#
# Conditional build:
%bcond_without	pgsql # build without PostgreSQL storage support
%bcond_without	mysql # build without MySQL storage support
%bcond_without	snmp  # build without SNMP support
#
Summary:	Network intrusion detection system
Summary(pl):	System wykrywania intruzów w sieciach
Summary(pt_BR):	Ferramenta de detecção de intrusos
Summary(ru):	Snort - ÓÉÓÔÅÍÁ ÏÂÎÁÒÕÖÅÎÉÑ ÐÏÐÙÔÏË ×ÔÏÒÖÅÎÉÑ × ÓÅÔØ
Summary(uk):	Snort - ÓÉÓÔÅÍÁ ×ÉÑ×ÌÅÎÎÑ ÓÐÒÏ ×ÔÏÒÇÎÅÎÎÑ × ÍÅÒÅÖÕ
Name:		snort
Version:	2.1.0
Release:	0.1
License:	GPL
Vendor:		Marty Roesch <roesch@sourcefire.com>
Group:		Networking
Source0:	http://www.snort.org/dl/%{name}-%{version}.tar.gz
# Source0-md5:	1da6d683d18b39a72a3c277e8deffc69
Source1:	http://www.snort.org/dl/rules/%{name}rules-stable.tar.gz
# Source1-md5:	ba533cbb63c7ac78fb1b0ac1b9336de4
Source2:	%{name}.init
Source3:	%{name}.logrotate
Source4:	%{name}.conf
Patch0:		%{name}-libnet1.patch
URL:		http://www.snort.org/
BuildRequires:	autoconf
BuildRequires:	automake
BuildRequires:	libnet1-devel
BuildRequires:	libpcap-devel
%{?with_mysql:BuildRequires:	mysql-devel}
%{?with_snmp:BuildRequires:	net-snmp-devel >= 5.0.7}
BuildRequires:	openssl-devel >= 0.9.7c
%{?with_pgsql:BuildRequires:	postgresql-devel}
BuildRequires:	pcre-devel
BuildRequires:	zlib-devel
PreReq:		rc-scripts >= 0.2.0
Requires(pre):	/usr/bin/getgid
Requires(pre):	/bin/id
Requires(pre):	/usr/sbin/groupadd
Requires(pre):	/usr/sbin/useradd
Requires(post,preun):	/sbin/chkconfig
Requires(postun):	/usr/sbin/userdel
Requires(postun):	/usr/sbin/groupdel
%{?with_mysql:Provides:	snort(mysql) = %{version}}
%{?with_pgsql:Provides:	snort(pgsql) = %{version}}
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_sysconfdir	/etc/snort
%define		_bindir		%{_sbindir}

%description
Snort is an open source network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP
networks. It can perform protocol analysis and content
searching/matching in order to detect a variety of attacks and probes,
such as buffer overflows, stealth port scans, CGI attacks, SMB probes,
OS fingerprinting attempts, and much more. Snort uses a flexible rules
language to describe traffic that it should collect or pass, as well
as a detection engine that utilizes a modular plugin architecture.
Snort has a real- time alerting capability as well, incorporating
alerting mechanisms for syslog, user specified files, a UNIX socket,
or WinPopup messages to Windows clients using Samba's smbclient.

%description -l pl
Snort to bazuj±cy na open source NIDS (network intrusion detection
systems) wykonuj±cy w czasie rzeczywistym analizê ruchu oraz logowanie
pakietów w sieciach IP. Jego mo¿liwo¶ci to analiza protoko³u oraz
zawarto¶ci w poszukiwaniu ró¿nego rodzaju ataków lub prób takich jak
przepe³nienia bufora, skanowanie portów typu stealth, ataki CGI,
próbkowanie SMB, OS fingerprinting i du¿o wiêcej. Snort u¿ywa
elastycznego jêzyka regu³ek do opisu ruchu, który nale¿y
przeanalizowaæ jak równie¿ silnika wykrywaj±cego, wykorzystuj±cego
modu³ow± architekturê. Snort umo¿liwia alarmowanie w czasie
rzeczywistym poprzez sysloga, osobny plik lub jako wiadomo¶æ WinPopup
poprzez klienta Samby: smbclient.

%description -l pt_BR
Snort é um sniffer baseado em libpcap que pode ser usado como um
pequeno sistema de detecção de intrusos. Tem como característica o
registro de pacotes baseado em regras e também pode executar uma
análise do protocolo, pesquisa de padrões e detectar uma variedade de
assinaturas de ataques, como estouros de buffer, varreduras "stealth"
de portas, ataques CGI, pesquisas SMB, tentativas de descobrir o
sistema operacional e muito mais. Possui um sistema de alerta em tempo
real, com alertas enviados para o syslog, um arquivo de alertas em
separado ou como uma mensagem Winpopup.

%description -l ru
Snort - ÜÔÏ ÓÎÉÆÆÅÒ ÐÁËÅÔÏ×, ËÏÔÏÒÙÊ ÍÏÖÅÔ ÉÓÐÏÌØÚÏ×ÁÔØÓÑ ËÁË ÓÉÓÔÅÍÁ
ÏÂÎÁÒÕÖÅÎÉÑ ÐÏÐÙÔÏË ×ÔÏÒÖÅÎÉÑ × ÓÅÔØ. Snort ÐÏÄÄÅÒÖÉ×ÁÅÔ
ÐÒÏÔÏËÏÌÉÒÏ×ÁÎÉÅ ÐÁËÅÔÏ× ÎÁ ÏÓÎÏ×Å ÐÒÁ×ÉÌ, ÍÏÖÅÔ ×ÙÐÏÌÎÑÔØ ÁÎÁÌÉÚ
ÐÒÏÔÏËÏÌÏ×, ÐÏÉÓË × ÓÏÄÅÒÖÉÍÏÍ ÐÁËÅÔÏ×. íÏÖÅÔ ÔÁËÖÅ ÉÓÐÏÌØÚÏ×ÁÔØÓÑ ÄÌÑ
ÏÂÎÁÒÕÖÅÎÉÑ ÁÔÁË É "ÒÁÚ×ÅÄÏË", ÔÁËÉÈ ËÁË ÐÏÐÙÔËÉ ÁÔÁË ÔÉÐÁ
"ÐÅÒÅÐÏÌÎÅÎÉÅ ÂÕÆÅÒÁ", ÓËÒÙÔÏÇÏ ÓËÁÎÉÒÏ×ÁÎÉÑ ÐÏÒÔÏ×, CGI ÁÔÁË, SMB
ÒÁÚ×ÅÄÏË, ÐÏÐÙÔÏË ÏÂÎÁÒÕÖÅÎÉÑ ÔÉÐÁ ïó É ÍÎÏÇÏ ÄÒÕÇÏÇÏ. Snort ÍÏÖÅÔ
ÉÎÆÏÒÍÉÒÏ×ÁÔØ Ï ÓÏÂÙÔÉÑÈ × ÒÅÁÌØÎÏÍ ×ÒÅÍÅÎÉ, ÐÏÓÙÌÁÑ ÓÏÏÂÝÅÎÉÑ ×
syslog, ÏÔÄÅÌØÎÙÊ ÆÁÊÌ ÉÌÉ ËÁË WinPopup ÓÏÏÂÝÅÎÉÑ ÞÅÒÅÚ smbclient.

%description -l uk
Snort - ÃÅ ÓΦÆÅÒ ÐÁËÅÔ¦×, ÝÏ ÍÏÖÅ ×ÉËÏÒÉÓÔÏ×Õ×ÁÔÉÓØ ÑË ÓÉÓÔÅÍÁ
×ÉÑ×ÌÅÎÎÑ ÓÐÒÏ ×ÔÏÒÇÎÅÎØ × ÍÅÒÅÖÕ. Snort ЦÄÔÒÉÍÕ¤ ÐÒÏÔÏËÏÌÀ×ÁÎÎÑ
ÐÁËÅÔ¦× ÎÁ ÏÓÎÏצ ÐÒÁ×ÉÌ, ÍÏÖÅ ×ÉËÏÎÕ×ÁÔÉ ÁÎÁÌ¦Ú ÐÒÏÔÏËÏ̦×, ÐÏÛÕË Õ
×ͦÓÔ¦ ÐÁËÅÔ¦×. íÏÖÅ ÔÁËÏÖ ×ÉËÏÒÉÓÔÏ×Õ×ÁÔÉÓØ ÄÌÑ ×ÉÑ×ÌÅÎÎÑ ÁÔÁË ÔÁ
"ÒÏÚצÄÏË", ÔÁËÉÈ ÑË ÓÐÒÏÂÉ ÁÔÁË ÔÉÐÕ "ÐÅÒÅÐÏ×ÎÅÎÎÑ ÂÕÆÅÒÁ",
ÐÒÉÈÏ×ÁÎÏÇÏ ÓËÁÎÕ×ÁÎÎÑ ÐÏÒÔ¦×, CGI ÁÔÁË, SMB ÒÏÚצÄÏË, ÓÐÒÏ ×ÉÑ×ÌÅÎÎÑ
ÔÉÐÕ ïó ÔÁ ÂÁÇÁÔÏ ¦ÎÛÏÇÏ. Snort ÍÏÖÅ ¦ÎÆÏÒÍÕ×ÁÔÉ ÐÒÏ ÐÏĦ§ × ÒÅÁÌØÎÏÍÕ
ÞÁÓ¦, ÎÁÄÓÉÌÁÀÞÉ ÐÏצÄÏÍÌÅÎÎÑ ÄÏ syslog, ÏËÒÅÍÏÇÏ ÆÁÊÌÕ ÞÉ ÑË WinPopup
ÐÏצÄÏÍÌÅÎÎÑ ÞÅÒÅÚ smbclient.

%prep
%setup -q -a1
%patch0 -p1

%build
%{__aclocal}
%{__autoconf}
%{__automake}
# we don't need libnsl, so don't use it
%configure \
	no_libnsl=yes \
	--enable-smbalerts \
	--enable-flexresp \
	--with-libnet-includes=/usr/include/libnet1 \
	--with%{!?with_snmp:out}-snmp \
	--without-odbc \
	--with%{!?with_pgsql:out}-postgresql \
	--with%{!?with_mysql:out}-mysql

%{__make}

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,%{name},cron.daily,logrotate.d} \
	$RPM_BUILD_ROOT%{_var}/log/{%{name},archiv/%{name}} \
	$RPM_BUILD_ROOT%{_datadir}/mibs/site \
	$RPM_BUILD_ROOT%{_sysconfdir}/rules

%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

install rules/*.config	$RPM_BUILD_ROOT%{_sysconfdir}
install rules/*.rules	$RPM_BUILD_ROOT%{_sysconfdir}/rules
install %{SOURCE2}	$RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
install %{SOURCE3}	$RPM_BUILD_ROOT/etc/logrotate.d/%{name}
install %{SOURCE4}	$RPM_BUILD_ROOT%{_sysconfdir}

%clean
rm -rf $RPM_BUILD_ROOT

%pre
if [ -z "`getgid %{name}`" ]; then
	/usr/sbin/groupadd -g 46 -r snort 2> /dev/null || true
fi

if [ -z "`id -u %{name} 2>/dev/null`" ]; then
	/usr/sbin/useradd -u 46 -g %{name} -M -r -d %{_var}/log/%{name} -s /bin/false \
		-c "SNORT" snort 2> /dev/null || true
fi

%post
if [ "$1" = "1" ] ; then
	/sbin/chkconfig --add snort
fi
if [ -f /var/lock/subsys/snort ]; then
        /etc/rc.d/init.d/snort restart 1>&2
else
        echo "Run \"/etc/rc.d/init.d/snort start\" to start Snort daemon."
fi


%preun
if [ "$1" = "0" ] ; then
	if [ -f /var/lock/subsys/snort ]; then
		/etc/rc.d/init.d/snort stop 1>&2
	fi
	/sbin/chkconfig --del snort
fi

%postun
if [ "$1" = "0" ] ; then
	/usr/sbin/userdel snort 2> /dev/null || true
	/usr/sbin/groupdel snort 2> /dev/null || true
fi

%files
%defattr(644,root,root,755)
%doc doc/{AUTHORS,BUGS,CREDITS,FAQ,NEWS,README*,RULES*,TODO,USAGE}
%doc contrib/create* doc/*.pdf
%attr(755,root,root) %{_sbindir}/*
%attr(770,root,snort) %dir %{_var}/log/%{name}
%attr(770,root,snort) %dir %{_var}/log/archiv/%{name}
%attr(750,root,snort) %dir %{_sysconfdir}
%attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.config
%attr(640,root,snort) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/snort.conf
%attr(750,root,snort) %dir %{_sysconfdir}/rules
%attr(640,root,snort) %{_sysconfdir}/rules/*
%attr(750,root,root) /etc/rc.d/init.d/%{name}
%attr(640,root,root) /etc/logrotate.d/*
%{_mandir}/man?/*