]>
Commit | Line | Data |
---|---|---|
946f7ae3 | 1 | # |
2 | # TODO: - snort rules - fix description | |
9d61ae4f | 3 | # - clamav support - cleanup, add some docs |
cb19b407 | 4 | # - snort_inline - prepare separate sets of config-files, rules |
9d61ae4f | 5 | # and startup script, adds some docs |
12e2e783 | 6 | # - snort 2.6 |
01f3f79b | 7 | # |
e817c488 | 8 | # Conditional build: |
06de0dc4 | 9 | %bcond_without pgsql # build without PostgreSQL storage support |
10 | %bcond_without mysql # build without MySQL storage support | |
11 | %bcond_without snmp # build without SNMP support | |
ed9cb559 | 12 | %bcond_without inline # build without inline support |
13 | %bcond_without prelude # build without prelude support | |
9d61ae4f | 14 | %bcond_without clamav # build w/o ClamAV preprocessor support (anti-vir) |
12e2e783 | 15 | %bcond_with registered # build with rules available for registered users |
01f3f79b | 16 | # |
92ea8dee | 17 | Summary: Network intrusion detection system (IDS/IPS) |
cbf82e1d ER |
18 | Summary(pl.UTF-8): System wykrywania intruzów w sieciach (IDS/IPS) |
19 | Summary(pt_BR.UTF-8): Ferramenta de detecção de intrusos | |
20 | Summary(ru.UTF-8): Snort - система обнаружения попыток вторжения в сеть | |
21 | Summary(uk.UTF-8): Snort - система виявлення спроб вторгнення в мережу | |
8775223f | 22 | Name: snort |
e0b76e62 | 23 | Version: 2.8.2.2 |
676c4c99 | 24 | Release: 1 |
12e2e783 | 25 | License: GPL v2 (vrt rules on VRT-License) |
b3907a72 | 26 | Group: Networking |
d9e19996 | 27 | Source0: http://www.snort.org/dl/current/%{name}-%{version}.tar.gz |
e0b76e62 | 28 | # Source0-md5: 091494809f0e83f98208d62e74cdfaa2 |
57c9b91b AM |
29 | Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/%{name}rules-pr-2.4.tar.gz |
30 | # Source1-md5: 35d9a2486f8c0280bb493aa03c011927 | |
12e2e783 | 31 | %if %{with registered} |
0e511834 | 32 | Source2: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/%{name}rules-snapshot-2.6.tar.gz |
33 | # NoSource2-md5: 0405ec828cf9ad85a03cbf670818f690 | |
12e2e783 | 34 | NoSource: 2 |
35 | %endif | |
36 | Source3: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz | |
0e511834 | 37 | # Source3-md5: f236b8a4ac12e99d3e7bd81bf3b5a482 |
12e2e783 | 38 | Source4: %{name}.init |
39 | Source5: %{name}.logrotate | |
2eb1dd1f | 40 | Patch0: %{name}-libnet1.patch |
93847025 | 41 | Patch1: %{name}-lib64.patch |
e0b76e62 | 42 | Patch2: %{name}-open.patch |
9d61ae4f | 43 | # http://www.bleedingsnort.com/staticpages/index.php?page=snort-clamav |
676c4c99 | 44 | #Patch2: %{name}-2.6.0.2-clamav.diff |
5ad2f8a8 | 45 | URL: http://www.snort.org/ |
08df69e6 JB |
46 | BuildRequires: autoconf |
47 | BuildRequires: automake | |
cb19b407 | 48 | %{?with_clamav:BuildRequires: clamav-devel} |
27fdff69 | 49 | %{?with_inline:BuildRequires: iptables-devel} |
5d617823 | 50 | BuildRequires: libnet1-devel = 1.0.2a |
b3907a72 | 51 | BuildRequires: libpcap-devel |
ed9cb559 | 52 | %{?with_prelude:BuildRequires: libprelude-devel} |
e994eac2 | 53 | %{?with_mysql:BuildRequires: mysql-devel} |
54 | %{?with_snmp:BuildRequires: net-snmp-devel >= 5.0.7} | |
95620817 | 55 | BuildRequires: openssl-devel >= 0.9.7d |
2cc2dce2 | 56 | BuildRequires: pcre-devel |
d9c3717f | 57 | %{?with_pgsql:BuildRequires: postgresql-devel} |
31126327 | 58 | BuildRequires: rpmbuild(macros) >= 1.202 |
2fa6d1a5 | 59 | BuildRequires: rpmbuild(macros) >= 1.268 |
d87f0eb8 | 60 | BuildRequires: zlib-devel |
27fdff69 | 61 | Requires(post,preun): /sbin/chkconfig |
62 | Requires(postun): /usr/sbin/groupdel | |
63 | Requires(postun): /usr/sbin/userdel | |
08df69e6 | 64 | Requires(pre): /bin/id |
d9c3717f | 65 | Requires(pre): /usr/bin/getgid |
08df69e6 JB |
66 | Requires(pre): /usr/sbin/groupadd |
67 | Requires(pre): /usr/sbin/useradd | |
5d617823 | 68 | Requires: libnet1 = 1.0.2a |
27fdff69 | 69 | Requires: rc-scripts >= 0.2.0 |
d9c3717f | 70 | Provides: group(snort) |
e994eac2 | 71 | %{?with_mysql:Provides: snort(mysql) = %{version}} |
72 | %{?with_pgsql:Provides: snort(pgsql) = %{version}} | |
d9c3717f | 73 | Provides: user(snort) |
cb19b407 | 74 | Obsoletes: snort-rules |
c40a7757 | 75 | Conflicts: logrotate < 3.7-4 |
5ad2f8a8 | 76 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
77 | ||
78 | %define _sysconfdir /etc/snort | |
79 | %define _bindir %{_sbindir} | |
ab81a4d5 | 80 | |
81 | %description | |
99fed451 AM |
82 | Snort is an open source network intrusion detection system, capable of |
83 | performing real-time traffic analysis and packet logging on IP | |
84 | networks. It can perform protocol analysis and content | |
85 | searching/matching in order to detect a variety of attacks and probes, | |
86 | such as buffer overflows, stealth port scans, CGI attacks, SMB probes, | |
87 | OS fingerprinting attempts, and much more. Snort uses a flexible rules | |
88 | language to describe traffic that it should collect or pass, as well | |
89 | as a detection engine that utilizes a modular plugin architecture. | |
90 | Snort has a real- time alerting capability as well, incorporating | |
91 | alerting mechanisms for syslog, user specified files, a UNIX socket, | |
92 | or WinPopup messages to Windows clients using Samba's smbclient. | |
b3907a72 | 93 | |
67a06db2 | 94 | Sourcefire VRT Certified Rules requires registration. |
95 | https://www.snort.org/pub-bin/register.cgi | |
96 | ||
27666db8 JR |
97 | %description -l pl.UTF-8 |
98 | Snort to bazujący na open source NIDS (network intrusion detection | |
99 | systems) wykonujący w czasie rzeczywistym analizę ruchu oraz logowanie | |
100 | pakietów w sieciach IP. Jego możliwości to analiza protokołu oraz | |
101 | zawartości w poszukiwaniu różnego rodzaju ataków lub prób takich jak | |
102 | przepełnienia bufora, skanowanie portów typu stealth, ataki CGI, | |
103 | próbkowanie SMB, OS fingerprinting i dużo więcej. Snort używa | |
104 | elastycznego języka regułek do opisu ruchu, który należy | |
105 | przeanalizować jak również silnika wykrywającego, wykorzystującego | |
106 | modułową architekturę. Snort umożliwia alarmowanie w czasie | |
107 | rzeczywistym poprzez sysloga, osobny plik lub jako wiadomość WinPopup | |
99fed451 AM |
108 | poprzez klienta Samby: smbclient. |
109 | ||
27666db8 | 110 | Reguły certyfikowane poprzez Sourcefire wymagają rejestracji. |
67a06db2 | 111 | https://www.snort.org/pub-bin/register.cgi |
112 | ||
27666db8 JR |
113 | %description -l pt_BR.UTF-8 |
114 | Snort é um sniffer baseado em libpcap que pode ser usado como um | |
115 | pequeno sistema de detecção de intrusos. Tem como característica o | |
116 | registro de pacotes baseado em regras e também pode executar uma | |
117 | análise do protocolo, pesquisa de padrões e detectar uma variedade de | |
0955b0c3 | 118 | assinaturas de ataques, como estouros de buffer, varreduras "stealth" |
119 | de portas, ataques CGI, pesquisas SMB, tentativas de descobrir o | |
120 | sistema operacional e muito mais. Possui um sistema de alerta em tempo | |
121 | real, com alertas enviados para o syslog, um arquivo de alertas em | |
122 | separado ou como uma mensagem Winpopup. | |
ab81a4d5 | 123 | |
27666db8 JR |
124 | %description -l ru.UTF-8 |
125 | Snort - это сниффер пакетов, который может использоваться как система | |
126 | обнаружения попыток вторжения в сеть. Snort поддерживает | |
127 | протоколирование пакетов на основе правил, может выполнять анализ | |
128 | протоколов, поиск в содержимом пакетов. Может также использоваться для | |
129 | обнаружения атак и "разведок", таких как попытки атак типа | |
130 | "переполнение буфера", скрытого сканирования портов, CGI атак, SMB | |
131 | разведок, попыток обнаружения типа ОС и много другого. Snort может | |
132 | информировать о событиях в реальном времени, посылая сообщения в | |
133 | syslog, отдельный файл или как WinPopup сообщения через smbclient. | |
cd357cee | 134 | |
27666db8 JR |
135 | %description -l uk.UTF-8 |
136 | Snort - це сніфер пакетів, що може використовуватись як система | |
137 | виявлення спроб вторгнень в мережу. Snort підтримує протоколювання | |
138 | пакетів на основі правил, може виконувати аналіз протоколів, пошук у | |
139 | вмісті пакетів. Може також використовуватись для виявлення атак та | |
140 | "розвідок", таких як спроби атак типу "переповнення буфера", | |
141 | прихованого сканування портів, CGI атак, SMB розвідок, спроб виявлення | |
142 | типу ОС та багато іншого. Snort може інформувати про події в реальному | |
143 | часі, надсилаючи повідомлення до syslog, окремого файлу чи як WinPopup | |
144 | повідомлення через smbclient. | |
cd357cee | 145 | |
ab81a4d5 | 146 | %prep |
12e2e783 | 147 | %setup -q %{!?with_registered:-a1} %{?with_registered:-a2} -a3 |
2eb1dd1f | 148 | %patch0 -p1 |
3764a1c8 AM |
149 | %if "%{_lib}" == "lib64" |
150 | %patch1 -p1 | |
93847025 | 151 | %endif |
676c4c99 | 152 | #%{?with_clamav:%patch2 -p1} |
e0b76e62 | 153 | %patch2 -p1 |
ab81a4d5 | 154 | |
6a0c25e4 | 155 | sed -i "s#var\ RULE_PATH.*#var RULE_PATH /etc/snort/rules#g" rules/snort.conf |
156 | _DIR=$(pwd) | |
157 | cd rules | |
158 | for I in community-*.rules; do | |
159 | echo "include \$RULE_PATH/$I" >> snort.conf | |
160 | done | |
161 | cd $_DIR | |
162 | ||
ab81a4d5 | 163 | %build |
e0b76e62 | 164 | %{__libtoolize} |
a19d556d | 165 | %{__aclocal} |
89e97d3b | 166 | %{__autoconf} |
167 | %{__automake} | |
e1df464a | 168 | # we don't need libnsl, so don't use it |
b3907a72 | 169 | %configure \ |
af18b2c0 | 170 | no_libnsl=yes \ |
b3907a72 | 171 | --enable-smbalerts \ |
99fed451 | 172 | --enable-flexresp \ |
b59b1a6c | 173 | %{?with_inline:--enable-inline } \ |
ed9cb559 | 174 | %{?with_inline:--with-libipq-includes=%{_includedir}/libipq } \ |
4a699f86 | 175 | --with-libnet-includes=%{_includedir} \ |
e994eac2 | 176 | --with%{!?with_snmp:out}-snmp \ |
99fed451 | 177 | --without-odbc \ |
80d0fb79 | 178 | --enable-perfmonitor \ |
e994eac2 | 179 | --with%{!?with_pgsql:out}-postgresql \ |
ed9cb559 | 180 | --with%{!?with_mysql:out}-mysql \ |
9d61ae4f | 181 | %{?with_prelude:--enable-prelude } \ |
182 | %{?with_clamav:--enable-clamav --with-clamav-defdir=/var/lib/clamav} | |
99fed451 | 183 | |
5d5d00ac | 184 | %{__make} |
ab81a4d5 | 185 | |
186 | %install | |
187 | rm -rf $RPM_BUILD_ROOT | |
0fe9b503 | 188 | install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,%{name},cron.daily,logrotate.d} \ |
aad71c3c | 189 | $RPM_BUILD_ROOT%{_var}/log/{%{name},archive/%{name}} \ |
75d3e2a6 | 190 | $RPM_BUILD_ROOT%{_datadir}/mibs/site \ |
27fdff69 | 191 | $RPM_BUILD_ROOT%{_sysconfdir}/rules |
ab81a4d5 | 192 | |
5ad2f8a8 | 193 | %{__make} install \ |
194 | DESTDIR=$RPM_BUILD_ROOT | |
2917f470 | 195 | |
75d3e2a6 | 196 | install rules/*.config $RPM_BUILD_ROOT%{_sysconfdir} |
eaefc4eb | 197 | install etc/unicode.map $RPM_BUILD_ROOT%{_sysconfdir} |
75d3e2a6 | 198 | install rules/*.rules $RPM_BUILD_ROOT%{_sysconfdir}/rules |
12e2e783 | 199 | install %{SOURCE4} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} |
200 | install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/%{name} | |
6a0c25e4 | 201 | install rules/snort.conf $RPM_BUILD_ROOT%{_sysconfdir} |
202 | ||
f32f1233 | 203 | mv schemas/create_mysql schemas/create_mysql.sql |
204 | mv schemas/create_postgresql schemas/create_postgresql.sql | |
205 | ||
b3907a72 AM |
206 | %clean |
207 | rm -rf $RPM_BUILD_ROOT | |
2917f470 | 208 | |
b3907a72 | 209 | %pre |
31126327 | 210 | %groupadd -g 46 -r snort |
946f7ae3 | 211 | %useradd -u 46 -g snort -M -r -d %{_var}/log/snort -s /bin/false -c "SNORT IDS/IPS" snort |
7e9750d1 | 212 | |
b3907a72 | 213 | %post |
2fa6d1a5 ER |
214 | /sbin/chkconfig --add snort |
215 | %service snort restart | |
2917f470 MP |
216 | |
217 | %preun | |
51402fe7 | 218 | if [ "$1" = "0" ] ; then |
2fa6d1a5 | 219 | %service snort stop |
51402fe7 | 220 | /sbin/chkconfig --del snort |
221 | fi | |
2917f470 MP |
222 | |
223 | %postun | |
51402fe7 | 224 | if [ "$1" = "0" ] ; then |
d9c3717f | 225 | %userremove snort |
226 | %groupremove snort | |
51402fe7 | 227 | fi |
ab81a4d5 | 228 | |
229 | %files | |
b3907a72 | 230 | %defattr(644,root,root,755) |
676c4c99 | 231 | %doc doc/{AUTHORS,BUGS,CREDITS,NEWS,PROBLEMS,README*,TODO,USAGE,WISHLIST,*.pdf} |
f32f1233 | 232 | %doc schemas/create_{mysql,postgresql}.sql |
980aa956 | 233 | %attr(755,root,root) %{_sbindir}/* |
d9c3717f | 234 | %attr(770,root,snort) %dir %{_var}/log/snort |
51d7d44e | 235 | %attr(770,root,snort) %dir %{_var}/log/archive/%{name} |
5ad2f8a8 | 236 | %attr(750,root,snort) %dir %{_sysconfdir} |
eaefc4eb | 237 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/unicode.map |
01f3f79b JB |
238 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.config |
239 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/snort.conf | |
75d3e2a6 | 240 | %attr(750,root,snort) %dir %{_sysconfdir}/rules |
6a0c25e4 | 241 | %attr(640,root,snort) %{_sysconfdir}/rules/* |
a1d385b8 | 242 | %attr(754,root,root) /etc/rc.d/init.d/%{name} |
c8222e39 | 243 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/* |
99fed451 | 244 | %{_mandir}/man?/* |
676c4c99 | 245 | %dir /usr/lib/snort_dynamicengine |
246 | %dir /usr/lib/snort_dynamicpreprocessor | |
247 | %attr(755,root,root) /usr/lib/snort_dynamicengine/libsf_engine.so* | |
248 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so* | |
249 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so* | |
250 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so* | |
251 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so* | |
252 | %attr(755,root,root) /usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so* |