[Snort-devel] Enhanced SPEC-file for snort 1.8 (WITH attachement)

Dag Wieers dag at ...518...
Wed Jul 11 20:11:03 EDT 2001


Hi,

I improved the SPEC-file of Wim Vandersmissen a bit to reflect the changes
to snort 1.8 and made it use more macros (much cleaner).

Is it possible to add this SPEC-file to the tarball in future releases ?
So one can easily build RPM-files by issuing:

	rpm -ta --target=i686 <tarball>

which renders source-packages quite useless. (The SPEC-file needs to be
changed to do so though)

PS I've got these packages for Red hat 7.1 at:

	ftp://dag.wieers.com/home-made/

-- dag wieers, dag at ...518... / dag at ...519..., http://dag.wieers.com/ --
   «Onder voorbehoud van hetgeen niet uitdrukkelijk wordt erkend.»

-------------- next part --------------
%define _sysconfdir /etc/snort
%define _bindir /usr/sbin

Summary: Lightweight network intrusion detection system
Name: snort
Version: 1.8
Release: dag.1
Copyright: GPL
Group: Applications/Internet
Source0: http://www.snort.org/Files/%{name}-%{version}-RELEASE.tar.gz
Source1: snort-stat
Source2: snortlog
Source4: snortd
Source5: snort.conf.dist
Source6: snort.conf
Url: http://www.snort.org/
BuildRoot: %{_tmppath}/%{name}-%{version}
Prefix: %{_prefix}
Packager: Dag Wieers <dag at wieers.com>
Requires: libpcap >= 0.4
BuildRequires: libpcap >= 0.4

%description
Snort is a libpcap-based packet sniffer/logger which 
can be used as a lightweight network intrusion detection system. 

It features rules based logging and can perform protocol analysis, 
content searching/matching and can be used to detect a variety of 
attacks and probes, such as buffer overflows, stealth port scans, 
CGI attacks, SMB probes, OS fingerprinting attempts, and much more. 

Snort has a real-time alerting capabilty, with alerts being sent to syslog, 
a seperate "alert" file, or as a WinPopup message via Samba's smbclient

%prep
%setup -q -n %{name}-%{version}-RELEASE

%build
%configure --enable-smbalerts
make

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/etc/rc.d/init.d \
	%{buildroot}%{_sysconfdir} \
	%{buildroot}%{_localstatedir}/log/snort/archive
%makeinstall
install *.rules %{buildroot}%{_sysconfdir}
install %{SOURCE1} %{buildroot}%{_bindir}
install %{SOURCE2} %{buildroot}%{_bindir}
install %{SOURCE4} %{buildroot}/etc/rc.d/init.d
install %{SOURCE6} %{buildroot}/etc/snort

%clean
rm -rf %{buildroot}
						
%post
#don't do all this stuff if we are upgrading
if [ $1 = 1 ] ; then
  useradd -M -r -d /var/log/snort -s /bin/false -c "Snort" snort 2> /dev/null || true
  groupadd -r snort 2> /dev/null || true
  /sbin/chkconfig --add snortd
fi
#this only works on redhat ;/
perl -e 'open(f,"/etc/sysconfig/network-scripts/ifcfg-eth0");
         while(<f>){if  (/IPADDR=(.*)/) {$internal=$1;}};close(f);
         open(f,"/etc/resolv.conf");
         while(<f>){if (/nameserver(.*)/) {$dns=$1;$dns=~s/[ ]+//g;
	 $dns.="/32,"; push(@dns,$dns);}} close(f);
	 $dns[$#dns]=~s/,$//g;
         open(f,">/etc/snort/snort.conf");
         print f "var HOME_NET $internal/32\nvar EXTERNAL_NET any\nvar DNS_SERVERS ";
	 print f "[";
         foreach (@dns) {print f "$_";}
	 print f "]";
         print f "\n\npreprocessor defrag\npreprocessor http_decode: 80 8080\npreprocessor portscan: \$HOME_NET 4 3 /var/log/snort/portscan.log\npreprocessor portscan-ignorehosts: \$DNS_SERVERS\n\n";
         close(f);'

echo -e "
Be sure to fetch the latest snort rules file from the ArachNIDS
database by Max Vision, or the one available from the snort.org web
site.

The snortlog and snort-stat perl scripts can be used to generate
statistics from the snort syslog entries.

Snort is currently configured to listen only on eth0, and uses the
default rulesets. If this is not correct for your 
system, edit /etc/rc.d/init.d/snortd and /etc/snort/snort.conf

A \"snort\" user and group have been created for snort to run as
instead of running as root.

Built by: Dave Wreski <dave at linuxsecurity.com>,
          Wim Vandersmissen <wim at bofh.be> and
          Dag Wieers <dag at wieers.com>
"

%preun
/etc/rc.d/init.d/snortd stop
if [ $1 = 0 ] ; then
  /sbin/chkconfig --del snortd
fi

%postun
#only if we are removing, not upgrading..
if [ $1 = 0 ] ; then
  userdel snort 2> /dev/null || true
  groupdel snort 2> /dev/null || true
fi

%files
%defattr(-,root,root)
%doc AUTHORS BUGS COPYING CREDITS ChangeLog INSTALL LICENSE NEWS README* USAGE %{sourcedir}/snort.conf.dist
%attr(755,root,root) %{_sbindir}/*
%attr(750,root,root) /etc/rc.d/init.d/snortd
%attr(640,snort,wheel) %config(noreplace) %{_sysconfdir}/snort.conf
%attr(640,snort,wheel) %config %{_sysconfdir}/*.rules
%attr(750,snort,wheel) %dir %{_localstatedir}/log/snort
%attr(750,snort,wheel) %dir %{_localstatedir}/log/snort/archive

%changelog
* Tue Jul 10 2001 Dag Wieers <dag at wieers.com>
- Updated to version 1.8
- Made more use of macros (as preferred)
- Added snort.conf as a seperate file

* Sat Jan 06 2001 Wim Vandersmissen <wim at bofh.be>
- Updated to version 1.7
- Some minor changes to snort.conf (uses default ruleset instead of vision rules)

* Tue Jul 25 2000 Wim Vandersmissen <wim at bofh.st>
- Added some checks to find out if we're upgrading or removing the package

* Sat Jul 22 2000 Wim Vandersmissen <wim at bofh.st>
- Updated to version 1.6.3
- Fixed the user/group stuff (moved to %post)
- Added userdel/groupdel to %postun
- Automagically adds the right IP, nameservers to /etc/snort/rules.base

* Sat Jul 08 2000 Dave Wreski <dave at linuxsecurity.com>
- Updated to version 1.6.2
- Removed references to xntpd
- Fixed minor problems with snortd init script

* Fri Jul 07 2000 Dave Wreski <dave at linuxsecurity.com>
- Updated to version 1.6.1
- Added user/group snort

* Sat Jun 10 2000 Dave Wreski <dave at linuxsecurity.com>
- Added snort init.d script (snortd)
- Added Dave Dittrich's snort rules header file (ruiles.base)
- Added Dave Dittrich's wget rules fetch script (check-snort)
- Fixed permissions on /var/log/snort
- Created /var/log/snort/archive for archival of snort logs
- Added post/preun to add/remove snortd to/from rc?.d directories
- Defined configuration files as %config

* Tue Mar 28 2000 William Stearns <wstearns at pobox.com>
- Quick update to 1.6.
- Sanity checks before doing rm-rf in install and clean

* Fri Dec 10 1999 Henri Gomez <gomez at slib.fr>
- 1.5-0 Initial RPM release


More information about the Snort-devel mailing list