Home Explore Help
Register Sign In
vinelinux
/
specs
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 2966eec886
Branches Tags
specs
/
s
/
snort
/
snort-vl.spec

snort-vl.spec 7.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223 
  1. Summary: packet-sniffer/logger
    2. 

  2. Name: snort
    3. 

  3. Version: 1.7
    4. 

  4. Release: 0vl2
    5. 

  5. License: GPL
    6. 

  6. Group: Applications/Internet
    7. 

  7. Url: http://www.snort.org
    8. 

  8. Source0: http://www.snort.org/Files/%{name}-%{version}.tar.gz
    9. 

  9. Source1: snort-stat
    10. 

  10. Source2: snortlog
    11. 

  11. Source4: snortd
    12. 

  12. Source5: snort.conf
    13. 

  13. Source6: snortrules.tar.gz
    14. 

  14. Source7: README-snort.EUC
    15. 

  15. Requires: libpcap >= 0.4
    16. 

  16. BuildRequires: libpcap >= 0.4
    17. 

  17. Buildroot: %{_tmppath}/%{name}-%{version}-root
    18. 

  18. 

  19. %description
    20. 

  20. Snort is a libpcap-based packet sniffer/logger which 
    21. 

  21. can be used as a lightweight network intrusion detection system. 
    22. 

  22. It features rules based logging and can perform protocol analysis, 
    23. 

  23. content searching/matching and can be used to detect a variety of 
    24. 

  24. attacks and probes, such as buffer overflows, stealth port scans, 
    25. 

  25. CGI attacks, SMB probes, OS fingerprinting attempts, and much more. 
    26. 

  26. Snort has a real-time alerting capabilty, with alerts being sent to syslog, 
    27. 

  27. a seperate "alert" file, or as a WinPopup message via Samba's smbclient
    28. 

  28. 

  29. %description -l ja
    30. 

  30. SnortとはIDSと呼ばれるソフトウェアで、侵入検知システムと言われます。
    31. 

  31. ホストに何らかの悪さをしてくる行為を検出して知らせてくれるソフトです。
    32. 

  32. いろいろな攻撃と調査(例えばバッファオーバフロー、
    33. 

  33. ステルス・ポート・スキャン、CGI攻撃、SMB調査、OS指紋鑑定試み、
    34. 

  34. その他たくさん)を見つけるために使うことができる。
    35. 

  35. 

  36. %prep
    37. 

  37. %setup -q 
    38. 

  38. cp -p %{SOURCE5} %{SOURCE7} .
    39. 

  39. 

  40. %build
    41. 

  41. CFLAGS="$RPM_OPT_FLAGS" \
    42. 

  42. %configure --bindir=/usr/sbin --sysconfdir=/etc/snort --enable-smbalerts
    43. 

  43. make
    44. 

  44. 

  45. %install
    46. 

  46. rm -rf %{buildroot}
    47. 

  47. mkdir -p %{buildroot}/usr/{bin,sbin}
    48. 

  48. mkdir -p %{buildroot}/etc/snort
    49. 

  49. mkdir -p %{buildroot}/etc/rc.d/init.d
    50. 

  50. mkdir -p %{buildroot}/var/log/snort/archive
    51. 

  51. 

  52. %makeinstall \
    53. 

  53. 	prefix=%{buildroot}/usr \
    54. 

  54. 	bindir=%{buildroot}/usr/sbin \
    55. 

  55. 	sysconfdir=%{buildroot}/etc/snort
    56. 

  56. install %{SOURCE1} %{buildroot}/usr/bin
    57. 

  57. install %{SOURCE2} %{buildroot}/usr/bin
    58. 

  58. install %{SOURCE4} %{buildroot}/etc/rc.d/init.d
    59. 

  59. tar zxvf %{SOURCE6} -C %{buildroot}/etc/snort
    60. 

  60. 

  61. cat - << EOF >> %{buildroot}/etc/snort/snort.conf
    62. 

  62. ####################################################################
    63. 

  63. # Customize your rule set
    64. 

  64. #
    65. 

  65. # Up to date snort rules are available at the following web sites:
    66. 

  66. #   http://www.snort.org
    67. 

  67. #   http://www.whitehats.com
    68. 

  68. #
    69. 

  69. # The snort web site has documentation about how to 
    70. 

  70. # write your own custom snort rules.
    71. 

  71. #
    72. 

  72. # The rules included with this distribution generate alerts based on
    73. 

  73. # on suspicious activity. Depending on your network environment, your
    74. 

  74. # security policies, and what you consider to be suspicious, some of
    75. 

  75. # these rules may either generate false positives ore may be detecting
    76. 

  76. # activity you consider to be acceptable; therefore, you are
    77. 

  77. # encouraged to comment out rules that are not applicable in your
    78. 

  78. # environment.
    79. 

  79. #
    80. 

  80. # Note that using all of the rules at the same time may lead to
    81. 

  81. # serious packet loss on slower machines. YMMV, use with caution,
    82. 

  82. # standard disclaimers apply. :)
    83. 

  83. #
    84. 

  84. # The following individuals contributed many of rules in this
    85. 

  85. # distribution.
    86. 

  86. #
    87. 

  87. # Credits:
    88. 

  88. #   Max Vision <vision@whitehats.com> - www.whitehats.com
    89. 

  89. #   Ron Gula <rgula@securitywizards.com> of Network Security Wizards
    90. 

  90. #   Martin Markgraf <martin@mail.du.gtn.com>
    91. 

  91. #   CyberPsychotic <fygrave@tigerteam.net>
    92. 

  92. #   Nick Rogness <nick@rapidnet.com>
    93. 

  93. #   Jim Forster <jforster@rapidnet.com>
    94. 

  94. #   Scott McIntyre <scott@whoi.edu>
    95. 

  95. #   Tom Vandepoel <Tom.Vandepoel@ubizen.com>
    96. 

  96. #   Brian Caswell <bmc@mitre.org>
    97. 

  97. #
    98. 

  98. #===============================================
    99. 

  99. # Include all relevant rulesets here 
    100. 

  100. # by default virus, policy and info are disabled
    101. 

  101. #===============================================
    102. 

  102. # Be sure you have created a local.rules file
    103. 

  103. # for your includes/ignores, etc.
    104. 

  104. #===============================================
    105. 

  105. #include /etc/snort/local.rules
    106. 

  106. include /etc/snort/exploit.rules
    107. 

  107. include /etc/snort/scan.rules
    108. 

  108. include /etc/snort/finger.rules
    109. 

  109. include /etc/snort/ftp.rules
    110. 

  110. include /etc/snort/telnet.rules
    111. 

  111. include /etc/snort/smtp.rules
    112. 

  112. include /etc/snort/rpc.rules
    113. 

  113. include /etc/snort/rservices.rules
    114. 

  114. include /etc/snort/backdoor.rules
    115. 

  115. include /etc/snort/dos.rules
    116. 

  116. include /etc/snort/ddos.rules
    117. 

  117. include /etc/snort/dns.rules
    118. 

  118. include /etc/snort/netbios.rules
    119. 

  119. include /etc/snort/sql.rules
    120. 

  120. include /etc/snort/web-cgi.rules
    121. 

  121. include /etc/snort/web-coldfusion.rules
    122. 

  122. include /etc/snort/web-frontpage.rules
    123. 

  123. include /etc/snort/web-misc.rules
    124. 

  124. include /etc/snort/web-iis.rules
    125. 

  125. include /etc/snort/icmp.rules
    126. 

  126. include /etc/snort/misc.rules
    127. 

  127. #include /etc/snort/policy.rules
    128. 

  128. #include /etc/snort/info.rules
    129. 

  129. #include /etc/snort/virus.rules
    130. 

  130. 

  131. # Ruleset, available (updated hourly) from:
    132. 

  132. #
    133. 

  133. #   http://dev.whitehats.com/ids/vision.rules
    134. 

  134. # include /etc/snort/vision.rules
    135. 

  135. #
    136. 

  136. # snort.conf with more options is located in /usr/doc/snort-1.7/snort.conf
    137. 

  137. 

  138. EOF
    139. 

  139. 

  140. %clean
    141. 

  141. rm -rf %{buildroot}
    142. 

  142. 

  143. %post
    144. 

  144. #don't do all this stuff if we are upgrading
    145. 

  145. if [ "$1" = 1 ] ; then
    146. 

  146. useradd -M -r -d /var/log/snort -s /bin/false -c "Snort" snort 2> /dev/null || :
    147. 

  147. groupadd -r snort 2> /dev/null || :
    148. 

  148. /sbin/chkconfig --add snortd
    149. 

  149. fi
    150. 

  150. #this only works on redhat ;/
    151. 

  151. perl -e 'open(f,"/etc/sysconfig/network-scripts/ifcfg-eth0");
    152. 

  152.          while(<f>){if  (/IPADDR=(.*)/) {$internal=$1;}};close(f);
    153. 

  153.          open(f,"/etc/resolv.conf");
    154. 

  154.          while(<f>){if (/nameserver(.*)/) {$dns=$1;$dns=~s/[ ]+//g;
    155. 

  155. 	 $dns.="/32,"; push(@dns,$dns);}} close(f);
    156. 

  156. 	 $dns[$#dns]=~s/,$//g;
    157. 

  157.          open(f,">/etc/snort/snort.conf");
    158. 

  158.          print f "var HOME_NET $internal/32\nvar EXTERNAL_NET any\nvar SMTP \$HOME_NET\nvar HTTP_SERVERS \$HOME_NET\nvar SQL_SERVERS \$HOME_NET\nvar DNS_SERVERS ";
    159. 

  159. 	 print f "[";
    160. 

  160.          foreach (@dns) {print f "$_";}
    161. 

  161. 	 print f "]";
    162. 

  162.          print f "\n\npreprocessor defrag\npreprocessor http_decode: 80 8080\npreprocessor portscan: \$HOME_NET 4 3 /var/log/snort/portscan.log\npreprocessor portscan-ignorehosts: \$DNS_SERVERS\n\n";
    163. 

  163.          close(f);'
    164. 

  164. #add the rest of the stuff
    165. 

  165. 

  166. chown snort.snort /var/log/snort
    167. 

  167. 

  168. %if 0
    169. 

  169. echo -e "
    170. 

  170. Be sure to fetch the latest snort rules file from the ArachNIDS
    171. 

  171. database by Max Vision, or the one available from the snort.org web
    172. 

  172. site.
    173. 

  173. 

  174. The snortlog and snort-stat perl scripts can be used to generate
    175. 

  175. statistics from the snort syslog entries.
    176. 

  176. 

  177. Snort is currently configured to listen only on eth0, and uses the
    178. 

  178. default rulesets. If this is not correct for your 
    179. 

  179. system, edit /etc/rc.d/init.d/snortd and /etc/snort/snort.conf
    180. 

  180. 

  181. A \"snort\" user and group have been created for snort to run as instead
    182. 

  182. of running as root.  You will likely need to create the /var/log/snort 
    183. 

  183. directory, and change ownership to the \"snort\" account.
    184. 

  184. 

  185. Built by: Dave Wreski
    186. 

  186. dave@linuxsecurity.com
    187. 

  187. and Wim Vandersmissen <wim@bofh.be>
    188. 

  188. "
    189. 

  189. %endif
    190. 

  190. 

  191. %preun
    192. 

  192. /etc/rc.d/init.d/snortd stop
    193. 

  193. if [ $1 = 0 ] ; then
    194. 

  194. 	/sbin/chkconfig --del snortd
    195. 

  195. fi
    196. 

  196. exit 0
    197. 

  197. 

  198. %postun
    199. 

  199. #only if we are removing, not upgrading..
    200. 

  200. if [ $1 = 0 ] ; then
    201. 

  201. 	userdel snort 2> /dev/null || :
    202. 

  202. 	groupdel snort 2> /dev/null || :
    203. 

  203. fi
    204. 

  204. 

  205. %files
    206. 

  206. %defattr(-,root,root)
    207. 

  207. %doc AUTHORS BUGS COPYING CREDITS ChangeLog INSTALL NEWS README* USAGE
    208. 

  208. %doc snort.conf README-snort.EUC
    209. 

  209. %attr(755,root,root)  /usr/sbin/*
    210. 

  210. %attr(755,root,root)  /usr/bin/*
    211. 

  211. %attr(750,root,wheel)  %dir /var/log/snort
    212. 

  212. %attr(750,root,wheel)  %dir /var/log/snort/archive
    213. 

  213. %attr(640,root,wheel) %config /etc/snort/*rules
    214. 

  214. %attr(640,root,root)  %config /etc/snort/snort.conf
    215. 

  215. %attr(755,root,root)  %config /etc/rc.d/init.d/snortd
    216. 

  216. 

  217. %changelog
    218. 

  218. * Thu Sep 06 2001 Toru Sagami <sagami@vinelinux.org>
    219. 

  219. - 1.7-0vl2: was ported to VineSeedPlus with many spec fixes
    220. 

  220. 

  221. * Mon Apr 09 2001 net_hal <net_hal@cwa.bai.ne.jp>
    222. 

  222. - first buile for Vine2.1
    223. 

  223. - original ver 1.7 + 2001/03/28 Rules
    224.