openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93785 Commits
1 Branch
2 Tags
575 MiB
 
 
 
 
 
 
Tree: a1b60c2aa3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a1b60c2aa3'
${ noResults }
openpkg-packages/snort/snort.spec

281 lines
10 KiB
Raw Blame History

##
## snort.spec -- OpenPKG RPM Package Specification
## Copyright (c) 2000-2022 OpenPKG Project <http://openpkg.org/>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
# package version
%define V_snort 2.8.6
%define V_rules 2.4
%define V_oinkmaster 2.0
# package information
Name: snort
Summary: Network Intrusion Detection System
URL: http://www.snort.org/
Vendor: B. Caswell, M. Roesch
Packager: OpenPKG Project
Distribution: OpenPKG Community
Class: BASE
Group: Monitoring
License: GPL
Version: %{V_snort}
Release: 20100427
# package options
%option with_fsl yes
%option with_mysql no
%option with_pgsql no
# list of sources
Source0: http://dl.snort.org/snort-current/snort-%{V_snort}.tar.gz
Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
Source2: http://download.sourceforge.net/oinkmaster/oinkmaster-%{V_oinkmaster}.tar.gz
Source3: snort.conf
Source4: rc.snort
Source5: fsl.snort
Source6: snort-update.sh
Patch0: snort.patch
# build information
BuildPreReq: OpenPKG, openpkg >= 20160101, make, gcc
PreReq: OpenPKG, openpkg >= 20160101, perl, perl-www, perl-sys, perl-comp
BuildPreReq: libpcap, libnet, pcre
PreReq: libpcap, libnet, pcre
%if "%{with_fsl}" == "yes"
BuildPreReq: fsl
PreReq: fsl
%endif
%if "%{with_mysql}" == "yes"
BuildPreReq: mysql
PreReq: mysql
%endif
%if "%{with_pgsql}" == "yes"
BuildPreReq: postgresql
PreReq: postgresql
%endif
%description
Snort is an open source network intrusion detection system,
capable of performing real-time traffic analysis and packet
logging on IP networks. It can perform protocol analysis, content
searching/matching and can be used to detect a variety of attacks
and probes. Snort uses a flexible rules language to describe traffic
that it should collect or pass, as well as a detection engine that
utilizes a modular plugin architecture. Snort has a real-time
alerting capability as well. Snort has three primary uses. It can be
used as a straight packet sniffer like tcpdump(1), a packet logger
(useful for network traffic debugging, etc), or as a full blown
network intrusion detection system.
%track
prog snort = {
version = %{V_snort}
url = http://www.snort.org/downloads
regex = snort-(\d+\.\d+\.\d+(\.\d+)*)\.tar\.gz
}
prog snort:rules = {
version = %{V_rules}
url = http://www.snort.org/pub-bin/downloads.cgi
regex = snortrules-pr-(\d+\.\d+)\.tar\.gz
}
prog snort:oinkmaster = {
version = %{V_oinkmaster}
url = http://sourceforge.net/projects/oinkmaster/files/
regex = oinkmaster-(__VER__)\.tar\.gz
}
%prep
%setup -q
%setup -q -D -T -a 2
%patch -p0
%{l_shtool} subst %{l_value -s -a} \
src/snort.h
%build
# configure program
LIBS=""
%if "%{with_pgsql}" == "yes"
LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
%endif
case "%{l_platform -t}" in
*-sunos* ) LIBS="$LIBS -lresolv" ;;
esac
CC="%{l_cc}" \
CFLAGS="%{l_cflags -O}" \
CPPFLAGS="%{l_cppflags}" \
LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
LIBS="$LIBS %{l_fsl_libs}" \
./configure \
--prefix=%{l_prefix} \
--sysconfdir=%{l_prefix}/etc/snort \
%if "%{with_mysql}" == "yes"
--with-mysql=%{l_prefix} \
%else
--without-mysql \
%endif
%if "%{with_pgsql}" == "yes"
--with-postgresql=%{l_prefix} \
%else
--without-postgresql \
%endif
--with-libpcap-includes=%{l_prefix}/include \
--with-libpcap-libraries=%{l_prefix}/lib \
--with-libnet-includes=%{l_prefix}/include \
--with-libnet-libraries=%{l_prefix}/lib \
--with-libpcre-includes=%{l_prefix}/include \
--with-libpcre-libraries=%{l_prefix}/lib \
--enable-perfmonitor
# build program
%{l_make} %{l_mflags}
%install
# create installation hierarchy
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/sbin \
$RPM_BUILD_ROOT%{l_prefix}/man/man8 \
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
$RPM_BUILD_ROOT%{l_prefix}/etc/snort \
$RPM_BUILD_ROOT%{l_prefix}/share/snort \
$RPM_BUILD_ROOT%{l_prefix}/var/snort/rules \
$RPM_BUILD_ROOT%{l_prefix}/var/snort/tmp
# install program and manual page
%{l_shtool} install -c -s -m 755 \
src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
%{l_shtool} install -c -m 644 \
snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
# install default configuration
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
# install default ruleset tarball
%{l_shtool} install -c -m 644 \
%{SOURCE snortrules-pr-%{V_rules}.tar.gz} \
$RPM_BUILD_ROOT%{l_prefix}/share/snort/rules.tar.gz
# install run-command script
%{l_shtool} install -c -m 755 %{l_value -s -a} \
%{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
# install OSSP fsl configuration
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE fsl.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
# install optional/additional files
%if "%{with_mysql}" == "yes"
%{l_shtool} install -c -m 644 \
schemas/create_mysql \
$RPM_BUILD_ROOT%{l_prefix}/share/snort/
%endif
%if "%{with_pgsql}" == "yes"
%{l_shtool} install -c -m 644 \
schemas/create_postgresql \
$RPM_BUILD_ROOT%{l_prefix}/share/snort/
%endif
# install oinkmaster utility
( cd oinkmaster-%{V_oinkmaster}
%{l_shtool} install -c -m 755 \
-e 's;#!/usr/bin/perl;#!%{l_prefix}/bin/perl;g' \
-e 's;/etc/oinkmaster\.conf;%{l_prefix}/etc/snort/oinkmaster.conf;' \
oinkmaster.pl $RPM_BUILD_ROOT%{l_prefix}/sbin/oinkmaster
%{l_shtool} install -c -m 644 \
oinkmaster.1 $RPM_BUILD_ROOT%{l_prefix}/man/man8/oinkmaster.8
%{l_shtool} install -c -m 644 \
-e 's;^\(path = \);\1%{l_prefix}/bin:;' \
-e 's;^# tmpdir = /home/oinkmaster/tmp/;tmpdir = %{l_prefix}/var/snort/tmp;' \
-e 's;^\(use_external_bins = 0\);\1;' \
-e 's;^\(skipfile snort\.conf\);# \1;' \
oinkmaster.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
) || exit $?
# install rule update utility
%{l_shtool} install -c -m 755 %{l_value -s -a} \
-e 's;@V_rules@;%{V_rules};g' \
%{SOURCE snort-update.sh} \
$RPM_BUILD_ROOT%{l_prefix}/sbin/snort-update
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
'%config %{l_prefix}/etc/fsl/*' \
'%config %{l_prefix}/etc/snort/*' \
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort' \
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/rules' \
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort/tmp'
%files -f files
%clean
%post
if [ $1 -eq 1 ]; then
# display final hints on initial installation
( echo "Before starting Snort IDS, please set the configuration variable"
echo "\"snort_if\" in $RPM_INSTALL_PREFIX/etc/rc.conf to the name of the"
echo "used network interface."
) | %{l_rpmtool} msg -b -t notice
( echo "To use Snort as an IDS, its rules HAVE to be ALWAYS up to date."
echo "But this package just ships with the latest PUBLIC version of the"
echo "\"Sourcefire VRT Certified Rules\" for UNREGISTERED Snort users."
echo "This means your rules are NOT covering the latest known attacks."
echo ""
echo "Hence, we strongly recommend to become at least a REGISTERED Snort"
echo "user (see http://www.snort.org/ for details). This way you receive"
echo "a so-called \"oinkcode\" (a sequence of 40 hexadecimal numbers)"
echo "which you can configure in the file"
echo " $RPM_INSTALL_PREFIX/etc/rc.conf"
echo "via the directives"
echo " snort_update_time=\"daily\""
echo " snort_update_source=\"oinkcode:XXXX...\""
echo "to update your Snort rules in"
echo " $RPM_INSTALL_PREFIX/var/snort/rules/"
echo "automatically once per day with the latest version of the"
echo "\"Sourcefire VRT Certified Rules\" for REGISTERED Snort users."
) | %{l_rpmtool} msg -b -t notice
fi
# trigger a ruleset update
snort_update_source=`%{l_rc} -q snort_update_source`
if [ ".$snort_update_source" != . ]; then
su - %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/snort-update \"$snort_update_source\""
fi
# after upgrade, restart service
[ $1 -eq 2 ] || exit 0
eval `%{l_rc} snort status 2>/dev/null`
[ ".$snort_active" = .yes ] && %{l_rc} snort restart
exit 0
%preun
# before erase, stop service and remove log files
[ $1 -eq 0 ] || exit 0
%{l_rc} snort stop 2>/dev/null
rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/snort/rules/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/snort/tmp/* >/dev/null 2>&1 || true
exit 0