diff --git a/README.md b/README.md index 1380ea3..e9b384f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,6 @@ Snort is an open source network intrusion detection system, capable of performin It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. - Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. diff --git a/snort.spec b/snort.spec index 3e8b690..4bc53b8 100644 --- a/snort.spec +++ b/snort.spec @@ -5,23 +5,22 @@ %define userid 65023 Name: snort -Version: 2.9.17 +Version: 3.1.19.0 Release: 1mamba Summary: The Open Source Intrusion Detection System Group: Network/Monitoring Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco -URL: http://www.snort.org -# 2.8.6.1: no direct link working; downloaded by hand -Source0: https://www.snort.org/downloads/snort/snort-%{version}.tar.gz +URL: https://www.snort.org/ +Source0: https://github.com/snort3/snort3.git/%{version}/snort3-%{version}.tar.bz2 Source1: snort-initscript Source2: snort-sysconfig Source3: snort-createmysql Source4: snort-createmysql-archive #Source5: http://www.snort.org/dl/contrib/... Source5: snortdb-extra.bz2 -Source6: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz +Source6: https://www.snort.org/downloads/community/snort3-community-rules.tar.gz Source7: snort-conf License: GPL %if %enable_mysql @@ -37,18 +36,24 @@ BuildRequires: postgresql-devel >= 7.4-2 %endif ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel -BuildRequires: libmysql5-devel +BuildRequires: libdaq-devel +BuildRequires: libdnet-devel +BuildRequires: libflatbuffers-devel +BuildRequires: libgcc +BuildRequires: libhwloc-devel +BuildRequires: liblzma-devel +BuildRequires: libmnl-devel BuildRequires: libopenssl-devel BuildRequires: libpcap-devel BuildRequires: libpcre-devel +BuildRequires: libstdc++6-devel +BuildRequires: libunwind-devel +BuildRequires: libuuid-devel BuildRequires: libz-devel -BuildRequires: mysql -BuildRequires: mysql-client ## AUTOBUILDREQ-END BuildRequires: libdnet-devel -BuildRequires: libdaq-devel +BuildRequires: libdaq-devel >= 3.0.5 BuildRequires: libluajit-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: %{_datadir}/snort/contrib/createmysql Provides: %{_datadir}/snort/contrib/createmysql-archive @@ -57,7 +62,6 @@ Snort is an open source network intrusion detection system, capable of performin It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. - Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. @@ -71,19 +75,23 @@ Snort is an open source network intrusion detection system, capable of performin It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. - Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. - This package contains the static libraries, headers and source files for development. %debug_package %prep -%setup -q -a6 -sed -i "s|/usr/local|/usr|" etc/snort.conf +%setup -q -n snort3-%{version} -a6 +#sed -i "s|/usr/local|/usr|" etc/snort.conf %build +%cmake -d build \ + -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} + +%make + +:<< __OLD %configure \ --sysconfdir=%{_sysconfdir}/snort \ --enable-linux-smp-stat \ @@ -108,18 +116,19 @@ sed -i "s|/usr/local|/usr|" etc/snort.conf %install [ "%{buildroot}" != / ] && rm -rf %{buildroot} -%makeinstall +%makeinstall -C build install -d %{buildroot}%{_sysconfdir}/snort/{rules,preproc_rules} -cp rules/*.rules %{buildroot}%{_sysconfdir}/snort/rules/ -cp preproc_rules/*.rules %{buildroot}%{_sysconfdir}/snort/preproc_rules/ +cp snort3-community-rules/*.rules %{buildroot}%{_sysconfdir}/snort/rules/ -cp etc/*.conf etc/*.config etc/*.map %{buildroot}%{_sysconfdir}/snort +:<< __OLD +#cp preproc_rules/*.rules %{buildroot}%{_sysconfdir}/snort/preproc_rules/ +#cp etc/*.conf etc/*.config etc/*.map %{buildroot}%{_sysconfdir}/snort -install -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/snort -install -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/snort +#install -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/snort +#install -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/snort -install -d %{buildroot}/var/log/snort +#install -d %{buildroot}/var/log/snort install -D %{SOURCE3} %{buildroot}%{_datadir}/snort/contrib/createmysql install -D %{SOURCE4} %{buildroot}%{_datadir}/snort/contrib/createmysql-archive @@ -129,6 +138,7 @@ install -D %{SOURCE7} %{buildroot}%{_sysconfdir}/snort/snort.conf #cp contrib/create* contrib/snortdb-extra.bz2 %{buildroot}%{_datadir}/snort/contrib/ cp %{SOURCE5} %{buildroot}%{_datadir}/snort/contrib/ #cp schemas/create_* %{buildroot}%{_datadir}/snort/contrib/ +__OLD %pre /usr/sbin/groupadd snort -g %{groupid} 2>/dev/null @@ -136,25 +146,25 @@ cp %{SOURCE5} %{buildroot}%{_datadir}/snort/contrib/ -s /bin/false snort 2>/dev/null exit 0 -%post +#%post # new install -if [ $1 -eq 1 ]; then - RANDOM_PASSWD=`/usr/bin/mkpasswd -l 10 -s 0` - sed -i "s|# output database: log, mysql.*|output database: log, mysql, user=snort password=$RANDOM_PASSWD dbname=snort host=localhost|" \ - %{_sysconfdir}/snort/snort.conf - %{_datadir}/snort/contrib/createmysql $RANDOM_PASSWD - %{_datadir}/snort/contrib/createmysql-archive $RANDOM_PASSWD -fi -exit 0 +#if [ $1 -eq 1 ]; then +# RANDOM_PASSWD=`/usr/bin/mkpasswd -l 10 -s 0` +# sed -i "s|# output database: log, mysql.*|output database: log, mysql, user=snort password=$RANDOM_PASSWD dbname=snort host=localhost|" \ +# %{_sysconfdir}/snort/snort.conf +# %{_datadir}/snort/contrib/createmysql $RANDOM_PASSWD +# %{_datadir}/snort/contrib/createmysql-archive $RANDOM_PASSWD +#fi +#: %preun # erase if [ $1 -eq 0 ]; then - service snort stop 2>/dev/null - /sbin/chkconfig --del snort + #service snort stop 2>/dev/null + #/sbin/chkconfig --del snort /usr/sbin/userdel snort 2>/dev/null fi -exit 0 +: %postun # update @@ -162,74 +172,45 @@ if [ $1 -eq 1 ]; then groupadd snort -g %{groupid} 2>/dev/null /usr/sbin/useradd -u %{userid} -c 'Snort user' -d /dev/null -g snort \ -s /bin/false snort 2>/dev/null - /sbin/chkconfig snort - [ $? -eq 0 ] && service snort restart + #/sbin/chkconfig snort + #[ $? -eq 0 ] && service snort restart fi -exit 0 +: %clean [ "%{buildroot}" != / ] && rm -rf %{buildroot} %files %defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/snort/snort.conf -%config %{_sysconfdir}/snort/file_magic.conf -%config(noreplace) %{_sysconfdir}/snort/threshold.conf -%config(noreplace) %{_sysconfdir}/snort/classification.config -%config(noreplace) %{_sysconfdir}/snort/reference.config -%config(noreplace) %{_sysconfdir}/sysconfig/snort +%dir %{_sysconfdir}/snort +%{_sysconfdir}/snort/*.lua +%dir %{_sysconfdir}/snort/rules %{_sysconfdir}/snort/rules/* -%{_sysconfdir}/snort/preproc_rules/* -%{_sysconfdir}/snort/*.map %{_bindir}/appid_detector_builder.sh +%{_bindir}/fbstreamer %{_bindir}/u2boat %{_bindir}/u2spewfoo -%{_bindir}/u2openappid -%{_bindir}/u2streamer %{_bindir}/snort -%{_libdir}/libsf_sorules.so.* -%dir %{_libdir}/snort/dynamic_preproc -%{_libdir}/snort/dynamic_preproc/libsf_dynamic_utils.* -%dir %{_libdir}/snort_dynamicengine -%{_libdir}/snort_dynamicengine/libsf_engine.a -%{_libdir}/snort_dynamicengine/libsf_engine.la -%{_libdir}/snort_dynamicengine/libsf_engine.so -%{_libdir}/snort_dynamicengine/libsf_engine.so.* -%dir %{_libdir}/snort_dynamicpreprocessor -%{_libdir}/snort_dynamicpreprocessor/*.a -%{_libdir}/snort_dynamicpreprocessor/*.la -%{_libdir}/snort_dynamicpreprocessor/*.so* -%dir %{_libdir}/snort/dynamic_output/ -%{_libdir}/snort/dynamic_output/libsf_dynamic_output.a -%{_libdir}/snort/dynamic_output/libsf_dynamic_output.la -%dir %{_libdir}/snort/dynamic_preproc -%{_libdir}/snort/dynamic_preproc/libsf_dynamic_preproc.a -%{_libdir}/snort/dynamic_preproc/libsf_dynamic_preproc.la -%dir %{_datadir}/snort -%dir %{_datadir}/snort/contrib -%{_datadir}/snort/contrib/* -%attr(755,root,root) %{_initrddir}/snort -%dir %attr(755,snort,snort) /var/log/snort +%{_bindir}/snort2lua +%dir %{_libdir}/snort +%dir %{_libdir}/snort/daq +%{_libdir}/snort/daq/daq_file.so +%{_libdir}/snort/daq/daq_hext.so +%dir %{_datadir}/doc/snort %{_datadir}/doc/snort/* -%{_mandir}/man8/* -%doc doc/AUTHORS doc/CREDITS +#%dir %attr(755,snort,snort) /var/log/snort +%doc COPYING LICENSE %files devel %defattr(-,root,root) -%{_prefix}/src/snort_dynamicsrc/*.h -%{_prefix}/src/snort_dynamicsrc/*.c %dir %{_includedir}/snort %{_includedir}/snort/* -%{_libdir}/libsf_sorules.a -%{_libdir}/libsf_sorules.la -%{_libdir}/libsf_sorules.so %{_libdir}/pkgconfig/snort.pc -%{_libdir}/pkgconfig/snort_preproc.pc -%{_libdir}/pkgconfig/snort_output.pc -%doc doc/{BUGS,NEWS,README*,TODO,USAGE} -%doc ChangeLog doc/snort_manual.* %changelog +* Wed Dec 29 2021 Silvan Calarco 3.1.19.0-1mamba +- update to 3.1.19.0 + * Fri Nov 20 2020 Automatic Build System 2.9.17-1mamba - automatic version update by autodist