]>
Commit | Line | Data |
---|---|---|
946f7ae3 | 1 | # |
2 | # TODO: - snort rules - fix description | |
9d61ae4f | 3 | # - clamav support - cleanup, add some docs |
cb19b407 | 4 | # - snort_inline - prepare separate sets of config-files, rules |
9d61ae4f | 5 | # and startup script, adds some docs |
12e2e783 | 6 | # - snort 2.6 |
01f3f79b | 7 | # |
e817c488 | 8 | # Conditional build: |
06de0dc4 | 9 | %bcond_without pgsql # build without PostgreSQL storage support |
10 | %bcond_without mysql # build without MySQL storage support | |
11 | %bcond_without snmp # build without SNMP support | |
ed9cb559 | 12 | %bcond_without inline # build without inline support |
13 | %bcond_without prelude # build without prelude support | |
9d61ae4f | 14 | %bcond_without clamav # build w/o ClamAV preprocessor support (anti-vir) |
12e2e783 | 15 | %bcond_with registered # build with rules available for registered users |
01f3f79b | 16 | # |
92ea8dee | 17 | Summary: Network intrusion detection system (IDS/IPS) |
cbf82e1d ER |
18 | Summary(pl.UTF-8): System wykrywania intruzów w sieciach (IDS/IPS) |
19 | Summary(pt_BR.UTF-8): Ferramenta de detecção de intrusos | |
20 | Summary(ru.UTF-8): Snort - система обнаружения попыток вторжения в сеть | |
21 | Summary(uk.UTF-8): Snort - система виявлення спроб вторгнення в мережу | |
8775223f | 22 | Name: snort |
76b05458 | 23 | Version: 2.8.4.1 |
7bd3aa64 | 24 | Release: 4 |
12e2e783 | 25 | License: GPL v2 (vrt rules on VRT-License) |
b3907a72 | 26 | Group: Networking |
76b05458 | 27 | Source0: http://www.snort.org/dl/%{name}-%{version}.tar.gz |
28 | # Source0-md5: 63f4e76ae96a2d133f4c7b741bad5458 | |
57c9b91b AM |
29 | Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/%{name}rules-pr-2.4.tar.gz |
30 | # Source1-md5: 35d9a2486f8c0280bb493aa03c011927 | |
12e2e783 | 31 | %if %{with registered} |
0e511834 | 32 | Source2: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/%{name}rules-snapshot-2.6.tar.gz |
33 | # NoSource2-md5: 0405ec828cf9ad85a03cbf670818f690 | |
12e2e783 | 34 | NoSource: 2 |
35 | %endif | |
36 | Source3: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz | |
0e511834 | 37 | # Source3-md5: f236b8a4ac12e99d3e7bd81bf3b5a482 |
12e2e783 | 38 | Source4: %{name}.init |
39 | Source5: %{name}.logrotate | |
2eb1dd1f | 40 | Patch0: %{name}-libnet1.patch |
93847025 | 41 | Patch1: %{name}-lib64.patch |
4529e62c | 42 | Patch2: %{name}-link.patch |
5ad2f8a8 | 43 | URL: http://www.snort.org/ |
08df69e6 JB |
44 | BuildRequires: autoconf |
45 | BuildRequires: automake | |
cb19b407 | 46 | %{?with_clamav:BuildRequires: clamav-devel} |
27fdff69 | 47 | %{?with_inline:BuildRequires: iptables-devel} |
f479ddcb | 48 | BuildRequires: libnet-devel |
5d617823 | 49 | BuildRequires: libnet1-devel = 1.0.2a |
b3907a72 | 50 | BuildRequires: libpcap-devel |
ed9cb559 | 51 | %{?with_prelude:BuildRequires: libprelude-devel} |
48886295 | 52 | BuildRequires: libtool |
e994eac2 | 53 | %{?with_mysql:BuildRequires: mysql-devel} |
54 | %{?with_snmp:BuildRequires: net-snmp-devel >= 5.0.7} | |
95620817 | 55 | BuildRequires: openssl-devel >= 0.9.7d |
2cc2dce2 | 56 | BuildRequires: pcre-devel |
d9c3717f | 57 | %{?with_pgsql:BuildRequires: postgresql-devel} |
31126327 | 58 | BuildRequires: rpmbuild(macros) >= 1.202 |
2fa6d1a5 | 59 | BuildRequires: rpmbuild(macros) >= 1.268 |
d87f0eb8 | 60 | BuildRequires: zlib-devel |
27fdff69 | 61 | Requires(post,preun): /sbin/chkconfig |
62 | Requires(postun): /usr/sbin/groupdel | |
63 | Requires(postun): /usr/sbin/userdel | |
08df69e6 | 64 | Requires(pre): /bin/id |
d9c3717f | 65 | Requires(pre): /usr/bin/getgid |
08df69e6 JB |
66 | Requires(pre): /usr/sbin/groupadd |
67 | Requires(pre): /usr/sbin/useradd | |
5d617823 | 68 | Requires: libnet1 = 1.0.2a |
27fdff69 | 69 | Requires: rc-scripts >= 0.2.0 |
d9c3717f | 70 | Provides: group(snort) |
e994eac2 | 71 | %{?with_mysql:Provides: snort(mysql) = %{version}} |
72 | %{?with_pgsql:Provides: snort(pgsql) = %{version}} | |
d9c3717f | 73 | Provides: user(snort) |
cb19b407 | 74 | Obsoletes: snort-rules |
c40a7757 | 75 | Conflicts: logrotate < 3.7-4 |
5ad2f8a8 | 76 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
77 | ||
5ad2f8a8 | 78 | %define _bindir %{_sbindir} |
ab81a4d5 | 79 | |
80 | %description | |
99fed451 AM |
81 | Snort is an open source network intrusion detection system, capable of |
82 | performing real-time traffic analysis and packet logging on IP | |
83 | networks. It can perform protocol analysis and content | |
84 | searching/matching in order to detect a variety of attacks and probes, | |
85 | such as buffer overflows, stealth port scans, CGI attacks, SMB probes, | |
86 | OS fingerprinting attempts, and much more. Snort uses a flexible rules | |
87 | language to describe traffic that it should collect or pass, as well | |
88 | as a detection engine that utilizes a modular plugin architecture. | |
89 | Snort has a real- time alerting capability as well, incorporating | |
90 | alerting mechanisms for syslog, user specified files, a UNIX socket, | |
91 | or WinPopup messages to Windows clients using Samba's smbclient. | |
b3907a72 | 92 | |
67a06db2 | 93 | Sourcefire VRT Certified Rules requires registration. |
94 | https://www.snort.org/pub-bin/register.cgi | |
95 | ||
27666db8 JR |
96 | %description -l pl.UTF-8 |
97 | Snort to bazujący na open source NIDS (network intrusion detection | |
98 | systems) wykonujący w czasie rzeczywistym analizę ruchu oraz logowanie | |
99 | pakietów w sieciach IP. Jego możliwości to analiza protokołu oraz | |
100 | zawartości w poszukiwaniu różnego rodzaju ataków lub prób takich jak | |
101 | przepełnienia bufora, skanowanie portów typu stealth, ataki CGI, | |
102 | próbkowanie SMB, OS fingerprinting i dużo więcej. Snort używa | |
103 | elastycznego języka regułek do opisu ruchu, który należy | |
104 | przeanalizować jak również silnika wykrywającego, wykorzystującego | |
105 | modułową architekturę. Snort umożliwia alarmowanie w czasie | |
106 | rzeczywistym poprzez sysloga, osobny plik lub jako wiadomość WinPopup | |
99fed451 AM |
107 | poprzez klienta Samby: smbclient. |
108 | ||
27666db8 | 109 | Reguły certyfikowane poprzez Sourcefire wymagają rejestracji. |
67a06db2 | 110 | https://www.snort.org/pub-bin/register.cgi |
111 | ||
27666db8 JR |
112 | %description -l pt_BR.UTF-8 |
113 | Snort é um sniffer baseado em libpcap que pode ser usado como um | |
114 | pequeno sistema de detecção de intrusos. Tem como característica o | |
115 | registro de pacotes baseado em regras e também pode executar uma | |
116 | análise do protocolo, pesquisa de padrões e detectar uma variedade de | |
0955b0c3 | 117 | assinaturas de ataques, como estouros de buffer, varreduras "stealth" |
118 | de portas, ataques CGI, pesquisas SMB, tentativas de descobrir o | |
119 | sistema operacional e muito mais. Possui um sistema de alerta em tempo | |
120 | real, com alertas enviados para o syslog, um arquivo de alertas em | |
121 | separado ou como uma mensagem Winpopup. | |
ab81a4d5 | 122 | |
27666db8 JR |
123 | %description -l ru.UTF-8 |
124 | Snort - это сниффер пакетов, который может использоваться как система | |
125 | обнаружения попыток вторжения в сеть. Snort поддерживает | |
126 | протоколирование пакетов на основе правил, может выполнять анализ | |
127 | протоколов, поиск в содержимом пакетов. Может также использоваться для | |
128 | обнаружения атак и "разведок", таких как попытки атак типа | |
129 | "переполнение буфера", скрытого сканирования портов, CGI атак, SMB | |
130 | разведок, попыток обнаружения типа ОС и много другого. Snort может | |
131 | информировать о событиях в реальном времени, посылая сообщения в | |
132 | syslog, отдельный файл или как WinPopup сообщения через smbclient. | |
cd357cee | 133 | |
27666db8 JR |
134 | %description -l uk.UTF-8 |
135 | Snort - це сніфер пакетів, що може використовуватись як система | |
136 | виявлення спроб вторгнень в мережу. Snort підтримує протоколювання | |
137 | пакетів на основі правил, може виконувати аналіз протоколів, пошук у | |
138 | вмісті пакетів. Може також використовуватись для виявлення атак та | |
139 | "розвідок", таких як спроби атак типу "переповнення буфера", | |
140 | прихованого сканування портів, CGI атак, SMB розвідок, спроб виявлення | |
141 | типу ОС та багато іншого. Snort може інформувати про події в реальному | |
142 | часі, надсилаючи повідомлення до syslog, окремого файлу чи як WinPopup | |
143 | повідомлення через smbclient. | |
cd357cee | 144 | |
ab81a4d5 | 145 | %prep |
12e2e783 | 146 | %setup -q %{!?with_registered:-a1} %{?with_registered:-a2} -a3 |
2eb1dd1f | 147 | %patch0 -p1 |
3764a1c8 AM |
148 | %if "%{_lib}" == "lib64" |
149 | %patch1 -p1 | |
93847025 | 150 | %endif |
4529e62c | 151 | %patch2 -p1 |
ab81a4d5 | 152 | |
6a0c25e4 | 153 | sed -i "s#var\ RULE_PATH.*#var RULE_PATH /etc/snort/rules#g" rules/snort.conf |
154 | _DIR=$(pwd) | |
155 | cd rules | |
156 | for I in community-*.rules; do | |
157 | echo "include \$RULE_PATH/$I" >> snort.conf | |
158 | done | |
159 | cd $_DIR | |
160 | ||
ab81a4d5 | 161 | %build |
e0b76e62 | 162 | %{__libtoolize} |
4529e62c | 163 | %{__aclocal} -I m4 |
89e97d3b | 164 | %{__autoconf} |
165 | %{__automake} | |
e1df464a | 166 | # we don't need libnsl, so don't use it |
b3907a72 | 167 | %configure \ |
af18b2c0 | 168 | no_libnsl=yes \ |
b3907a72 | 169 | --enable-smbalerts \ |
99fed451 | 170 | --enable-flexresp \ |
b59b1a6c | 171 | %{?with_inline:--enable-inline } \ |
ed9cb559 | 172 | %{?with_inline:--with-libipq-includes=%{_includedir}/libipq } \ |
4a699f86 | 173 | --with-libnet-includes=%{_includedir} \ |
e994eac2 | 174 | --with%{!?with_snmp:out}-snmp \ |
99fed451 | 175 | --without-odbc \ |
80d0fb79 | 176 | --enable-perfmonitor \ |
e994eac2 | 177 | --with%{!?with_pgsql:out}-postgresql \ |
ed9cb559 | 178 | --with%{!?with_mysql:out}-mysql \ |
9d61ae4f | 179 | %{?with_prelude:--enable-prelude } \ |
4529e62c | 180 | %{?with_clamav:--enable-clamav --with-clamav-defdir=/var/lib/clamav} \ |
181 | --enable-pthread | |
99fed451 | 182 | |
76b05458 | 183 | %{__make} -j1 |
ab81a4d5 | 184 | |
185 | %install | |
186 | rm -rf $RPM_BUILD_ROOT | |
48886295 | 187 | install -d $RPM_BUILD_ROOT%{_initrddir} \ |
96b7be9c | 188 | $RPM_BUILD_ROOT%{_sysconfdir}/{%{name},cron.daily,logrotate.d} \ |
aad71c3c | 189 | $RPM_BUILD_ROOT%{_var}/log/{%{name},archive/%{name}} \ |
75d3e2a6 | 190 | $RPM_BUILD_ROOT%{_datadir}/mibs/site \ |
48886295 | 191 | $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/rules |
ab81a4d5 | 192 | |
5ad2f8a8 | 193 | %{__make} install \ |
194 | DESTDIR=$RPM_BUILD_ROOT | |
2917f470 | 195 | |
48886295 | 196 | install rules/*.config $RPM_BUILD_ROOT%{_sysconfdir}/%{name} |
197 | install etc/unicode.map $RPM_BUILD_ROOT%{_sysconfdir}/%{name} | |
198 | install rules/*.rules $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/rules | |
199 | install %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/%{name} | |
200 | install %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name} | |
201 | install rules/snort.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name} | |
6a0c25e4 | 202 | |
f32f1233 | 203 | mv schemas/create_mysql schemas/create_mysql.sql |
204 | mv schemas/create_postgresql schemas/create_postgresql.sql | |
205 | ||
b3907a72 AM |
206 | %clean |
207 | rm -rf $RPM_BUILD_ROOT | |
2917f470 | 208 | |
b3907a72 | 209 | %pre |
31126327 | 210 | %groupadd -g 46 -r snort |
946f7ae3 | 211 | %useradd -u 46 -g snort -M -r -d %{_var}/log/snort -s /bin/false -c "SNORT IDS/IPS" snort |
7e9750d1 | 212 | |
b3907a72 | 213 | %post |
2fa6d1a5 ER |
214 | /sbin/chkconfig --add snort |
215 | %service snort restart | |
2917f470 MP |
216 | |
217 | %preun | |
51402fe7 | 218 | if [ "$1" = "0" ] ; then |
2fa6d1a5 | 219 | %service snort stop |
51402fe7 | 220 | /sbin/chkconfig --del snort |
221 | fi | |
2917f470 MP |
222 | |
223 | %postun | |
51402fe7 | 224 | if [ "$1" = "0" ] ; then |
d9c3717f | 225 | %userremove snort |
226 | %groupremove snort | |
51402fe7 | 227 | fi |
ab81a4d5 | 228 | |
229 | %files | |
b3907a72 | 230 | %defattr(644,root,root,755) |
48886295 | 231 | %doc doc/{AUTHORS,BUGS,CREDITS,INSTALL,NEWS,PROBLEMS,README*,TODO,USAGE,WISHLIST,generators,*.pdf} |
f32f1233 | 232 | %doc schemas/create_{mysql,postgresql}.sql |
980aa956 | 233 | %attr(755,root,root) %{_sbindir}/* |
48886295 | 234 | %attr(770,root,snort) %dir %{_var}/log/%{name} |
51d7d44e | 235 | %attr(770,root,snort) %dir %{_var}/log/archive/%{name} |
48886295 | 236 | %attr(750,root,snort) %dir %{_sysconfdir}/%{name} |
237 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/unicode.map | |
238 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/*.config | |
239 | %attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/%{name}.conf | |
240 | %attr(750,root,snort) %dir %{_sysconfdir}/%{name}/rules | |
96b7be9c | 241 | %attr(640,root,snort) %{_sysconfdir}/%{name}/rules/* |
48886295 | 242 | %attr(754,root,root) %{_initrddir}/%{name} |
96b7be9c | 243 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/* |
99fed451 | 244 | %{_mandir}/man?/* |
48886295 | 245 | %dir %{_libdir}/snort_dynamicengine |
246 | %dir %{_libdir}/snort_dynamicpreprocessor | |
247 | %dir %{_libdir}/snort_dynamicrules | |
248 | %attr(755,root,root) %{_libdir}/snort_dynamicengine/libsf_engine.so* | |
249 | %attr(755,root,root) %{_libdir}/snort_dynamicpreprocessor/*.so* | |
250 | %attr(755,root,root) %{_libdir}/snort_dynamicrules/lib_sfdynamic_example_rule.so* |