| 1 |
%define debug_package %{nil} |
| 2 |
%define release 8 |
| 3 |
%define fwsnortlibdir %_libdir/%name |
| 4 |
%define fwsnortlogdir /var/log/fwsnort |
| 5 |
|
| 6 |
### get the first @INC directory that includes the string "linux". |
| 7 |
### This may be 'i386-linux', or 'i686-linux-thread-multi', etc. |
| 8 |
%define fwsnortmoddir `perl -e '$path=q|i386-linux|; for (@INC) { if($_ =~ m|.*/(.*linux.*)|) {$path = $1; last; }} print $path'` |
| 9 |
|
| 10 |
Summary: Fwsnort translates Snort rules into equivalent iptables rules |
| 11 |
Name: fwsnort |
| 12 |
Version: 1.6.3 |
| 13 |
Release: %mkrel %release |
| 14 |
License: GPL |
| 15 |
Group: System/Servers |
| 16 |
Url: http://www.cipherdyne.org/fwsnort/ |
| 17 |
Source: %name-%version.tar.gz |
| 18 |
Requires: iptables |
| 19 |
BuildRequires: perl-devel |
| 20 |
|
| 21 |
%description |
| 22 |
fwsnort translates Snort rules into equivalent iptables rules and generates |
| 23 |
a Bourne shell script that implements the resulting iptables commands. This |
| 24 |
ruleset allows network traffic that exhibits Snort signatures to be logged |
| 25 |
and/or dropped by iptables directly without putting any interface into |
| 26 |
promiscuous mode or queuing packets from kernel to user space. In addition, |
| 27 |
fwsnort (optionally) uses the IPTables::Parse module to parse the iptables |
| 28 |
ruleset on the machine to determine which Snort rules are applicable to the |
| 29 |
specific iptables policy. After all, if iptables is blocking all inbound |
| 30 |
http traffic from external addresses, it is probably not of much use to try |
| 31 |
detecting inbound attacks against against tcp/80. By default fwsnort |
| 32 |
generates iptables rules that log Snort sid's with --log-prefix to klogd |
| 33 |
where the messages can be analyzed with a log watcher such as logwatch or |
| 34 |
psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables |
| 35 |
string match extension to match Snort content fields in the application portion |
| 36 |
of ip traffic. Since Snort rules can contain hex data in content fields, |
| 37 |
fwsnort implements a patch against iptables-1.2.7a which adds a |
| 38 |
"--hex-string" option which will accept content fields such as |
| 39 |
"|0d0a5b52504c5d3030320d0a|". fwsnort bundles the latest rule set from |
| 40 |
Emerging Threats (http://www.emergingthreats.net) and also includes all rules |
| 41 |
from the Snort-2.3.3 IDS - the final Snort rule set that was released under |
| 42 |
the GPL. fwsnort is able to translate well over 60% of all bundled rules. |
| 43 |
For more information about the translation strategy as well as |
| 44 |
advantages/disadvantages of the method used by fwsnort to obtain intrusion |
| 45 |
detection data, see the README included with the fwsnort sources or browse |
| 46 |
to: http://www.cipherdyne.org/fwsnort/ |
| 47 |
|
| 48 |
%prep |
| 49 |
|
| 50 |
%setup -q |
| 51 |
|
| 52 |
cd deps |
| 53 |
cd IPTables-Parse && perl Makefile.PL PREFIX=%fwsnortlibdir LIB=%fwsnortlibdir |
| 54 |
cd .. |
| 55 |
cd NetAddr-IP && perl Makefile.PL PREFIX=%fwsnortlibdir LIB=%fwsnortlibdir |
| 56 |
cd ../.. |
| 57 |
|
| 58 |
%build |
| 59 |
### build perl modules used by fwsnort |
| 60 |
cd deps |
| 61 |
make OPTS="$RPM_OPT_FLAGS" -C IPTables-Parse |
| 62 |
make OPTS="$RPM_OPT_FLAGS" -C NetAddr-IP |
| 63 |
cd .. |
| 64 |
|
| 65 |
%install |
| 66 |
### config directory |
| 67 |
### log directory |
| 68 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlogdir |
| 69 |
|
| 70 |
### fwsnort module dirs |
| 71 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/IPTables/Parse |
| 72 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/Util |
| 73 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP |
| 74 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase |
| 75 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP |
| 76 |
mkdir -p $RPM_BUILD_ROOT%fwsnortlibdir/IPTables |
| 77 |
|
| 78 |
mkdir -p $RPM_BUILD_ROOT%_bindir |
| 79 |
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 |
| 80 |
mkdir -p $RPM_BUILD_ROOT%_sbindir |
| 81 |
### fwsnort config |
| 82 |
mkdir -p $RPM_BUILD_ROOT%_sysconfdir/%name |
| 83 |
|
| 84 |
install -m 500 fwsnort $RPM_BUILD_ROOT%_sbindir/ |
| 85 |
install -m 644 fwsnort.conf $RPM_BUILD_ROOT%_sysconfdir/%name/ |
| 86 |
install -m 644 fwsnort.8 $RPM_BUILD_ROOT%{_mandir}/man8/ |
| 87 |
|
| 88 |
### install perl modules used by fwsnort |
| 89 |
cd deps |
| 90 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/hostenum.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/hostenum.al |
| 91 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/compactref.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/compactref.al |
| 92 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/nprefix.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/nprefix.al |
| 93 |
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/.packlist ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/.packlist $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/.packlist |
| 94 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/re.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/re.al |
| 95 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/prefix.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/prefix.al |
| 96 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/do_prefix.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/do_prefix.al |
| 97 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/wildcard.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/wildcard.al |
| 98 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_compact_v6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/_compact_v6.al |
| 99 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/autosplit.ix $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/autosplit.ix |
| 100 |
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.so ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.so $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/Util/Util.so |
| 101 |
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.bs ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.bs $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/Util/Util.bs |
| 102 |
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/autosplit.ix $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/Util/autosplit.ix |
| 103 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/shiftleft.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/shiftleft.al |
| 104 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipv4to6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/ipv4to6.al |
| 105 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/maskanyto6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/maskanyto6.al |
| 106 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/comp128.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/comp128.al |
| 107 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_deadlen.al |
| 108 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/sub128.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/sub128.al |
| 109 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/notcontiguous.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/notcontiguous.al |
| 110 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcdn2bin.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/bcdn2bin.al |
| 111 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/add128.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/add128.al |
| 112 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipv6to4.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/ipv6to4.al |
| 113 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bcdcheck.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_bcdcheck.al |
| 114 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/mask4to6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/mask4to6.al |
| 115 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_128x2.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_128x2.al |
| 116 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipanyto6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/ipanyto6.al |
| 117 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/hasbits.al |
| 118 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcdn2txt.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/bcdn2txt.al |
| 119 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/slowadd128.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/slowadd128.al |
| 120 |
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/autosplit.ix $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/autosplit.ix |
| 121 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/simple_pack.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/simple_pack.al |
| 122 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcd2bin.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/bcd2bin.al |
| 123 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bin2bcdn.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/bin2bcdn.al |
| 124 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bin2bcdn.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_bin2bcdn.al |
| 125 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bin2bcd.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/bin2bcd.al |
| 126 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_sa128.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_sa128.al |
| 127 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bcd2bin.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_bcd2bin.al |
| 128 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/addconst.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/addconst.al |
| 129 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_128x10.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/UtilPP/_128x10.al |
| 130 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/mod_version.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/mod_version.al |
| 131 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_splitref.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/_splitref.al |
| 132 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_compV6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/_compV6.al |
| 133 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_any2n.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/inet_any2n.al |
| 134 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_inet_ntop.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/_inet_ntop.al |
| 135 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_n2ad.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/inet_n2ad.al |
| 136 |
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/autosplit.ix $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/autosplit.ix |
| 137 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_packzeros.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/_packzeros.al |
| 138 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_n2dx.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/inet_n2dx.al |
| 139 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/ipv6_aton.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/ipv6_aton.al |
| 140 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/ipv6_ntoa.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/ipv6_ntoa.al |
| 141 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_ntoa.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/inet_ntoa.al |
| 142 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_inet_pton.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/InetBase/_inet_pton.al |
| 143 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/coalesce.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/coalesce.al |
| 144 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/re6.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/re6.al |
| 145 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/short.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/short.al |
| 146 |
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_splitplan.al $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/auto/NetAddr/IP/_splitplan.al |
| 147 |
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/InetBase.pm $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP/InetBase.pm |
| 148 |
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/UtilPP.pm $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP/UtilPP.pm |
| 149 |
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Util.pm $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP/Util.pm |
| 150 |
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Lite.pm $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP/Lite.pm |
| 151 |
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Util_IS.pm $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP/Util_IS.pm |
| 152 |
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP.pm $RPM_BUILD_ROOT%fwsnortlibdir/%fwsnortmoddir/NetAddr/IP.pm |
| 153 |
install -m 444 IPTables-Parse/blib/lib/IPTables/Parse.pm $RPM_BUILD_ROOT%fwsnortlibdir/IPTables/Parse.pm |
| 154 |
cd .. |
| 155 |
|
| 156 |
### install snort rules files |
| 157 |
cp -r deps/snort_rules $RPM_BUILD_ROOT%_sysconfdir/%name |
| 158 |
|
| 159 |
%pre |
| 160 |
### not used |
| 161 |
|
| 162 |
%post |
| 163 |
### not used |
| 164 |
|
| 165 |
%preun |
| 166 |
### not used |
| 167 |
|
| 168 |
%files |
| 169 |
%dir %fwsnortlogdir |
| 170 |
%_sbindir/* |
| 171 |
%{_mandir}/man8/* |
| 172 |
|
| 173 |
%dir %_sysconfdir/%name |
| 174 |
%config(noreplace) %_sysconfdir/%name/fwsnort.conf |
| 175 |
|
| 176 |
%dir %_sysconfdir/%name/snort_rules |
| 177 |
%config(noreplace) %_sysconfdir/%name/snort_rules/* |
| 178 |
|
| 179 |
%_libdir/%name |
| 180 |
|
Parent Directory
| 
Revision Log