openpkg
/
openpkg-packages


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289
							##
##  snort.spec -- OpenPKG RPM Package Specification
##  Copyright (c) 2000-2006 OpenPKG Foundation e.V. <http://openpkg.net/>
##  Copyright (c) 2000-2006 Ralf S. Engelschall <http://engelschall.com/>
##
##  Permission to use, copy, modify, and distribute this software for
##  any purpose with or without fee is hereby granted, provided that
##  the above copyright notice and this permission notice appear in all
##  copies.
##
##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
##  SUCH DAMAGE.
##

#   package version
%define       V_snort      2.6.0
%define       V_rules      2.4
%define       V_oinkmaster 2.0

#   package information
Name:         snort
Summary:      Network Intrusion Detection System
URL:          http://www.snort.org/
Vendor:       B. Caswell, M. Roesch
Packager:     OpenPKG
Distribution: OpenPKG
Class:        BASE
Group:        Network
License:      GPL
Version:      %{V_snort}
Release:      20060606

#   package options
%option       with_fsl    yes
%option       with_mysql  no
%option       with_pgsql  no

#   list of sources
Source0:      http://www.snort.org/dl/current/snort-%{V_snort}.tar.gz
Source1:      http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
Source2:      http://switch.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
Source3:      snort.conf
Source4:      rc.snort
Source5:      fsl.snort
Source6:      snort-update.sh
Patch0:       snort.patch

#   build information
Prefix:       %{l_prefix}
BuildRoot:    %{l_buildroot}
BuildPreReq:  OpenPKG, openpkg >= 20040130, make, gcc
PreReq:       OpenPKG, openpkg >= 20040130, perl, perl-www, perl-sys, perl-comp
BuildPreReq:  libpcap, libnet, pcre
PreReq:       libpcap, libnet, pcre
%if "%{with_fsl}" == "yes"
BuildPreReq:  fsl >= 1.2.0
PreReq:       fsl >= 1.2.0
%endif
%if "%{with_mysql}" == "yes"
BuildPreReq:  mysql
PreReq:       mysql
%endif
%if "%{with_pgsql}" == "yes"
BuildPreReq:  postgresql
PreReq:       postgresql
%endif
AutoReq:      no
AutoReqProv:  no

%description
    Snort is an open source network intrusion detection system,
    capable of performing real-time traffic analysis and packet
    logging on IP networks. It can perform protocol analysis, content
    searching/matching and can be used to detect a variety of attacks
    and probes. Snort uses a flexible rules language to describe traffic
    that it should collect or pass, as well as a detection engine that
    utilizes a modular plugin architecture. Snort has a real-time
    alerting capability as well. Snort has three primary uses. It can be
    used as a straight packet sniffer like tcpdump(1), a packet logger
    (useful for network traffic debugging, etc), or as a full blown
    network intrusion detection system.

%track
    prog snort = {
        version   = %{V_snort}
        url       = http://www.snort.org/dl/
        regex     = snort-(\d+\.\d+\.\d+)\.tar\.gz
    }
    prog snort:rules = {
        version   = %{V_rules}
        url       = http://www.snort.org/pub-bin/downloads.cgi
        regex     = snortrules-pr-(\d+\.\d+)\.tar\.gz
    }
    prog snort:oinkmaster = {
        version   = %{V_oinkmaster}
        url       = http://prdownloads.sourceforge.net/oinkmaster/
        regex     = oinkmaster-(__VER__)\.tar\.gz
    }

%prep
    %setup -q
    %setup -q -D -T -a 2
    %patch -p0
    %{l_shtool} subst %{l_value -s -a} \
        src/snort.h

%build
    #   configure program
    LIBS=""
%if "%{with_pgsql}" == "yes"
    LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
%endif
    case "%{l_platform -t}" in
        *-sunos* ) LIBS="$LIBS -lresolv" ;;
    esac
    CC="%{l_cc}" \
    CFLAGS="%{l_cflags -O}" \
    CPPFLAGS="%{l_cppflags}" \
    LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
    LIBS="$LIBS %{l_fsl_libs}" \
    ./configure \
        --prefix=%{l_prefix} \
        --sysconfdir=%{l_prefix}/etc/snort \
%if "%{with_mysql}" == "yes"
        --with-mysql=%{l_prefix} \
%else
        --without-mysql \
%endif
%if "%{with_pgsql}" == "yes"
        --with-postgresql=%{l_prefix} \
%else
        --without-postgresql \
%endif
        --with-libpcap-includes=%{l_prefix}/include \
        --with-libpcap-libraries=%{l_prefix}/lib \
        --with-libnet-includes=%{l_prefix}/include \
        --with-libnet-libraries=%{l_prefix}/lib \
        --with-libpcre-includes=%{l_prefix}/include \
        --with-libpcre-libraries=%{l_prefix}/lib \
        --enable-perfmonitor

    #   build program
    %{l_make} %{l_mflags -O}

%install
    #   create installation hierarchy
    rm -rf $RPM_BUILD_ROOT
    %{l_shtool} mkdir -f -p -m 755 \
        $RPM_BUILD_ROOT%{l_prefix}/sbin \
        $RPM_BUILD_ROOT%{l_prefix}/man/man8 \
        $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
        $RPM_BUILD_ROOT%{l_prefix}/etc/snort \
        $RPM_BUILD_ROOT%{l_prefix}/share/snort \
        $RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
        $RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp

    #   install program and manual page
    %{l_shtool} install -c -s -m 755 \
        src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
    %{l_shtool} install -c -m 644 \
        snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/

    #   install default configuration
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/

    #   install default ruleset tarball
    %{l_shtool} install -c -m 644 \
        %{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
        $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz

    #   install run-command script
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/

    #   install OSSP fsl configuration
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/

    #   install optional/additional files
%if "%{with_mysql}" == "yes"
    %{l_shtool} install -c -m 644 \
        schemas/create_mysql \
        $RPM_BUILD_ROOT%{l_prefix}/share/snort/
%endif
%if "%{with_pgsql}" == "yes"
    %{l_shtool} install -c -m 644 \
        schemas/create_postgresql \
        $RPM_BUILD_ROOT%{l_prefix}/share/snort/
%endif

    #   install oinkmaster utility
    ( cd oinkmaster-%{V_oinkmaster}
      %{l_shtool} install -c -m 755 \
          -e 's;#!/usr/bin/perl;#!%{l_prefix}/bin/perl;g' \
          -e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
          oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
      %{l_shtool} install -c -m 644 \
          oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
      %{l_shtool} install -c -m 644 \
          -e 's;^\(path = \);\1%{l_prefix}/bin:;' \
          -e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
          -e 's;^\(use_external_bins = 0\);\1;' \
          -e 's;^\(skipfile snort\.conf\);# \1;' \
          oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
    ) || exit $?

    #   install rule update utility
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        -e 's;@V_rules@;%{V_rules};g' \
        %{SOURCE snort-update.sh} \
        $RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update

    #   determine installation files
    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
        %{l_files_std} \
        '%config %{l_prefix}/etc/fsl/*' \
        '%config %{l_prefix}/etc/snort/*' \
        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'

%files -f files

%clean
    rm -rf $RPM_BUILD_ROOT

%post
    if [ $1 -eq 1 ]; then
        #   display final hints on initial installation
        ( echo "Before starting Snort IDS, please set the configuration variable"
          echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
          echo "used network interface."
        ) | %{l_rpmtool} msg -b -t notice
        ( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
          echo "But this package just ships with the latest PUBLIC version of the"
          echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
          echo "This means your rules are NOT covering the latest known attacks."
          echo ""
          echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
          echo "user (see http://www.snort.org/ for details). This way you receive"
          echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
          echo "which you can configure in the file"
          echo "    $RPM_INSTALL_PREFIX/etc/rc.conf"
          echo "via the directives"
          echo "    snort_update_time=\"daily\""
          echo "    snort_update_source=\"oinkcode:XXXX...\""
          echo "to update your Snort rules in"
          echo "    $RPM_INSTALL_PREFIX/var/snort/rules/"
          echo "automatically once per day with the latest version of the"
          echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
        ) | %{l_rpmtool} msg -b -t notice
    fi

    #   trigger a ruleset update
    snort_update_source=`%{l_rc} -q snort_update_source`
    if [ ".$snort_update_source" != . ]; then
        su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
    fi

    #   after upgrade, restart service
    [ $1 -eq 2 ] || exit 0
    eval `%{l_rc} snort status 2>/dev/null`
    [ ".$snort_active" = .yes ] && %{l_rc} snort restart
    exit 0

%preun
    #   before erase, stop service and remove log files
    [ $1 -eq 0 ] || exit 0
    %{l_rc} snort stop 2>/dev/null
    rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
    rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
    rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
    rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
    rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/*   >/dev/null 2>&1 || true
    exit 0