rpms/snort
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 3.1.19.0 [release 3.1.19.0-1mamba;Wed Dec 29 2021]

Browse Source
This commit is contained in:
Silvan Calarco 2024-01-05 17:56:53 +01:00
parent bfb02d8ae4
commit 864ec07e1d
2 changed files with 62 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -4,7 +4,6 @@ Snort is an open source network intrusion detection system, capable of performin
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Snort has three primary uses. Snort has three primary uses.
It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.

143
snort.spec
View File

@ -5,23 +5,22 @@
%define userid 65023 %define userid 65023
Name: snort Name: snort
Version: 2.9.17 Version: 3.1.19.0
Release: 1mamba Release: 1mamba
Summary: The Open Source Intrusion Detection System Summary: The Open Source Intrusion Detection System
Group: Network/Monitoring Group: Network/Monitoring
Vendor: openmamba Vendor: openmamba
Distribution: openmamba Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it> Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.snort.org URL: https://www.snort.org/
# 2.8.6.1: no direct link working; downloaded by hand Source0: https://github.com/snort3/snort3.git/%{version}/snort3-%{version}.tar.bz2
Source0: https://www.snort.org/downloads/snort/snort-%{version}.tar.gz
Source1: snort-initscript Source1: snort-initscript
Source2: snort-sysconfig Source2: snort-sysconfig
Source3: snort-createmysql Source3: snort-createmysql
Source4: snort-createmysql-archive Source4: snort-createmysql-archive
#Source5: http://www.snort.org/dl/contrib/... #Source5: http://www.snort.org/dl/contrib/...
Source5: snortdb-extra.bz2 Source5: snortdb-extra.bz2
Source6: http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz Source6: https://www.snort.org/downloads/community/snort3-community-rules.tar.gz
Source7: snort-conf Source7: snort-conf
License: GPL License: GPL
%if %enable_mysql %if %enable_mysql
@ -37,18 +36,24 @@ BuildRequires: postgresql-devel >= 7.4-2
%endif %endif
## AUTOBUILDREQ-BEGIN ## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel BuildRequires: glibc-devel
BuildRequires: libmysql5-devel BuildRequires: libdaq-devel
BuildRequires: libdnet-devel
BuildRequires: libflatbuffers-devel
BuildRequires: libgcc
BuildRequires: libhwloc-devel
BuildRequires: liblzma-devel
BuildRequires: libmnl-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: libpcap-devel BuildRequires: libpcap-devel
BuildRequires: libpcre-devel BuildRequires: libpcre-devel
BuildRequires: libstdc++6-devel
BuildRequires: libunwind-devel
BuildRequires: libuuid-devel
BuildRequires: libz-devel BuildRequires: libz-devel
BuildRequires: mysql
BuildRequires: mysql-client
## AUTOBUILDREQ-END ## AUTOBUILDREQ-END
BuildRequires: libdnet-devel BuildRequires: libdnet-devel
BuildRequires: libdaq-devel BuildRequires: libdaq-devel >= 3.0.5
BuildRequires: libluajit-devel BuildRequires: libluajit-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: %{_datadir}/snort/contrib/createmysql Provides: %{_datadir}/snort/contrib/createmysql
Provides: %{_datadir}/snort/contrib/createmysql-archive Provides: %{_datadir}/snort/contrib/createmysql-archive
@ -57,7 +62,6 @@ Snort is an open source network intrusion detection system, capable of performin
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Snort has three primary uses. Snort has three primary uses.
It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.
@ -71,19 +75,23 @@ Snort is an open source network intrusion detection system, capable of performin
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Snort has three primary uses. Snort has three primary uses.
It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.
This package contains the static libraries, headers and source files for development. This package contains the static libraries, headers and source files for development.
%debug_package %debug_package
%prep %prep
%setup -q -a6 %setup -q -n snort3-%{version} -a6
sed -i "s|/usr/local|/usr|" etc/snort.conf #sed -i "s|/usr/local|/usr|" etc/snort.conf
%build %build
%cmake -d build \
-DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir}
%make
:<< __OLD
%configure \ %configure \
--sysconfdir=%{_sysconfdir}/snort \ --sysconfdir=%{_sysconfdir}/snort \
--enable-linux-smp-stat \ --enable-linux-smp-stat \
@ -108,18 +116,19 @@ sed -i "s|/usr/local|/usr|" etc/snort.conf
%install %install
[ "%{buildroot}" != / ] && rm -rf %{buildroot} [ "%{buildroot}" != / ] && rm -rf %{buildroot}
%makeinstall %makeinstall -C build
install -d %{buildroot}%{_sysconfdir}/snort/{rules,preproc_rules} install -d %{buildroot}%{_sysconfdir}/snort/{rules,preproc_rules}
cp rules/*.rules %{buildroot}%{_sysconfdir}/snort/rules/ cp snort3-community-rules/*.rules %{buildroot}%{_sysconfdir}/snort/rules/
cp preproc_rules/*.rules %{buildroot}%{_sysconfdir}/snort/preproc_rules/
cp etc/*.conf etc/*.config etc/*.map %{buildroot}%{_sysconfdir}/snort :<< __OLD
#cp preproc_rules/*.rules %{buildroot}%{_sysconfdir}/snort/preproc_rules/
#cp etc/*.conf etc/*.config etc/*.map %{buildroot}%{_sysconfdir}/snort
install -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/snort #install -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/snort
install -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/snort #install -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/snort
install -d %{buildroot}/var/log/snort #install -d %{buildroot}/var/log/snort
install -D %{SOURCE3} %{buildroot}%{_datadir}/snort/contrib/createmysql install -D %{SOURCE3} %{buildroot}%{_datadir}/snort/contrib/createmysql
install -D %{SOURCE4} %{buildroot}%{_datadir}/snort/contrib/createmysql-archive install -D %{SOURCE4} %{buildroot}%{_datadir}/snort/contrib/createmysql-archive
@ -129,6 +138,7 @@ install -D %{SOURCE7} %{buildroot}%{_sysconfdir}/snort/snort.conf
#cp contrib/create* contrib/snortdb-extra.bz2 %{buildroot}%{_datadir}/snort/contrib/ #cp contrib/create* contrib/snortdb-extra.bz2 %{buildroot}%{_datadir}/snort/contrib/
cp %{SOURCE5} %{buildroot}%{_datadir}/snort/contrib/ cp %{SOURCE5} %{buildroot}%{_datadir}/snort/contrib/
#cp schemas/create_* %{buildroot}%{_datadir}/snort/contrib/ #cp schemas/create_* %{buildroot}%{_datadir}/snort/contrib/
__OLD
%pre %pre
/usr/sbin/groupadd snort -g %{groupid} 2>/dev/null /usr/sbin/groupadd snort -g %{groupid} 2>/dev/null
@ -136,25 +146,25 @@ cp %{SOURCE5} %{buildroot}%{_datadir}/snort/contrib/
-s /bin/false snort 2>/dev/null -s /bin/false snort 2>/dev/null
exit 0 exit 0
%post #%post
# new install # new install
if [ $1 -eq 1 ]; then #if [ $1 -eq 1 ]; then
RANDOM_PASSWD=`/usr/bin/mkpasswd -l 10 -s 0` # RANDOM_PASSWD=`/usr/bin/mkpasswd -l 10 -s 0`
sed -i "s|# output database: log, mysql.*|output database: log, mysql, user=snort password=$RANDOM_PASSWD dbname=snort host=localhost|" \ # sed -i "s|# output database: log, mysql.*|output database: log, mysql, user=snort password=$RANDOM_PASSWD dbname=snort host=localhost|" \
%{_sysconfdir}/snort/snort.conf # %{_sysconfdir}/snort/snort.conf
%{_datadir}/snort/contrib/createmysql $RANDOM_PASSWD # %{_datadir}/snort/contrib/createmysql $RANDOM_PASSWD
%{_datadir}/snort/contrib/createmysql-archive $RANDOM_PASSWD # %{_datadir}/snort/contrib/createmysql-archive $RANDOM_PASSWD
fi #fi
exit 0 #:
%preun %preun
# erase # erase
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
service snort stop 2>/dev/null #service snort stop 2>/dev/null
/sbin/chkconfig --del snort #/sbin/chkconfig --del snort
/usr/sbin/userdel snort 2>/dev/null /usr/sbin/userdel snort 2>/dev/null
fi fi
exit 0 :
%postun %postun
# update # update
@ -162,74 +172,45 @@ if [ $1 -eq 1 ]; then
groupadd snort -g %{groupid} 2>/dev/null groupadd snort -g %{groupid} 2>/dev/null
/usr/sbin/useradd -u %{userid} -c 'Snort user' -d /dev/null -g snort \ /usr/sbin/useradd -u %{userid} -c 'Snort user' -d /dev/null -g snort \
-s /bin/false snort 2>/dev/null -s /bin/false snort 2>/dev/null
/sbin/chkconfig snort #/sbin/chkconfig snort
[ $? -eq 0 ] && service snort restart #[ $? -eq 0 ] && service snort restart
fi fi
exit 0 :
%clean %clean
[ "%{buildroot}" != / ] && rm -rf %{buildroot} [ "%{buildroot}" != / ] && rm -rf %{buildroot}
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/snort/snort.conf %dir %{_sysconfdir}/snort
%config %{_sysconfdir}/snort/file_magic.conf %{_sysconfdir}/snort/*.lua
%config(noreplace) %{_sysconfdir}/snort/threshold.conf %dir %{_sysconfdir}/snort/rules
%config(noreplace) %{_sysconfdir}/snort/classification.config
%config(noreplace) %{_sysconfdir}/snort/reference.config
%config(noreplace) %{_sysconfdir}/sysconfig/snort
%{_sysconfdir}/snort/rules/* %{_sysconfdir}/snort/rules/*
%{_sysconfdir}/snort/preproc_rules/*
%{_sysconfdir}/snort/*.map
%{_bindir}/appid_detector_builder.sh %{_bindir}/appid_detector_builder.sh
%{_bindir}/fbstreamer
%{_bindir}/u2boat %{_bindir}/u2boat
%{_bindir}/u2spewfoo %{_bindir}/u2spewfoo
%{_bindir}/u2openappid
%{_bindir}/u2streamer
%{_bindir}/snort %{_bindir}/snort
%{_libdir}/libsf_sorules.so.* %{_bindir}/snort2lua
%dir %{_libdir}/snort/dynamic_preproc %dir %{_libdir}/snort
%{_libdir}/snort/dynamic_preproc/libsf_dynamic_utils.* %dir %{_libdir}/snort/daq
%dir %{_libdir}/snort_dynamicengine %{_libdir}/snort/daq/daq_file.so
%{_libdir}/snort_dynamicengine/libsf_engine.a %{_libdir}/snort/daq/daq_hext.so
%{_libdir}/snort_dynamicengine/libsf_engine.la %dir %{_datadir}/doc/snort
%{_libdir}/snort_dynamicengine/libsf_engine.so
%{_libdir}/snort_dynamicengine/libsf_engine.so.*
%dir %{_libdir}/snort_dynamicpreprocessor
%{_libdir}/snort_dynamicpreprocessor/*.a
%{_libdir}/snort_dynamicpreprocessor/*.la
%{_libdir}/snort_dynamicpreprocessor/*.so*
%dir %{_libdir}/snort/dynamic_output/
%{_libdir}/snort/dynamic_output/libsf_dynamic_output.a
%{_libdir}/snort/dynamic_output/libsf_dynamic_output.la
%dir %{_libdir}/snort/dynamic_preproc
%{_libdir}/snort/dynamic_preproc/libsf_dynamic_preproc.a
%{_libdir}/snort/dynamic_preproc/libsf_dynamic_preproc.la
%dir %{_datadir}/snort
%dir %{_datadir}/snort/contrib
%{_datadir}/snort/contrib/*
%attr(755,root,root) %{_initrddir}/snort
%dir %attr(755,snort,snort) /var/log/snort
%{_datadir}/doc/snort/* %{_datadir}/doc/snort/*
%{_mandir}/man8/* #%dir %attr(755,snort,snort) /var/log/snort
%doc doc/AUTHORS doc/CREDITS %doc COPYING LICENSE
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%{_prefix}/src/snort_dynamicsrc/*.h
%{_prefix}/src/snort_dynamicsrc/*.c
%dir %{_includedir}/snort %dir %{_includedir}/snort
%{_includedir}/snort/* %{_includedir}/snort/*
%{_libdir}/libsf_sorules.a
%{_libdir}/libsf_sorules.la
%{_libdir}/libsf_sorules.so
%{_libdir}/pkgconfig/snort.pc %{_libdir}/pkgconfig/snort.pc
%{_libdir}/pkgconfig/snort_preproc.pc
%{_libdir}/pkgconfig/snort_output.pc
%doc doc/{BUGS,NEWS,README*,TODO,USAGE}
%doc ChangeLog doc/snort_manual.*
%changelog %changelog
* Wed Dec 29 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 3.1.19.0-1mamba
- update to 3.1.19.0
* Fri Nov 20 2020 Automatic Build System <autodist@mambasoft.it> 2.9.17-1mamba * Fri Nov 20 2020 Automatic Build System <autodist@mambasoft.it> 2.9.17-1mamba
- automatic version update by autodist - automatic version update by autodist