySQL storage support | |
11 | %bcond_without snmp # build without SNMP support | |
ed9cb559 | 12 | %bcond_without inline # build without inline support |
13 | %bcond_without prelude # build without prelude support | |
9d61ae4f | 14 | %bcond_without clamav # build w/o ClamAV preprocessor support (anti-vir) |
12e2e783 | 15 | %bcond_with registered # build with rules available for registered users |
01f3f79b | 16 | # |
92ea8dee | 17 | Summary: Network intrusion detection system (IDS/IPS) |
cbf82e1d ER |
18 | Summary(pl.UTF-8): System wykrywania intruzów w sieciach (IDS/IPS) |
19 | Summary(pt_BR.UTF-8): Ferramenta de detecção de intrusos | |
20 | Summary(ru.UTF-8): Snort - система обнаружения попыток вторжения в сеть | |
21 | Summary(uk.UTF-8): Snort - система виявлення спроб вторгнення в мережу | |
8775223f | 22 | Name: snort |
676c4c99 | 23 | Version: 2.6.1.3 |
24 | Release: 1 | |
12e2e783 | 25 | License: GPL v2 (vrt rules on VRT-License) |
b3907a72 | 26 | Group: Networking |
d9e19996 | 27 | Source0: http://www.snort.org/dl/current/%{name}-%{version}.tar.gz |
676c4c99 | 28 | # Source0-md5: 8b46997afd728fbdaafdc9b1d0278b07 |
57c9b91b AM |
29 | Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/%{name}rules-pr-2.4.tar.gz |
30 | # Source1-md5: 35d9a2486f8c0280bb493aa03c011927 | |
12e2e783 | 31 | %if %{with registered} |
e2f7cb39 | 32 | Source2: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/%{name}rules-snapshot-2.4.tar.gz |
33 | # NoSource2-md5: 79af87cda3321bd64279038f9352c1b3 | |
12e2e783 | 34 | NoSource: 2 |
35 | %endif | |
36 | Source3: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz | |
676c4c99 | 37 | # Source3-md5: 0328072d64553eff81ac52da4e0d947e |
12e2e783 | 38 | Source4: %{name}.init |
39 | Source5: %{name}.logrotate | |
2eb1dd1f | 40 | Patch0: %{name}-libnet1.patch |
93847025 | 41 | Patch1: %{name}-lib64.patch |
9d61ae4f | 42 | # http://www.bleedingsnort.com/staticpages/index.php?page=snort-clamav |
676c4c99 | 43 | #Patch2: %{name}-2.6.0.2-clamav.diff |
5ad2f8a8 | 44 | URL: http://www.snort.org/ |
08df69e6 JB |
45 | BuildRequires: autoconf |
46 | BuildRequires: automake | |
cb19b407 | 47 | %{?with_clamav:BuildRequires: clamav-devel} |
27fdff69 | 48 | %{?with_inline:BuildRequires: iptables-devel} |
5d617823 | 49 | BuildRequires: libnet1-devel = 1.0.2a |
b3907a72 | 50 | BuildRequires: libpcap-devel |
ed9cb559 | 51 | %{?with_prelude:BuildRequires: libprelude-devel} |
e994eac2 | 52 | %{?with_mysql:BuildRequires: mysql-devel} |
53 | %{?with_snmp:BuildRequires: net-snmp-devel >= 5.0.7} | |
95620817 | 54 | BuildRequires: openssl-devel >= 0.9.7d |
2cc2dce2 | 55 | BuildRequires: pcre-devel |
d9c3717f | 56 | %{?with_pgsql:BuildRequires: postgresql-devel} |
31126327 | 57 | BuildRequires: rpmbuild(macros) >= 1.202 |
2fa6d1a5 | 58 | BuildRequires: rpmbuild(macros) >= 1.268 |
d87f0eb8 | 59 | BuildRequires: zlib-devel |
27fdff69 | 60 | Requires(post,preun): /sbin/chkconfig |
61 | Requires(postun): /usr/sbin/groupdel | |
62 | Requires(postun): /usr/sbin/userdel | |
08df69e6 | 63 | Requires(pre): /bin/id |
d9c3717f | 64 | Requires(pre): /usr/bin/getgid |
08df69e6 JB |
65 | Requires(pre): /usr/sbin/groupadd |
66 | Requires(pre): /usr/sbin/useradd | |
5d617823 | 67 | Requires: libnet1 = 1.0.2a |
27fdff69 | 68 | Requires: rc-scripts >= 0.2.0 |
d9c3717f | 69 | Provides: group(snort) |
e994eac2 | 70 | %{?with_mysql:Provides: snort(mysql) = %{version}} |
71 | %{?with_pgsql:Provides: snort(pgsql) = %{version}} | |
d9c3717f | 72 | Provides: user(snort) |
cb19b407 | 73 | Obsoletes: snort-rules |
c0e6e30d | 74 | Conflicts: logrotate < 3.7.4 |
5ad2f8a8 | 75 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
76 | ||
77 | %define _sysconfdir /etc/snort | |
78 | %define _bindir %{_sbindir} | |
ab81a4d5 | 79 | |
80 | %description | |
99fed451 AM |
81 | Snort is an open source network intrusion detection system, capable of |
82 | performing real-time traffic analysis and packet logging on IP | |
83 | networks. It can perform protocol analysis and content | |
84 | searching/matching in order to detect a variety of attacks and probes, | |
85 | such as buffer overflows, stealth port scans, CGI attacks, SMB probes, | |
86 | OS fingerprinting attempts, and much more. Snort uses a flexible rules | |
87 | language to describe traffic that it should collect or pass, as well | |
88 | as a detection engine that utilizes a modular plugin architecture. | |
89 | Snort has a real- time alerting capability as well, incorporating | |
90 | alerting mechanisms for syslog, user specified files, a UNIX socket, | |
91 | or WinPopup messages to Windows clients using Samba's smbclient. | |
b3907a72 | 92 | |
67a06db2 | 93 | Sourcefire VRT Certified Rules requires registration. |
94 | https://www.snort.org/pub-bin/register.cgi | |
95 | ||
27666db8 JR |
96 | %description -l pl.UTF-8 |
97 | Snort to bazujący na open source NIDS (network intrusion detection | |
98 | systems) wykonujący w czasie rzeczywistym analizę ruchu oraz logowanie | |
99 | pakietów w sieciach IP. Jego możliwości to analiza protokołu oraz | |
100 | zawartości w poszukiwaniu różnego rodzaju ataków lub prób takich jak | |
101 | przepełnienia bufora, skanowanie portów typu stealth, ataki CGI, | |
102 | próbkowanie SMB, OS fingerprinting i dużo więcej. Snort używa | |
103 | elastycznego języka regułek do opisu ruchu, który należy | |
104 | przeanalizować jak również silnika wykrywającego, wykorzystującego | |
105 | modułową architekturę. Snort umożliwia alarmowanie w czasie | |
106 | rzeczywistym poprzez sysloga, osobny plik lub jako wiadomość WinPopup | |
99fed451 AM |
107 | poprzez klienta Samby: smbclient. |
108 | ||
27666db8 | 109 | Reguły certyfikowane poprzez Sourcefire wymagają rejestracji. |
67a06db2 | 110 | https://www.snort.org/pub-bin/register.cgi |
111 | ||
27666db8 JR |
112 | %description -l pt_BR.UTF-8 |
113 | Snort é um sniffer baseado em libpcap que pode ser usado como um | |
114 | pequeno sistema de detecção de intrusos. Tem como característica o | |
115 | registro de pacotes baseado em regras e também pode executar uma | |
116 | análise do protocolo, pesquisa de padrões e detectar uma variedade de | |
0955b0c3 | 117 | assinaturas de ataques, como estouros de buffer, varreduras "stealth" |
118 | de portas, ataques CGI, pesquisas SMB, tentativas de descobrir o | |
119 | sistema operacional e muito mais. Possui um sistema de alerta em tempo | |
120 | real, com alertas enviados para o syslog, um arquivo de alertas em | |
121 | separado ou como uma mensagem Winpopup. | |
ab81a4d5 | 122 | |
27666db8 JR |
123 | %description -l ru.UTF-8 |
124 | Snort - это сниффер пакетов, который может использоваться как система | |
125 | обнаружения попыток вторжения в сеть. Snort поддерживает | |
126 | протоколирование пакетов на основе правил, может выполнять анализ | |
127 | протоколов, поиск в содержимом пакетов. Может также использоваться для | |
128 | обнаружения атак и "разведок", таких как попытки атак типа | |
129 | "переполнение буфера", скрытого сканирования портов, CGI атак, SMB | |
130 | разведок, попыток обнаружения типа ОС и много другого. Snort может | |
131 | информировать о событиях в реальном времени, посылая сообщения в | |
132 | syslog, отдельный файл или как WinPopup сообщения через smbclient. | |
cd357cee | 133 | |
27666db8 JR |
134 | %description -l uk.UTF-8 |
135 | Snort - це сніфер пакетів, що може використовуватись як система | |
136 | виявлення спроб вторгнень в мережу. Snort підтримує протоколювання | |
137 | пакетів на основі правил, може виконувати аналіз протоколів, пошук у | |
138 | вмісті пакетів. Може також використовуватись для виявлення атак та | |
139 | "розвідок", таких як спроби атак типу "переповнення буфера", | |
140 | прихованого сканування портів, CGI атак, SMB розвідок, спроб виявлення | |
141 | типу ОС та багато іншого. Snort може інформувати про події в реальному | |
142 | часі, надсилаючи повідомлення до syslog, окремого файлу чи як WinPopup | |
143 | повідомлення через smbclient. | |
cd357cee | 144 | |
ab81a4d5 | 145 | %prep |
12e2e783 | 146 | %setup -q %{!?with_registered:-a1} %{?with_registered:-a2} -a3 |
2eb1dd1f | 147 | %patch0 -p1 |
3764a1c8 AM |
148 | %if "%{_lib}" == "lib64" |
149 | %patch1 -p1 | |
93847025 | 150 | %endif |
676c4c99 | 151 | #%{?with_clamav:%patch2 -p1} |
ab81a4d5 | 152 | |
6a0c25e4 | 153 | sed -i "s#var\ RULE_PATH.*#var RULE_PATH /etc/snort/rules#g" rules/snort.conf |
154 | _DIR=$(pwd) | |
155 | cd rules | |
156 | for I in community-*.rules; do | |
157 | echo "include \$RULE_PATH/$I" >> snort.conf | |
158 | done | |
159 | cd $_DIR | |
160 | ||
ab81a4d5 | 161 | %build |
a19d556d | 162 | %{__aclocal} |
89e97d3b | 163 | %{__autoconf} |
164 | %{__automake} | |
e1df464a | 165 | # we don't need libnsl, so don't use it |
b3907a72 | 166 | %configure \ |
af18b2c0 | 167 | no_libnsl=yes \ |
b3907a72 | 168 | --enable-smbalerts \ |
99fed451 | 169 | --enable-flexresp \ |
b59b1a6c | 170 | %{?with_inline:--enable-inline } \ |
ed9cb559 | 171 | %{?with_inline:--with-libipq-includes=%{_includedir}/libipq } \ |
4a699f86 | 172 | --with-libnet-includes=%{_includedir} \ |
e994eac2 | 173 | --with%{!?with_snmp:out}-snmp \ |
99fed451 | 174 | --without-odbc \ |
80d0fb79 | 175 | --enable-perfmonitor \ |
e994eac2 | 176 | --with%{!?with_pgsql:out}-postgresql \ |
ed9cb559 | 177 | --with%{!?with_mysql:out}-mysql \ |
9d61ae4f | 178 | %{?with_prelude:--enable-prelude } \ |
179 | %{?with_clamav:--enable-clamav --with-clamav-defdir=/var/lib/clamav} | |
99fed451 | 180 | |
5d5d00ac | 181 | %{__make} |
ab81a4d5 | 182 | |
183 | %install | |
184 | rm -rf $RPM_BUILD_ROOT | |
0fe9b503 | 185 | install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,%{name},cron.daily,logrotate.d} \ |
aad71c3c | 186 | $RPM_BUILD_ROOT%{_var}/log/{%{name},archive/%{name}} \ |
75d3e2a6 | 187 | $RPM_BUILD_ROOT%{_datadir}/mibs/site \ |
27fdff69 | 188 | $RPM_BUILD_ROOT%{_sysconfdir}/rules |
ab81a4d5 | 189 | |
5ad2f8a8 | 190 | %{__make} install \ |
191 | DESTDIR=$RPM_BUILD_ROOT | |
2917f470 | 192 | |
75d3e2a6 | 193 | install rules/*.config $RPM_BUILD_ROOT%{_sysconfdir} |
eaefc4eb | 194 | install etc/unicode.map $RPM_BUILD_ROOT%{_sysconfdir} |
75d3e2a6 | 195 | install rules/*.rules $RPM_BUILD_ROOT%{_sysconfdir}/rules |
12e2e783 | 196 | install %{SOURCE4} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
197 | install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/%{name} | |
6a0c25e4 | 198 | install rules/snort.conf $RPM_BUILD_ROOT%{_sysconfdir} |
199 | ||
f32f1233 | 200 | mv schemas/create_mysql schemas/create_mysql.sql |
201 | mv schemas/create_postgresql schemas/create_postgresql.sql | |
202 | ||
b3907a72 AM |
203 | %clean |
204 | rm -rf $RPM_BUILD_ROOT | |
2917f470 | 205 | |
b3907a72 | 206 | %pre |
31126327 | 207 | %groupadd -g 46 -r snort |
946f7ae3 | 208 | %useradd -u 46 -g snort -M -r -d %{_var}/log/snort -s /bin/false -c "SNORT IDS/IPS" snort |
7e9750d1 | 209 | |
b3907a72 | 210 | %post |
2fa6d1a5 ER |
211 | /sbin/chkconfig --add snort |
212 | %service snort restart | |
2917f470 MP |
213 | |
214 | %preun | |
51402fe7 | 215 | if [ "$1" = "0" ] ; then |
2fa6d1a5 | 216 | %service snort stop |
51402fe7 | 217 | /sbin/chkconfig --del snort |
218 | fi | |
2917f470 MP |
219 | |
220 | %postun | |
51402fe7 | 221 | if [ "$1" = "0" ] ; then |
d9c3717f | 222 | %userremove snort |
223 | %groupremove snort | |
51402fe7 | 224 | fi |
ab81a4d5 | 225 | |
226 | %files | |
b3907a72 | 227 | %defattr(644,root,root,755) |
676c4c99 | 228 | %doc doc/{AUTHORS,BUGS,CREDITS,NEWS,PROBLEMS,README*,TODO,USAGE,WISHLIST,*.pdf} |
f32f1233 | 229 | %doc schemas/create_{mysql,postgresql}.sql |
980aa956 | 230 | %attr(755,root,root) %{_sbindir}/* |
d9c3717f | 231 | %attr(770,root,snort) %dir %{_var}/log/snort |
51d7d44e | 232 | %attr(770,root,snort) %dir %{_var}/log/archive/%{name} |
5ad2f8a8 | 233 | %attr(750,root,snort) %dir %{_sysconfdir} |
eaefc4eb | 234 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/unicode.map |
01f3f79b JB |
235 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.config |
236 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/snort.conf | |
75d3e2a6 | 237 | %attr(750,root,snort) %dir %{_sysconfdir}/rules |
6a0c25e4 | 238 | %attr(640,root,snort) %{_sysconfdir}/rules/* |
a1d385b8 | 239 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
c8222e39 | 240 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/* |
99fed451 | 241 | %{_mandir}/man?/* |
676c4c99 | 242 | %dir /usr/lib/snort_dynamicengine |
243 | %dir /usr/lib/snort_dynamicpreprocessor | |
244 | %attr(755,root,root) /usr/lib/snort_dynamicengine/libsf_engine.so* | |
245 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so* | |
246 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so* | |
247 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so* | |
248 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so* | |
249 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so* |