[Snort-users] RPM packages for snort-2.0.2 are available

Florin Andrei florin at ...3506...
Mon Sep 22 19:20:05 EDT 2003


Forgot to mention:

1. Is it ok to leve the signatures files in /etc/snort/signatures, or
should i move them to /usr/share/doc/snort*/signatures ?

2. The /etc/logrotate.d/snort script actually kills / restart snort. It
does that to prevent the -HUP issue when running snort as non-root.
If you run snort as root, then in that script replace condrestart with
reload.

3. If you wanna run snort with other command-line parameters, don't edit
/etc/init.d/snort. Instead, edit /etc/sysconfig/snort, because that's
the file that has those parameters.

On Mon, 2003-09-22 at 15:44, Florin Andrei wrote:
> ftp://andrei.myip.org/snort/
> 
> Ok, i lied. :-) At the URL above you won't find the RPM packages proper,
> but instead you'll find all you need to build the RPMs yourself. Just
> untar the archive, read the README, and run a few commands.
> The README includes a HOWTO For Dummies on how to build the packages, so
> don't worry, it's very easy. :-) (see the README below)
> 
> The spec file included in the kit is very flexible. It allows you to
> customize the RPM without editing/changing the spec, but instead you
> only have to specify some --define's when building the RPM. (see the
> README below)
> 
> Suggestion to the Sourcefire guys: If you include the files from this
> kit in the next Snort tarball, the users will be able to build their own
> RPMs directly from the tarball, with the command:
> 
> rpmbuild -tb snort......tar.gz
> 
> Or for the more sophisticated:
> 
> rpmbuild -tb --define 'with_mysql 1' snort.......tar.gz
> 
> Then you would only have to update the %{version} variable in the spec
> before each release.
> 
> I tested the spec on Red Hat 9, but it should work well on almost all
> RPM-based distributions.
> 
> For your convenience, i copy/pasted the README here:
> 
> #######################################################
> 
> In order to build your own Snort RPM package, you need the "official"
> Snort tarball plus the files contained in this archive (the "RPM kit").
>  
> HOWTO Build A Snort RPM Package For Dummies:
>  
> 1. Download and untar this tarball (the RPM kit)
>  
> 2. Download the Snort tarball from snort.org (but do NOT untar it!)
>  
> 3. Find the main RPM directory in your system. On Red Hat, it should be
> /usr/src/redhat. On other distributions, the path may be different. cd
> to that directory.
> If you run ls in this directory, you'll see the following subdirs:
> BUILD  RPMS  SOURCES  SPECS  SRPMS
>  
> 4. Copy the Snort tarball to the SOURCES subdir.
>  
> 5. Copy all files from the RPM kit tarball to the SOURCES subdir, with
> the exception of snort.spec and this README.
>  
> 6. Copy snort.spec from the RPM kit to the SPECS subdir.
>  
> 7. cd to the SPECS subdir
>  
> 8. Edit snort.spec and take a look at the beginning. The version in the
> spec file should match the version of the Snort tarball (currently it's
> 2.0.2). If the spec file doesn't match the tarball, edit the version on
> the second line in the spec.
>  
> 9. Build your own RPM package with this command:
>  
> rpmbuild -bb snort.spec
>  
> or
>  
> rpm -bb snort.spec #(this works with older RPM versions)
>  
> After it's finished, look at the last messages, you should see the
> location of the binary RPM package displayed. Grab it and install it.
>  
> Done!
>  
> ##########################################################
>                                                                                 
> Some notes on the RPM build options provided by this spec file:
>                                                                             
> The spec file included in this RPM kit is "smart". That means, it
> allows you to customize the build options without making any changes to
> the spec file itself.
> For example, it allows you to specify MySQL support, ODBC support,
> Oracle support, or to enable FlexResp, etc.
> It even lets you specify the MySQL directory, in case you installed the
> database in a non-standard location.
>  
> Examples:
>  
> rpmbuild -bb --define 'with_mysql 1' snort.spec
> ...will build a Snort RPM package with MySQL support.
>  
> rpmbuild -bb --define 'with_mysql 1' \
>     --define 'with_mysql_dir /opt/mysql' snort.spec
> ...will build Snort with MySQL support using /opt/mysql as a MySQL path
>  
> If you don't specify --define 'with_mysql_dir /opt/mysql' then the spec
> file will let Snort decide and autodetect the MySQL location. This
> option will be ignored if you don't specify --define 'with_mysql 1'.
>  
> You can take a look at the spec file to see what are the options that
> are currently supported. For your convenience, here is the complete list
> of --define options that are supported (don't try this full command, it
> may not work, it's displayed for informative purposed only and it
> doesn't makes sense anyway to use all that stuff together):
>  
> rpmbuild -bb \
>         --define 'with_sourcefire 1' \
>         --define 'with_perfmonitor 1' \
>         --define 'with_smbalerts 1' \
>         --define 'with_linux_smp_stats 1' \
>         --define 'with_flexresp 1' \
>         --define 'with_mysql 1' \
>         --define 'with_mysql_dir /some/custom/dir' \
>         --define 'with_odbc 1' \
>         --define 'with_odbc_dir /some/custom/dir' \
>         --define 'with_postgresql 1' \
>         --define 'with_postgresql_dir /some/custom/dir' \
>         --define 'with_oracle 1' \
>         --define 'with_oracle_dir /some/custom/dir' \
>         snort.spec
>                                                                                 
> There are some other things that can be tweaked with --define (see
> spec) but the implementation is not complete: if you use those, you'll
> have to adjust some other scripts contained in the RPM kit.
>  
> If you want to optimize your RPM package for newer processors, use the
> --target option:
>  
> rpmbuild -bb --target=i686 snort.spec
> rpmbuild -bb --target=athlon snort.spec
>  
> If you replace -bb with -ba, a .src.rpm will be built as well.
> 
> #########################################################
-- 
Florin Andrei

http://florin.myip.org/





More information about the Snort-users mailing list