[Snort-users] RPM packages for snort-2.0.2 are available

Florin Andrei florin at ...3506...
Mon Sep 22 15:45:12 EDT 2003


ftp://andrei.myip.org/snort/

Ok, i lied. :-) At the URL above you won't find the RPM packages proper,
but instead you'll find all you need to build the RPMs yourself. Just
untar the archive, read the README, and run a few commands.
The README includes a HOWTO For Dummies on how to build the packages, so
don't worry, it's very easy. :-) (see the README below)

The spec file included in the kit is very flexible. It allows you to
customize the RPM without editing/changing the spec, but instead you
only have to specify some --define's when building the RPM. (see the
README below)

Suggestion to the Sourcefire guys: If you include the files from this
kit in the next Snort tarball, the users will be able to build their own
RPMs directly from the tarball, with the command:

rpmbuild -tb snort......tar.gz

Or for the more sophisticated:

rpmbuild -tb --define 'with_mysql 1' snort.......tar.gz

Then you would only have to update the %{version} variable in the spec
before each release.

I tested the spec on Red Hat 9, but it should work well on almost all
RPM-based distributions.

For your convenience, i copy/pasted the README here:

#######################################################

In order to build your own Snort RPM package, you need the "official"
Snort tarball plus the files contained in this archive (the "RPM kit").
 
HOWTO Build A Snort RPM Package For Dummies:
 
1. Download and untar this tarball (the RPM kit)
 
2. Download the Snort tarball from snort.org (but do NOT untar it!)
 
3. Find the main RPM directory in your system. On Red Hat, it should be
/usr/src/redhat. On other distributions, the path may be different. cd
to that directory.
If you run ls in this directory, you'll see the following subdirs:
BUILD  RPMS  SOURCES  SPECS  SRPMS
 
4. Copy the Snort tarball to the SOURCES subdir.
 
5. Copy all files from the RPM kit tarball to the SOURCES subdir, with
the exception of snort.spec and this README.
 
6. Copy snort.spec from the RPM kit to the SPECS subdir.
 
7. cd to the SPECS subdir
 
8. Edit snort.spec and take a look at the beginning. The version in the
spec file should match the version of the Snort tarball (currently it's
2.0.2). If the spec file doesn't match the tarball, edit the version on
the second line in the spec.
 
9. Build your own RPM package with this command:
 
rpmbuild -bb snort.spec
 
or
 
rpm -bb snort.spec #(this works with older RPM versions)
 
After it's finished, look at the last messages, you should see the
location of the binary RPM package displayed. Grab it and install it.
 
Done!
 
##########################################################
                                                                                
Some notes on the RPM build options provided by this spec file:
                                                                            
The spec file included in this RPM kit is "smart". That means, it
allows you to customize the build options without making any changes to
the spec file itself.
For example, it allows you to specify MySQL support, ODBC support,
Oracle support, or to enable FlexResp, etc.
It even lets you specify the MySQL directory, in case you installed the
database in a non-standard location.
 
Examples:
 
rpmbuild -bb --define 'with_mysql 1' snort.spec
...will build a Snort RPM package with MySQL support.
 
rpmbuild -bb --define 'with_mysql 1' \
    --define 'with_mysql_dir /opt/mysql' snort.spec
...will build Snort with MySQL support using /opt/mysql as a MySQL path
 
If you don't specify --define 'with_mysql_dir /opt/mysql' then the spec
file will let Snort decide and autodetect the MySQL location. This
option will be ignored if you don't specify --define 'with_mysql 1'.
 
You can take a look at the spec file to see what are the options that
are currently supported. For your convenience, here is the complete list
of --define options that are supported (don't try this full command, it
may not work, it's displayed for informative purposed only and it
doesn't makes sense anyway to use all that stuff together):
 
rpmbuild -bb \
        --define 'with_sourcefire 1' \
        --define 'with_perfmonitor 1' \
        --define 'with_smbalerts 1' \
        --define 'with_linux_smp_stats 1' \
        --define 'with_flexresp 1' \
        --define 'with_mysql 1' \
        --define 'with_mysql_dir /some/custom/dir' \
        --define 'with_odbc 1' \
        --define 'with_odbc_dir /some/custom/dir' \
        --define 'with_postgresql 1' \
        --define 'with_postgresql_dir /some/custom/dir' \
        --define 'with_oracle 1' \
        --define 'with_oracle_dir /some/custom/dir' \
        snort.spec
                                                                                
There are some other things that can be tweaked with --define (see
spec) but the implementation is not complete: if you use those, you'll
have to adjust some other scripts contained in the RPM kit.
 
If you want to optimize your RPM package for newer processors, use the
--target option:
 
rpmbuild -bb --target=i686 snort.spec
rpmbuild -bb --target=athlon snort.spec
 
If you replace -bb with -ba, a .src.rpm will be built as well.

#########################################################

-- 
Florin Andrei

http://florin.myip.org/





More information about the Snort-users mailing list