2 # TODO: - snort rules - fix description
3 # - clamav support - cleanup, add some docs
4 # - snort_inline - prepare separate sets of config-files, rules
5 # and startup script, adds some docs
9 %bcond_without pgsql # build without PostgreSQL storage support
10 %bcond_without mysql # build without MySQL storage support
11 %bcond_without snmp # build without SNMP support
12 %bcond_without inline # build without inline support
13 %bcond_without prelude # build without prelude support
14 %bcond_without clamav # build w/o ClamAV preprocessor support (anti-vir)
15 %bcond_with registered # build with rules available for registered users
17 Summary: Network intrusion detection system (IDS/IPS)
18 Summary(pl): System wykrywania intruzów w sieciach (IDS/IPS)
19 Summary(pt_BR): Ferramenta de detecção de intrusos
20 Summary(ru): Snort - ÓÉÓÔÅÍÁ ÏÂÎÁÒÕÖÅÎÉÑ ÐÏÐÙÔÏË ×ÔÏÒÖÅÎÉÑ × ÓÅÔØ
21 Summary(uk): Snort - ÓÉÓÔÅÍÁ ×ÉÑ×ÌÅÎÎÑ ÓÐÒÏ ×ÔÏÒÇÎÅÎÎÑ × ÍÅÒÅÖÕ
25 License: GPL v2 (vrt rules on VRT-License)
27 Source0: http://www.snort.org/dl/current/%{name}-%{version}.tar.gz
28 # Source0-md5: 108b3c20dcbaf3cdb17ea9203342eaaa
29 Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/%{name}rules-pr-2.4.tar.gz
30 # Source1-md5: 35d9a2486f8c0280bb493aa03c011927
31 %if %{with registered}
32 Source2: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/%{name}rules-snapshot-2.4.tar.gz
33 # NoSource2-md5: 79af87cda3321bd64279038f9352c1b3
36 Source3: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz
37 # Source3-md5: 639d98ed81314723f4dee0b3100f7a19
39 Source5: %{name}.logrotate
40 Patch0: %{name}-libnet1.patch
41 Patch1: %{name}-lib64.patch
42 # http://www.bleedingsnort.com/staticpages/index.php?page=snort-clamav
43 Patch2: %{name}-2.4.3-clamonly.diff
44 URL: http://www.snort.org/
45 BuildRequires: autoconf
46 BuildRequires: automake
47 %{?with_inline:BuildRequires: iptables-devel}
48 BuildRequires: libnet1-devel = 1.0.2a
49 BuildRequires: libpcap-devel
50 %{?with_prelude:BuildRequires: libprelude-devel}
51 %{?with_mysql:BuildRequires: mysql-devel}
52 %{?with_snmp:BuildRequires: net-snmp-devel >= 5.0.7}
53 BuildRequires: openssl-devel >= 0.9.7d
54 BuildRequires: pcre-devel
55 %{?with_pgsql:BuildRequires: postgresql-devel}
56 BuildRequires: rpmbuild(macros) >= 1.202
57 BuildRequires: rpmbuild(macros) >= 1.268
58 BuildRequires: zlib-devel
59 %{?with_clamav:BuildRequires: clamav-devel}
60 Requires(post,preun): /sbin/chkconfig
61 Requires(postun): /usr/sbin/groupdel
62 Requires(postun): /usr/sbin/userdel
63 Requires(pre): /bin/id
64 Requires(pre): /usr/bin/getgid
65 Requires(pre): /usr/sbin/groupadd
66 Requires(pre): /usr/sbin/useradd
67 Requires: libnet1 = 1.0.2a
68 Requires: rc-scripts >= 0.2.0
69 Provides: group(snort)
70 %{?with_mysql:Provides: snort(mysql) = %{version}}
71 %{?with_pgsql:Provides: snort(pgsql) = %{version}}
73 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
75 %define _sysconfdir /etc/snort
76 %define _bindir %{_sbindir}
79 Snort is an open source network intrusion detection system, capable of
80 performing real-time traffic analysis and packet logging on IP
81 networks. It can perform protocol analysis and content
82 searching/matching in order to detect a variety of attacks and probes,
83 such as buffer overflows, stealth port scans, CGI attacks, SMB probes,
84 OS fingerprinting attempts, and much more. Snort uses a flexible rules
85 language to describe traffic that it should collect or pass, as well
86 as a detection engine that utilizes a modular plugin architecture.
87 Snort has a real- time alerting capability as well, incorporating
88 alerting mechanisms for syslog, user specified files, a UNIX socket,
89 or WinPopup messages to Windows clients using Samba's smbclient.
91 Sourcefire VRT Certified Rules requires registration.
92 https://www.snort.org/pub-bin/register.cgi
95 Snort to bazuj±cy na open source NIDS (network intrusion detection
96 systems) wykonuj±cy w czasie rzeczywistym analizê ruchu oraz logowanie
97 pakietów w sieciach IP. Jego mo¿liwo¶ci to analiza protoko³u oraz
98 zawarto¶ci w poszukiwaniu ró¿nego rodzaju ataków lub prób takich jak
99 przepe³nienia bufora, skanowanie portów typu stealth, ataki CGI,
100 próbkowanie SMB, OS fingerprinting i du¿o wiêcej. Snort u¿ywa
101 elastycznego jêzyka regu³ek do opisu ruchu, który nale¿y
102 przeanalizowaæ jak równie¿ silnika wykrywaj±cego, wykorzystuj±cego
103 modu³ow± architekturê. Snort umo¿liwia alarmowanie w czasie
104 rzeczywistym poprzez sysloga, osobny plik lub jako wiadomo¶æ WinPopup
105 poprzez klienta Samby: smbclient.
107 Regu³y certyfikowane poprzez Sourcefire wymagaj± rejestracji.
108 https://www.snort.org/pub-bin/register.cgi
110 %description -l pt_BR
111 Snort é um sniffer baseado em libpcap que pode ser usado como um
112 pequeno sistema de detecção de intrusos. Tem como característica o
113 registro de pacotes baseado em regras e também pode executar uma
114 análise do protocolo, pesquisa de padrões e detectar uma variedade de
115 assinaturas de ataques, como estouros de buffer, varreduras "stealth"
116 de portas, ataques CGI, pesquisas SMB, tentativas de descobrir o
117 sistema operacional e muito mais. Possui um sistema de alerta em tempo
118 real, com alertas enviados para o syslog, um arquivo de alertas em
119 separado ou como uma mensagem Winpopup.
122 Snort - ÜÔÏ ÓÎÉÆÆÅÒ ÐÁËÅÔÏ×, ËÏÔÏÒÙÊ ÍÏÖÅÔ ÉÓÐÏÌØÚÏ×ÁÔØÓÑ ËÁË ÓÉÓÔÅÍÁ
123 ÏÂÎÁÒÕÖÅÎÉÑ ÐÏÐÙÔÏË ×ÔÏÒÖÅÎÉÑ × ÓÅÔØ. Snort ÐÏÄÄÅÒÖÉ×ÁÅÔ
124 ÐÒÏÔÏËÏÌÉÒÏ×ÁÎÉÅ ÐÁËÅÔÏ× ÎÁ ÏÓÎÏ×Å ÐÒÁ×ÉÌ, ÍÏÖÅÔ ×ÙÐÏÌÎÑÔØ ÁÎÁÌÉÚ
125 ÐÒÏÔÏËÏÌÏ×, ÐÏÉÓË × ÓÏÄÅÒÖÉÍÏÍ ÐÁËÅÔÏ×. íÏÖÅÔ ÔÁËÖÅ ÉÓÐÏÌØÚÏ×ÁÔØÓÑ ÄÌÑ
126 ÏÂÎÁÒÕÖÅÎÉÑ ÁÔÁË É "ÒÁÚ×ÅÄÏË", ÔÁËÉÈ ËÁË ÐÏÐÙÔËÉ ÁÔÁË ÔÉÐÁ
127 "ÐÅÒÅÐÏÌÎÅÎÉÅ ÂÕÆÅÒÁ", ÓËÒÙÔÏÇÏ ÓËÁÎÉÒÏ×ÁÎÉÑ ÐÏÒÔÏ×, CGI ÁÔÁË, SMB
128 ÒÁÚ×ÅÄÏË, ÐÏÐÙÔÏË ÏÂÎÁÒÕÖÅÎÉÑ ÔÉÐÁ ïó É ÍÎÏÇÏ ÄÒÕÇÏÇÏ. Snort ÍÏÖÅÔ
129 ÉÎÆÏÒÍÉÒÏ×ÁÔØ Ï ÓÏÂÙÔÉÑÈ × ÒÅÁÌØÎÏÍ ×ÒÅÍÅÎÉ, ÐÏÓÙÌÁÑ ÓÏÏÂÝÅÎÉÑ ×
130 syslog, ÏÔÄÅÌØÎÙÊ ÆÁÊÌ ÉÌÉ ËÁË WinPopup ÓÏÏÂÝÅÎÉÑ ÞÅÒÅÚ smbclient.
133 Snort - ÃÅ ÓΦÆÅÒ ÐÁËÅÔ¦×, ÝÏ ÍÏÖÅ ×ÉËÏÒÉÓÔÏ×Õ×ÁÔÉÓØ ÑË ÓÉÓÔÅÍÁ
134 ×ÉÑ×ÌÅÎÎÑ ÓÐÒÏ ×ÔÏÒÇÎÅÎØ × ÍÅÒÅÖÕ. Snort ЦÄÔÒÉÍÕ¤ ÐÒÏÔÏËÏÌÀ×ÁÎÎÑ
135 ÐÁËÅÔ¦× ÎÁ ÏÓÎÏצ ÐÒÁ×ÉÌ, ÍÏÖÅ ×ÉËÏÎÕ×ÁÔÉ ÁÎÁÌ¦Ú ÐÒÏÔÏËÏ̦×, ÐÏÛÕË Õ
136 ×ͦÓÔ¦ ÐÁËÅÔ¦×. íÏÖÅ ÔÁËÏÖ ×ÉËÏÒÉÓÔÏ×Õ×ÁÔÉÓØ ÄÌÑ ×ÉÑ×ÌÅÎÎÑ ÁÔÁË ÔÁ
137 "ÒÏÚצÄÏË", ÔÁËÉÈ ÑË ÓÐÒÏÂÉ ÁÔÁË ÔÉÐÕ "ÐÅÒÅÐÏ×ÎÅÎÎÑ ÂÕÆÅÒÁ",
138 ÐÒÉÈÏ×ÁÎÏÇÏ ÓËÁÎÕ×ÁÎÎÑ ÐÏÒÔ¦×, CGI ÁÔÁË, SMB ÒÏÚצÄÏË, ÓÐÒÏ ×ÉÑ×ÌÅÎÎÑ
139 ÔÉÐÕ ïó ÔÁ ÂÁÇÁÔÏ ¦ÎÛÏÇÏ. Snort ÍÏÖÅ ¦ÎÆÏÒÍÕ×ÁÔÉ ÐÒÏ ÐÏĦ§ × ÒÅÁÌØÎÏÍÕ
140 ÞÁÓ¦, ÎÁÄÓÉÌÁÀÞÉ ÐÏצÄÏÍÌÅÎÎÑ ÄÏ syslog, ÏËÒÅÍÏÇÏ ÆÁÊÌÕ ÞÉ ÑË WinPopup
141 ÐÏצÄÏÍÌÅÎÎÑ ÞÅÒÅÚ smbclient.
144 %setup -q %{!?with_registered:-a1} %{?with_registered:-a2} -a3
146 %if "%{_lib}" == "lib64"
149 %{?with_clamav:%patch2 -p1}
151 sed -i "s#var\ RULE_PATH.*#var RULE_PATH /etc/snort/rules#g" rules/snort.conf
154 for I in community-*.rules; do
155 echo "include \$RULE_PATH/$I" >> snort.conf
163 # we don't need libnsl, so don't use it
168 %{?with_inline:--enable-inline } \
169 %{?with_inline:--with-libipq-includes=%{_includedir}/libipq } \
170 --with-libnet-includes=%{_includedir} \
171 --with%{!?with_snmp:out}-snmp \
173 --enable-perfmonitor \
174 --with%{!?with_pgsql:out}-postgresql \
175 --with%{!?with_mysql:out}-mysql \
176 %{?with_prelude:--enable-prelude } \
177 %{?with_clamav:--enable-clamav --with-clamav-defdir=/var/lib/clamav}
182 rm -rf $RPM_BUILD_ROOT
183 install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,%{name},cron.daily,logrotate.d} \
184 $RPM_BUILD_ROOT%{_var}/log/{%{name},archiv/%{name}} \
185 $RPM_BUILD_ROOT%{_datadir}/mibs/site \
186 $RPM_BUILD_ROOT%{_sysconfdir}/rules
189 DESTDIR=$RPM_BUILD_ROOT
191 install rules/*.config $RPM_BUILD_ROOT%{_sysconfdir}
192 install etc/unicode.map $RPM_BUILD_ROOT%{_sysconfdir}
193 install rules/*.rules $RPM_BUILD_ROOT%{_sysconfdir}/rules
194 install %{SOURCE4} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
195 install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/%{name}
196 install rules/snort.conf $RPM_BUILD_ROOT%{_sysconfdir}
199 mv schemas/create_mysql schemas/create_mysql.sql
200 mv schemas/create_postgresql schemas/create_postgresql.sql
203 rm -rf $RPM_BUILD_ROOT
206 %groupadd -g 46 -r snort
207 %useradd -u 46 -g snort -M -r -d %{_var}/log/snort -s /bin/false -c "SNORT IDS/IPS" snort
210 /sbin/chkconfig --add snort
211 %service snort restart
212 if [ "$1" = 1 ]; then
213 %banner -e %{name} <<-EOF
214 To run snort you must download and install snort rules.
215 poldek -u snort-rules or download from http://www.snort.org/
221 if [ "$1" = "0" ] ; then
223 /sbin/chkconfig --del snort
227 if [ "$1" = "0" ] ; then
233 %defattr(644,root,root,755)
234 %doc doc/{AUTHORS,BUGS,CREDITS,NEWS,PROBLEMS,README*,RULES.todo,TODO,USAGE,WISHLIST,*.pdf}
235 %doc schemas/create_{mysql,postgresql}.sql
236 %attr(755,root,root) %{_sbindir}/*
237 %attr(770,root,snort) %dir %{_var}/log/snort
238 %attr(770,root,snort) %dir %{_var}/log/archiv/%{name}
239 %attr(750,root,snort) %dir %{_sysconfdir}
240 %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/unicode.map
241 %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.config
242 %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/snort.conf
243 %attr(750,root,snort) %dir %{_sysconfdir}/rules
244 %attr(640,root,snort) %{_sysconfdir}/rules/*
245 %attr(754,root,root) /etc/rc.d/init.d/%{name}
246 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/*