[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-cvs
Subject: [CVS] OpenPKG: openpkg-src/snort/ rc.snort snort.conf snort.patch snor...
From: "Ralf S. Engelschall" <rse () openpkg ! org>
Date: 2005-07-29 8:00:21
Message-ID: 20050729080021.5461E1B506E () master ! openpkg ! org
[Download RAW message or body]
OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: rse@openpkg.org
Module: openpkg-src Date: 29-Jul-2005 10:00:21
Branch: HEAD Handle: 2005072909001900
Added files:
openpkg-src/snort rc.snort snort.conf snort.patch
Modified files:
openpkg-src/snort snort.spec
Log:
dramatically improve packaging by fully daemonizing it; upgrade to
latest version 2.4 which has the rules separate
Summary:
Revision Changes Path
1.1 +72 -0 openpkg-src/snort/rc.snort
1.1 +22 -0 openpkg-src/snort/snort.conf
1.3 +14 -0 openpkg-src/snort/snort.patch
1.30 +89 -9 openpkg-src/snort/snort.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/snort/rc.snort
============================================================================
$ cvs diff -u -r0 -r1.1 rc.snort
--- /dev/null 2005-07-29 10:00:19 +0200
+++ rc.snort 2005-07-29 10:00:21 +0200
@@ -0,0 +1,72 @@
+#!@l_prefix@/lib/openpkg/bash @l_prefix@/etc/rc
+##
+## rc.snort -- Run-Commands
+##
+
+%config
+ snort_enable="$openpkg_rc_def"
+ snort_if=""
+ snort_flags="-N -Afast -o"
+ snort_log_prolog="true"
+ snort_log_epilog="true"
+ snort_log_numfiles="10"
+ snort_log_minsize="1M"
+ snort_log_complevel="9"
+
+%common
+ snort_cfgfile="@l_prefix@/etc/snort/snort.conf"
+ snort_logdir="@l_prefix@/var/snort"
+ snort_piddir="@l_prefix@/var/snort"
+ snort_pidfile="$snort_piddir/snort_${snort_if}.pid"
+ snort_signal () {
+ [ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile`
+ }
+
+%status -u @l_susr@ -o
+ snort_usable="no"
+ snort_active="no"
+ @l_prefix@/sbin/snort \
+ -q -T \
+ -u "@l_rusr@" -g "@l_rgrp@" \
+ -i "$snort_if" \
+ -c "$snort_cfgfile" \
+ -l "$snort_logdir" \
+ >/dev/null 2>&1 && snort_usable="yes"
+ [ ".$snort_if" = . ] && snort_usable="no"
+ rcService snort enable yes && snort_signal 0 && snort_active="yes"
+ echo "snort_enable=\"$snort_enable\""
+ echo "snort_usable=\"$snort_usable\""
+ echo "snort_active=\"$snort_active\""
+
+%start -p 100 -u @l_susr@
+ rcService snort enable yes || exit 0
+ rcService snort active yes && exit 0
+ @l_prefix@/sbin/snort \
+ -q -D \
+ -u "@l_rusr@" -g "@l_rgrp@" \
+ -i "$snort_if" \
+ -c "$snort_cfgfile" \
+ -l "$snort_logdir" \
+ ${snort_flags}
+
+%stop -p 900 -u @l_susr@
+ rcService snort enable yes || exit 0
+ rcService snort active no && exit 0
+ snort_signal TERM
+ sleep 2
+ rm -f $snort_pidfile 2>/dev/null || true
+
+%restart -p 100 -u @l_susr@
+ rcService snort enable yes || exit 0
+ rcService snort active no && exit 0
+ rc snort stop start
+
+%daily -u @l_susr@
+ rcService snort enable yes || exit 0
+ shtool rotate -f \
+ -n ${snort_log_numfiles} -s ${snort_log_minsize} -d \
+ -z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \
+ -P "${snort_log_prolog}" \
+ -E "${snort_log_epilog}; rc snort reload" \
+ $snort_logdir/snort.alert.log
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/snort/snort.conf
============================================================================
$ cvs diff -u -r0 -r1.1 snort.conf
--- /dev/null 2005-07-29 10:00:19 +0200
+++ snort.conf 2005-07-29 10:00:21 +0200
@@ -0,0 +1,22 @@
+##
+## snort.conf -- Snort Daemon Configuration
+##
+
+# common variables
+var CFG_PATH @l_prefix@/share/snort
+var VAR_PATH @l_prefix@/var/snort
+
+# output selection
+config alertfile: $VAR_PATH/snort.alert.log
+output alert_fast: $VAR_PATH/snort.alert.log
+#output log_tcpdump: $VAR_PATH/snort.alert.cap
+
+# configuration parameters
+config show_year
+config order: alert pass log
+
+# load default snort configuration
+var HOME_NET any
+var EXTERNAL_NET any
+include $CFG_PATH/etc/snort.conf
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/snort/snort.patch
============================================================================
$ cvs diff -u -r0 -r1.3 snort.patch
--- /dev/null 2005-07-29 10:00:19 +0200
+++ snort.patch 2005-07-29 10:00:21 +0200
@@ -0,0 +1,14 @@
+Index: src/snort.h
+--- src/snort.h.orig 2005-07-22 05:03:55 +0200
++++ src/snort.h 2005-07-29 09:50:11 +0200
+@@ -64,9 +64,7 @@
+
+ #define MAX_PIDFILE_SUFFIX 11 /* uniqueness extension to PID file, see '-R' */
+
+-#ifndef _PATH_VARRUN
+-extern char _PATH_VARRUN[STD_BUF];
+-#endif
++#define _PATH_VARRUN "@l_prefix@/var/snort"
+
+ #ifndef WIN32
+ #define DEFAULT_LOG_DIR "/var/log/snort"
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/snort/snort.spec
============================================================================
$ cvs diff -u -r1.29 -r1.30 snort.spec
--- openpkg-src/snort/snort.spec 24 Apr 2005 20:07:07 -0000 1.29
+++ openpkg-src/snort/snort.spec 29 Jul 2005 08:00:19 -0000 1.30
@@ -22,6 +22,10 @@
## SUCH DAMAGE.
##
+# package version
+%define V_snort 2.4.0
+%define V_rules 2.4
+
# package information
Name: snort
Summary: Network Intrusion Detection System
@@ -32,15 +36,19 @@
Class: PLUS
Group: Network
License: GPL
-Version: 2.3.3
-Release: 20050424
+Version: %{V_snort}
+Release: 20050729
# package options
%option with_mysql no
%option with_pgsql no
# list of sources
-Source0: http://www.snort.org/dl/current/snort-%{version}.tar.gz
+Source0: http://www.snort.org/dl/current/snort-%{V_snort}.tar.gz
+Source1: http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-%{V_rules}.tar.gz
+Source2: snort.conf
+Source3: rc.snort
+Patch0: snort.patch
# build information
Prefix: %{l_prefix}
@@ -75,15 +83,20 @@
%track
prog snort = {
- version = %{version}
+ version = %{V_snort}
url = http://www.snort.org/dl/
regex = snort-(\d+\.\d+\.\d+)\.tar\.gz
}
%prep
%setup -q
+ %setup -q -D -T -a 1
+ %patch -p0
+ %{l_shtool} subst %{l_value -s -a} \
+ src/snort.h
%build
+ # configure program
LIBS=""
%if "%{with_pgsql}" == "yes"
LIBS="$LIBS -lpq -lcrypt -lssl -lcrypto"
@@ -112,29 +125,96 @@
--with-libpcap-includes=%{l_prefix}/include \
--with-libpcap-libraries=%{l_prefix}/lib \
--with-libnet-includes=%{l_prefix}/include \
- --with-libnet-libraries=%{l_prefix}/lib
+ --with-libnet-libraries=%{l_prefix}/lib \
+ --with-libpcre-includes=%{l_prefix}/include \
+ --with-libpcre-libraries=%{l_prefix}/lib \
+ --enable-perfmonitor
+
+ # build program
%{l_make} %{l_mflags -O}
%install
+ # create installation hierarchy
rm -rf $RPM_BUILD_ROOT
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/sbin \
$RPM_BUILD_ROOT%{l_prefix}/man/man8 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
$RPM_BUILD_ROOT%{l_prefix}/etc/snort \
- $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/etc \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/map \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules \
+ $RPM_BUILD_ROOT%{l_prefix}/var/snort
+
+ # install program and manual page
%{l_shtool} install -c -s -m 755 \
src/snort $RPM_BUILD_ROOT%{l_prefix}/sbin/
%{l_shtool} install -c -m 644 \
snort.8 $RPM_BUILD_ROOT%{l_prefix}/man/man8/
+
+ # install default configuration and rules files
+ %{l_shtool} install -c -m 644 \
+ -e 's;\(var HOME_NET\) any;\1 $(HOME_NET:-any);' \
+ -e 's;\(var EXTERNAL_NET\) any;\1 $(EXTERNAL_NET:-any);' \
+ -e 's;\(var RULE_PATH\).*;\1 %{l_prefix}/share/snort/rules;g' \
+ -e 's;include classification.config;include \
%{l_prefix}/share/snort/etc/classification.config;' \ + -e 's;include \
reference.config;include %{l_prefix}/share/snort/etc/reference.config;' \ + \
-e 's;iis_unicode_map unicode.map;iis_unicode_map \
%{l_prefix}/share/snort/map/unicode.map;' \ + etc/snort.conf \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/etc/
+ %{l_shtool} install -c -m 644 \
+ etc/reference.config etc/classification.config etc/threshold.conf \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/etc/
+ %{l_shtool} install -c -m 644 \
+ etc/unicode.map etc/gen-msg.map etc/sid-msg.map \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/map/
%{l_shtool} install -c -m 644 \
rules/*.rules $RPM_BUILD_ROOT%{l_prefix}/share/snort/rules/
+
+ # install default configuration
+ %{l_shtool} install -c -m 644 %{l_value -s -a} \
+ %{SOURCE snort.conf} $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
+
+ # install run-command script
+ %{l_shtool} install -c -m 755 %{l_value -s -a} \
+ %{SOURCE rc.snort} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+
+ # install optional/additional files
+%if "%{with_mysql}" == "yes"
%{l_shtool} install -c -m 644 \
- -e 's;\(var RULE_PATH\).*;\1 %{l_prefix}/share/snort/rules;g' \
- etc/snort.conf $RPM_BUILD_ROOT%{l_prefix}/etc/snort/
- %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std}
+ schemas/create_mysql \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/
+%endif
+%if "%{with_pgsql}" == "yes"
+ %{l_shtool} install -c -m 644 \
+ schemas/create_postgresql \
+ $RPM_BUILD_ROOT%{l_prefix}/share/snort/
+%endif
+
+ # determine installation files
+ %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+ %{l_files_std} \
+ '%config %{l_prefix}/etc/snort/*' \
+ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/snort'
%files -f files
%clean
rm -rf $RPM_BUILD_ROOT
+%post
+ # after upgrade, restart service
+ [ $1 -eq 2 ] || exit 0
+ eval `%{l_rc} snort status 2>/dev/null`
+ [ ".$snort_active" = .yes ] && %{l_rc} snort restart
+ exit 0
+
+%preun
+ # before erase, stop service and remove log files
+ [ $1 -eq 0 ] || exit 0
+ %{l_rc} snort stop 2>/dev/null
+ rm -f $RPM_INSTALL_PREFIX/var/snort/*.pid >/dev/null 2>&1 || true
+ rm -f $RPM_INSTALL_PREFIX/var/snort/*.log >/dev/null 2>&1 || true
+ rm -f $RPM_INSTALL_PREFIX/var/snort/*.cap >/dev/null 2>&1 || true
+ exit 0
+
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic