Summary: Intrusion detection system Name: snort Version: 2.4.5 Release: 1 License: GPL Packager: Scott R. Shinn Group: Applications/Internet Source0: http://www.snort.org/dl/current/snort-%{version}.tar.gz Source1: snortd Source2: README.fedora Patch0: snort-2.4.3-configure64.patch Url: http://www.snort.org BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Prefix: /usr Requires: libpcap >= 0.4 %if "%{?fedora}" <= "5" BuildRequires: libpcap >= 0.4 %else BuildRequires: libpcap-devel >= 0.4 %endif BuildRequires: perl BuildRequires: pcre-devel %package plain+flexresp Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} Requires: libnet10 BuildRequires: libnet10 %package mysql Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} BuildRequires: mysql-devel %package mysql+flexresp Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} Requires: libnet10 BuildRequires: libnet10 BuildRequires: mysql-devel %package postgresql Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} BuildRequires: postgresql-devel %package postgresql+flexresp Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} Requires: libnet10 BuildRequires: libnet10 BuildRequires: postgresql-devel %package snmp Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} BuildRequires: net-snmp-devel BuildRequires: openssl-devel %package snmp+flexresp Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} Requires: libnet10 BuildRequires: libnet10 BuildRequires: net-snmp-devel BuildRequires: openssl-devel %package bloat Summary: Snort with Flexible Response Group: Applications/Internet Requires: %{name} = %{version}-%{release} Requires: libnet10 BuildRequires: libnet10 BuildRequires: net-snmp-devel BuildRequires: postgresql-devel BuildRequires: mysql-devel BuildRequires: openssl-devel %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a seperate "alert" file, or as a WinPopup message via Samba's smbclient Edit %{_sysconfdir}/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in %{_docdir}/%{name}-%{version} There are no rules in this package the license they are released under forbids us from repackaging them and redistributing them. %description plain+flexresp Snort compiled with flexresp support. Requires libnet rpm. %description mysql Snort compiled with mysql support. %description mysql+flexresp Snort compiled with mysql+flexresp support. Requires libnet rpm. %description postgresql Snort compiled with postgresql support. %description postgresql+flexresp Snort compiled with postgresql+flexresp support. Requires snort rpm. %description snmp Snort compiled with snmp support. Currently a bit buggy in packaging. If anyone can figure out why --enable-snmp pulls in everything else, let me know %description snmp+flexresp Snort compiled with snmp+flexresp support. Requires libnet rpm. Currently a bit buggy in packaging. If anyone can figure out why --enable-snmp pulls in everything else, let me know %description bloat Snort compiled with snmp+flexresp+mysql+postgresql support. Requires libnet rpm. %prep %setup -q %patch0 -p1 -b .config cp %{SOURCE2} doc/ %build SNORT_BASE_CONFIG="--prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir} \ --with-libpcap-includes=/usr/include/pcap \ --enable-dynamicplugin" export LDFLAGS=-L/usr/lib64/mysql # there are some strange configure errors # when not doing a distclean between major builds. # plain { %configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no make mv src/snort snort-plain mv src/dynamic-plugins/sf_engine/.libs/libsf_engine.so* . mv src/dynamic-preprocessors/build/usr/lib/snort_dynamicpreprocessor . make clean } # plain+flexresp { %configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --enable-flexresp make mv src/snort snort-plain+flexresp make clean } # mysql+flexresp { %configure $SNORT_BASE_CONFIG --with-mysql=yes \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --enable-flexresp make mv src/snort snort-mysql+flexresp make clean } # mysql { %configure $SNORT_BASE_CONFIG --with-mysql=yes \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no make mv src/snort snort-mysql make clean } # postgresql+flexresp { %configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=yes \ --with-oracle=no \ --with-odbc=no \ --enable-flexresp make mv src/snort snort-postgresql+flexresp make clean } # postgresql { %configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=yes \ --with-oracle=no \ --with-odbc=no make mv src/snort snort-postgresql make clean } # snmp { %configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --with-snmp=/usr \ --with-openssl make mv src/snort snort-snmp make clean } # snmp+flexresp { %configure $SNORT_BASE_CONFIG --with-mysql=no \ --with-postgresql=no \ --with-oracle=no \ --with-odbc=no \ --with-snmp \ --enable-flexresp \ --with-openssl make mv src/snort snort-snmp+flexresp make clean } # bloat { %configure $SNORT_BASE_CONFIG --with-mysql=yes \ --with-postgresql=yes \ --with-oracle=no \ --with-odbc=no \ --with-snmp \ --enable-flexresp \ --with-openssl make mv src/snort snort-bloat make clean } #remove Makefile stuff from docs rm doc/Makefile* %install if [ -d %{buildroot} ]; then rm -rf %{buildroot} fi mkdir -p %{buildroot}%{_sysconfdir}/snort mkdir -p %{buildroot}/var/log/snort mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}/etc/rc.d/init.d mkdir -p %{buildroot}%{_mandir}/man8 mkdir -p %{buildroot}%{_libdir}/snort/dynamicpreprocessor/ { install snort-plain %{buildroot}%{_sbindir}/snort-plain install snort-plain+flexresp %{buildroot}%{_sbindir}/snort-plain+flexresp install snort-mysql %{buildroot}%{_sbindir}/snort-mysql install snort-mysql+flexresp %{buildroot}%{_sbindir}/snort-mysql+flexresp install snort-postgresql %{buildroot}%{_sbindir}/snort-postgresql install snort-postgresql+flexresp %{buildroot}%{_sbindir}/snort-postgresql+flexresp install snort-snmp %{buildroot}%{_sbindir}/snort-snmp install snort-snmp+flexresp %{buildroot}%{_sbindir}/snort-snmp+flexresp install snort-bloat %{buildroot}%{_sbindir}/snort-bloat install libsf_engine.so %{buildroot}%{_libdir}/snort/dynamicengine install libsf_engine.so.0 %{buildroot}%{_libdir}/snort/dynamicengine install libsf_engine.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicengine install snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_smtp_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_dns_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_dns_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor install snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor } install snort.8 %{buildroot}%{_mandir}/man8 install etc/generators etc/gen-msg.map etc/sid etc/sid-msg.map etc/threshold.conf etc/unicode.map etc/reference.config etc/classification.config etc/snort.conf %{buildroot}%{_sysconfdir}/snort install %{SOURCE1} %{buildroot}/etc/rc.d/init.d perl -pi -e 's!var RULE_PATH ../rules!var RULE_PATH %{_sysconfdir}!' %{buildroot}%{_sysconfdir}/snort/snort.conf perl -pi -e 's!dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/!dynamicpreprocessor directory %{_libdir}/snort/dynamicpreprocessor/!' %{buildroot}%{_sysconfdir}/snort/snort.conf perl -pi -e 's!dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so!dynamicengine %{_libdir}/dynamicengine/libsf_engine.so!' %{buildroot}%{_sysconfdir}/snort/snort.conf %clean if [ -d %{buildroot} ]; then rm -rf %{buildroot} fi %post # make a symlink if there is no link ln -sf %{_sbindir}/snort-plain %{_sbindir}/snort /sbin/chkconfig --add snortd /sbin/ldconfig %preun /etc/rc.d/init.d/snortd stop if [ $1 = 0 ] ; then /sbin/chkconfig --del snortd if [ -L %{_sbindir}/snort ]; then rm %{_sbindir}/snort; fi fi %post plain+flexresp if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-plain+flexresp %{_sbindir}/snort; fi %post mysql if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-mysql %{_sbindir}/snort; fi %post mysql+flexresp if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-mysql+flexresp %{_sbindir}/snort; fi %post postgresql if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-postgresql %{_sbindir}/snort; fi %post postgresql+flexresp if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-postgresql+flexresp %{_sbindir}/snort; fi %post snmp if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-snmp %{_sbindir}/snort; fi %post snmp+flexresp if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-snmp+flexresp %{_sbindir}/snort; fi %post bloat if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-bloat %{_sbindir}/snort; fi %files %defattr(-,root,root) %doc doc/* schemas/create_mysql schemas/create_postgresql %attr(755,root,root) %{_sbindir}/snort-plain # handle compressed man pages. %attr(755,root,root) %{_mandir}/man8/snort.8* %attr(755,root,root) %dir /var/log/snort %attr(644,root,root) %config %{_sysconfdir}/snort %attr(755,root,root) /etc/rc.d/init.d/snortd %{_libdir}/snort %files plain+flexresp %attr(755,root,root) %{_sbindir}/snort-plain+flexresp %files mysql %attr(755,root,root) %{_sbindir}/snort-mysql %files mysql+flexresp %attr(755,root,root) %{_sbindir}/snort-mysql+flexresp %files postgresql %attr(755,root,root) %{_sbindir}/snort-postgresql %files postgresql+flexresp %attr(755,root,root) %{_sbindir}/snort-postgresql+flexresp %files snmp %attr(755,root,root) %{_sbindir}/snort-snmp %files snmp+flexresp %attr(755,root,root) %{_sbindir}/snort-snmp+flexresp %files bloat %attr(755,root,root) %{_sbindir}/snort-bloat %changelog * Tue Dec 12 2006 Scott R. SHinn - 2.6.1.1-1 - update to 2.6.1.1 * Mon Oct 09 2006 Dennis Gilmore - 2.6.0.2-2 - disable smp as it breaks build on the buildsys * Sun Oct 08 2006 Dennis Gilmore - 2.6.0.2-1 - Update to 2.6.0.2 - Realy add dynamic plugin - Make config know where the dynamic plugin is installed - add sql schema files to doc * Thu Jul 27 2006 Dennis Gilmore - 2.6.0-3 - add dynamic plugin * Mon Jun 12 2006 Dennis Gilmore - 2.6.0-2 - Fix BR for devel * Thu Jun 08 2006 Dennis Gilmore - 2.6.0-1 - Update to 2.6.0 * Fri Jun 02 2006 Dennis Gilmore - 2.4.4-4 - fix CVE-2006-2769 Snort URIContent Rules Detection Evasion Vulnerability - fix bug #190102 * Fri Mar 31 2006 Dennis Gilmore - 2.4.4-3 - make initscript not a config file - own /etc/snort * Wed Mar 29 2006 Dennis Gilmore - 2.4.4-2 - Add fedora README - do make clean to make sure that each configure runs properly * Thu Mar 09 2006 Dennis Gilmore - 2.4.4-1 - Update to 2.4.4 - Fixes CVE-2006-0839 * Thu Feb 16 2006 Dennis Gilmore - 2.4.3-1 - Updated to 2.4.3 * Tue Apr 01 2003 Phillip Compton 0:2.0.0-0.fdr.0.1.rc4 - Updated to 2.0.0rc4 - Fedorafied spec * Wed Sep 25 2002 Chris Green - updated to 1.9.0 * Tue Nov 6 2001 Chris Green - merged in Hugo's changes - updated to 1.8.3 - fixing symlinks on upgrades * Tue Nov 6 2001 Hugo van der Kooij - added libpcap to the list as configure couldn't find it on RedHat 7.2 - added several packages to the build requirements * Fri Nov 2 2001 Chris Green - updated to 1.8.2-RELEASE - adding SQL defines - created tons of packages so that all popular snort configs are accounted for * Sat Aug 18 2001 Chris Green - 1.8.1-RELEASE - cleaned up enough to release to general public * Tue May 8 2001 Chris Green - moved to 1.8cvs - changed rules files - removed initial configuration * Mon Nov 27 2000 Chris Green - removed strip - upgrade to cvs version - moved /var/snort/dev/null creation to install time * Tue Nov 21 2000 Chris Green - changed to %{SnortPrefix} - upgrade to patch2 * Mon Jul 31 2000 Wim Vandersmissen - Integrated the -t (chroot) option and build a /home/snort chroot jail - Installs a statically linked/stripped snort - Updated /etc/rc.d/init.d/snortd to work with the chroot option * Tue Jul 25 2000 Wim Vandersmissen - Added some checks to find out if we're upgrading or removing the package * Sat Jul 22 2000 Wim Vandersmissen - Updated to version 1.6.3 - Fixed the user/group stuff (moved to %post) - Added userdel/groupdel to %postun - Automagically adds the right IP, nameservers to %{_sysconfdir}/rules.base * Sat Jul 08 2000 Dave Wreski - Updated to version 1.6.2 - Removed references to xntpd - Fixed minor problems with snortd init script * Fri Jul 07 2000 Dave Wreski - Updated to version 1.6.1 - Added user/group snort * Sat Jun 10 2000 Dave Wreski - Added snort init.d script (snortd) - Added Dave Dittrich's snort rules header file (ruiles.base) - Added Dave Dittrich's wget rules fetch script (check-snort) - Fixed permissions on /var/log/snort - Created /var/log/snort/archive for archival of snort logs - Added post/preun to add/remove snortd to/from rc?.d directories - Defined configuration files as %config * Tue Mar 28 2000 William Stearns - Quick update to 1.6. - Sanity checks before doing rm-rf in install and clean * Fri Dec 10 1999 Henri Gomez - 1.5-0 Initial RPM release