snort-vl.spec 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. Summary: packet-sniffer/logger
  2. Name: snort
  3. Version: 1.7
  4. Release: 0vl2
  5. License: GPL
  6. Group: Applications/Internet
  7. Url: http://www.snort.org
  8. Source0: http://www.snort.org/Files/%{name}-%{version}.tar.gz
  9. Source1: snort-stat
  10. Source2: snortlog
  11. Source4: snortd
  12. Source5: snort.conf
  13. Source6: snortrules.tar.gz
  14. Source7: README-snort.EUC
  15. Requires: libpcap >= 0.4
  16. BuildRequires: libpcap >= 0.4
  17. Buildroot: %{_tmppath}/%{name}-%{version}-root
  18. %description
  19. Snort is a libpcap-based packet sniffer/logger which
  20. can be used as a lightweight network intrusion detection system.
  21. It features rules based logging and can perform protocol analysis,
  22. content searching/matching and can be used to detect a variety of
  23. attacks and probes, such as buffer overflows, stealth port scans,
  24. CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
  25. Snort has a real-time alerting capabilty, with alerts being sent to syslog,
  26. a seperate "alert" file, or as a WinPopup message via Samba's smbclient
  27. %description -l ja
  28. SnortとはIDSと呼ばれるソフトウェアで、侵入検知システムと言われます。
  29. ホストに何らかの悪さをしてくる行為を検出して知らせてくれるソフトです。
  30. いろいろな攻撃と調査(例えばバッファオーバフロー、
  31. ステルス・ポート・スキャン、CGI攻撃、SMB調査、OS指紋鑑定試み、
  32. その他たくさん)を見つけるために使うことができる。
  33. %prep
  34. %setup -q
  35. cp -p %{SOURCE5} %{SOURCE7} .
  36. %build
  37. CFLAGS="$RPM_OPT_FLAGS" \
  38. %configure --bindir=/usr/sbin --sysconfdir=/etc/snort --enable-smbalerts
  39. make
  40. %install
  41. rm -rf %{buildroot}
  42. mkdir -p %{buildroot}/usr/{bin,sbin}
  43. mkdir -p %{buildroot}/etc/snort
  44. mkdir -p %{buildroot}/etc/rc.d/init.d
  45. mkdir -p %{buildroot}/var/log/snort/archive
  46. %makeinstall \
  47. prefix=%{buildroot}/usr \
  48. bindir=%{buildroot}/usr/sbin \
  49. sysconfdir=%{buildroot}/etc/snort
  50. install %{SOURCE1} %{buildroot}/usr/bin
  51. install %{SOURCE2} %{buildroot}/usr/bin
  52. install %{SOURCE4} %{buildroot}/etc/rc.d/init.d
  53. tar zxvf %{SOURCE6} -C %{buildroot}/etc/snort
  54. cat - << EOF >> %{buildroot}/etc/snort/snort.conf
  55. ####################################################################
  56. # Customize your rule set
  57. #
  58. # Up to date snort rules are available at the following web sites:
  59. # http://www.snort.org
  60. # http://www.whitehats.com
  61. #
  62. # The snort web site has documentation about how to
  63. # write your own custom snort rules.
  64. #
  65. # The rules included with this distribution generate alerts based on
  66. # on suspicious activity. Depending on your network environment, your
  67. # security policies, and what you consider to be suspicious, some of
  68. # these rules may either generate false positives ore may be detecting
  69. # activity you consider to be acceptable; therefore, you are
  70. # encouraged to comment out rules that are not applicable in your
  71. # environment.
  72. #
  73. # Note that using all of the rules at the same time may lead to
  74. # serious packet loss on slower machines. YMMV, use with caution,
  75. # standard disclaimers apply. :)
  76. #
  77. # The following individuals contributed many of rules in this
  78. # distribution.
  79. #
  80. # Credits:
  81. # Max Vision <vision@whitehats.com> - www.whitehats.com
  82. # Ron Gula <rgula@securitywizards.com> of Network Security Wizards
  83. # Martin Markgraf <martin@mail.du.gtn.com>
  84. # CyberPsychotic <fygrave@tigerteam.net>
  85. # Nick Rogness <nick@rapidnet.com>
  86. # Jim Forster <jforster@rapidnet.com>
  87. # Scott McIntyre <scott@whoi.edu>
  88. # Tom Vandepoel <Tom.Vandepoel@ubizen.com>
  89. # Brian Caswell <bmc@mitre.org>
  90. #
  91. #===============================================
  92. # Include all relevant rulesets here
  93. # by default virus, policy and info are disabled
  94. #===============================================
  95. # Be sure you have created a local.rules file
  96. # for your includes/ignores, etc.
  97. #===============================================
  98. #include /etc/snort/local.rules
  99. include /etc/snort/exploit.rules
  100. include /etc/snort/scan.rules
  101. include /etc/snort/finger.rules
  102. include /etc/snort/ftp.rules
  103. include /etc/snort/telnet.rules
  104. include /etc/snort/smtp.rules
  105. include /etc/snort/rpc.rules
  106. include /etc/snort/rservices.rules
  107. include /etc/snort/backdoor.rules
  108. include /etc/snort/dos.rules
  109. include /etc/snort/ddos.rules
  110. include /etc/snort/dns.rules
  111. include /etc/snort/netbios.rules
  112. include /etc/snort/sql.rules
  113. include /etc/snort/web-cgi.rules
  114. include /etc/snort/web-coldfusion.rules
  115. include /etc/snort/web-frontpage.rules
  116. include /etc/snort/web-misc.rules
  117. include /etc/snort/web-iis.rules
  118. include /etc/snort/icmp.rules
  119. include /etc/snort/misc.rules
  120. #include /etc/snort/policy.rules
  121. #include /etc/snort/info.rules
  122. #include /etc/snort/virus.rules
  123. # Ruleset, available (updated hourly) from:
  124. #
  125. # http://dev.whitehats.com/ids/vision.rules
  126. # include /etc/snort/vision.rules
  127. #
  128. # snort.conf with more options is located in /usr/doc/snort-1.7/snort.conf
  129. EOF
  130. %clean
  131. rm -rf %{buildroot}
  132. %post
  133. #don't do all this stuff if we are upgrading
  134. if [ "$1" = 1 ] ; then
  135. useradd -M -r -d /var/log/snort -s /bin/false -c "Snort" snort 2> /dev/null || :
  136. groupadd -r snort 2> /dev/null || :
  137. /sbin/chkconfig --add snortd
  138. fi
  139. #this only works on redhat ;/
  140. perl -e 'open(f,"/etc/sysconfig/network-scripts/ifcfg-eth0");
  141. while(<f>){if (/IPADDR=(.*)/) {$internal=$1;}};close(f);
  142. open(f,"/etc/resolv.conf");
  143. while(<f>){if (/nameserver(.*)/) {$dns=$1;$dns=~s/[ ]+//g;
  144. $dns.="/32,"; push(@dns,$dns);}} close(f);
  145. $dns[$#dns]=~s/,$//g;
  146. open(f,">/etc/snort/snort.conf");
  147. print f "var HOME_NET $internal/32\nvar EXTERNAL_NET any\nvar SMTP \$HOME_NET\nvar HTTP_SERVERS \$HOME_NET\nvar SQL_SERVERS \$HOME_NET\nvar DNS_SERVERS ";
  148. print f "[";
  149. foreach (@dns) {print f "$_";}
  150. print f "]";
  151. print f "\n\npreprocessor defrag\npreprocessor http_decode: 80 8080\npreprocessor portscan: \$HOME_NET 4 3 /var/log/snort/portscan.log\npreprocessor portscan-ignorehosts: \$DNS_SERVERS\n\n";
  152. close(f);'
  153. #add the rest of the stuff
  154. chown snort.snort /var/log/snort
  155. %if 0
  156. echo -e "
  157. Be sure to fetch the latest snort rules file from the ArachNIDS
  158. database by Max Vision, or the one available from the snort.org web
  159. site.
  160. The snortlog and snort-stat perl scripts can be used to generate
  161. statistics from the snort syslog entries.
  162. Snort is currently configured to listen only on eth0, and uses the
  163. default rulesets. If this is not correct for your
  164. system, edit /etc/rc.d/init.d/snortd and /etc/snort/snort.conf
  165. A \"snort\" user and group have been created for snort to run as instead
  166. of running as root. You will likely need to create the /var/log/snort
  167. directory, and change ownership to the \"snort\" account.
  168. Built by: Dave Wreski
  169. dave@linuxsecurity.com
  170. and Wim Vandersmissen <wim@bofh.be>
  171. "
  172. %endif
  173. %preun
  174. /etc/rc.d/init.d/snortd stop
  175. if [ $1 = 0 ] ; then
  176. /sbin/chkconfig --del snortd
  177. fi
  178. exit 0
  179. %postun
  180. #only if we are removing, not upgrading..
  181. if [ $1 = 0 ] ; then
  182. userdel snort 2> /dev/null || :
  183. groupdel snort 2> /dev/null || :
  184. fi
  185. %files
  186. %defattr(-,root,root)
  187. %doc AUTHORS BUGS COPYING CREDITS ChangeLog INSTALL NEWS README* USAGE
  188. %doc snort.conf README-snort.EUC
  189. %attr(755,root,root) /usr/sbin/*
  190. %attr(755,root,root) /usr/bin/*
  191. %attr(750,root,wheel) %dir /var/log/snort
  192. %attr(750,root,wheel) %dir /var/log/snort/archive
  193. %attr(640,root,wheel) %config /etc/snort/*rules
  194. %attr(640,root,root) %config /etc/snort/snort.conf
  195. %attr(755,root,root) %config /etc/rc.d/init.d/snortd
  196. %changelog
  197. * Thu Sep 06 2001 Toru Sagami <sagami@vinelinux.org>
  198. - 1.7-0vl2: was ported to VineSeedPlus with many spec fixes
  199. * Mon Apr 09 2001 net_hal <net_hal@cwa.bai.ne.jp>
  200. - first buile for Vine2.1
  201. - original ver 1.7 + 2001/03/28 Rules