current/SPECS/fwsnort.spec

%define rel             2
%define fwsnortlibdir   %{_prefix}/lib/%{name}
%define fwsnortlogdir   /var/log/fwsnort

### get the first @INC directory that includes the string "linux".
### This may be 'i386-linux', or 'i686-linux-thread-multi', etc.
%define fwsnortmoddir   `perl -e '$path=q|i386-linux|; for (@INC) { if($_ =~ m|.*/(.*linux.*)|) {$path = $1; last; }} print $path'`

Name:           fwsnort
Version:        1.6.5
Release:        %mkrel %{rel}
Summary:        Translates Snort rules into equivalent iptables rules
License:        GPLv2+
Group:          System/Servers
Url:            http://www.cipherdyne.org/fwsnort/
Source0:        http://www.cipherdyne.org/fwsnort/download/%{name}-%{version}.tar.gz
Source1:        logrotate.fwsnort
BuildArch:      noarch
Requires:       iptables
BuildRequires:  perl-devel

%description
fwsnort translates Snort rules into equivalent iptables rules and generates
a Bourne shell script that implements the resulting iptables commands. This
ruleset allows network traffic that exhibits Snort signatures to be logged
and/or dropped by iptables directly without putting any interface into
promiscuous mode or queuing packets from kernel to user space. In addition,
fwsnort (optionally) uses the IPTables::Parse module to parse the iptables
ruleset on the machine to determine which Snort rules are applicable to the
specific iptables policy.  After all, if iptables is blocking all inbound
http traffic from external addresses, it is probably not of much use to try
detecting inbound attacks against against tcp/80. By default fwsnort
generates iptables rules that log Snort sid's with --log-prefix to klogd
where the messages can be analyzed with a log watcher such as logwatch or
psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables
string match extension to match Snort content fields in the application portion
of ip traffic. Since Snort rules can contain hex data in content fields,
fwsnort implements a patch against iptables-1.2.7a which adds a
"--hex-string" option which will accept content fields such as
"|0d0a5b52504c5d3030320d0a|". fwsnort bundles the latest rule set from
Emerging Threats (http://www.emergingthreats.net) and also includes all rules
from the Snort-2.3.3 IDS - the final Snort rule set that was released under
the GPL.  fwsnort is able to translate well over 60% of all bundled rules.
For more information about the translation strategy as well as
advantages/disadvantages of the method used by fwsnort to obtain intrusion
detection data, see the README included with the fwsnort sources or browse
to: http://www.cipherdyne.org/fwsnort/

%prep

%setup -q

cp -p %{SOURCE1} .

cd deps
cd IPTables-Parse && perl Makefile.PL PREFIX=%{fwsnortlibdir} LIB=%{fwsnortlibdir}
cd ..
cd NetAddr-IP && perl Makefile.PL PREFIX=%{fwsnortlibdir} LIB=%{fwsnortlibdir}
cd ../..

%build
### build perl modules used by fwsnort
cd deps
make OPTS="%{optflags}" -C IPTables-Parse
make OPTS="%{optflags}" -C NetAddr-IP
cd ..

%install
### config directory
### log directory
mkdir -p %{buildroot}%{fwsnortlogdir}

### fwsnort module dirs
mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/IPTables/Parse
mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util
mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP
mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase
mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP
mkdir -p %{buildroot}%{fwsnortlibdir}/IPTables

mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sbindir}

### fwsnort config
mkdir -p %{buildroot}%{_sysconfdir}/%{name}

install -m 755 fwsnort %{buildroot}%{_sbindir}/
install -m 644 fwsnort.conf %{buildroot}%{_sysconfdir}/%{name}/
install -m 644 fwsnort.8 %{buildroot}%{_mandir}/man8/

### install perl modules used by fwsnort
cd deps
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/hostenum.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/hostenum.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/compactref.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/compactref.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/nprefix.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/nprefix.al
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/.packlist ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/.packlist %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/.packlist
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/re.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/re.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/prefix.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/prefix.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/do_prefix.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/do_prefix.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/wildcard.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/wildcard.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_compact_v6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_compact_v6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/autosplit.ix
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.so ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.so %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util/Util.so
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.bs ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.bs %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util/Util.bs
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util/autosplit.ix
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/shiftleft.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/shiftleft.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipv4to6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/ipv4to6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/maskanyto6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/maskanyto6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/comp128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/comp128.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_deadlen.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/sub128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/sub128.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/notcontiguous.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/notcontiguous.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcdn2bin.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bcdn2bin.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/add128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/add128.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipv6to4.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/ipv6to4.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bcdcheck.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_bcdcheck.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/mask4to6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/mask4to6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_128x2.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_128x2.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipanyto6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/ipanyto6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/hasbits.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcdn2txt.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bcdn2txt.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/slowadd128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/slowadd128.al
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/autosplit.ix
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/simple_pack.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/simple_pack.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcd2bin.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bcd2bin.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bin2bcdn.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bin2bcdn.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bin2bcdn.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_bin2bcdn.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bin2bcd.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bin2bcd.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_sa128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_sa128.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bcd2bin.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_bcd2bin.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/addconst.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/addconst.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_128x10.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_128x10.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/mod_version.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/mod_version.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_splitref.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_splitref.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_compV6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_compV6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_any2n.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_any2n.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_inet_ntop.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/_inet_ntop.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_n2ad.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_n2ad.al
[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/autosplit.ix
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_packzeros.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/_packzeros.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_n2dx.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_n2dx.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/ipv6_aton.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/ipv6_aton.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/ipv6_ntoa.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/ipv6_ntoa.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_ntoa.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_ntoa.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_inet_pton.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/_inet_pton.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/coalesce.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/coalesce.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/re6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/re6.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/short.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/short.al
install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_splitplan.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_splitplan.al
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/InetBase.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/InetBase.pm
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/UtilPP.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/UtilPP.pm
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Util.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/Util.pm
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Lite.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/Lite.pm
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Util_IS.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/Util_IS.pm
install -m 444 NetAddr-IP/blib/lib/NetAddr/IP.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP.pm
install -m 444 IPTables-Parse/blib/lib/IPTables/Parse.pm %{buildroot}%{fwsnortlibdir}/IPTables/Parse.pm
cd ..

### install snort rules files
cp -r deps/snort_rules %{buildroot}%{_sysconfdir}/%{name}

### install fwsnort logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 logrotate.fwsnort %{buildroot}%{_sysconfdir}/logrotate.d/%{name}

%pre
### not used

%post
### not used

%preun
### not used

%files
%doc ChangeLog VERSION README CREDITS TODO
%license LICENSE
%dir %{fwsnortlogdir}
%{_sbindir}/*
%{_mandir}/man8/*

%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/fwsnort.conf

%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}

%dir %{_sysconfdir}/%{name}/snort_rules
%config(noreplace) %{_sysconfdir}/%{name}/snort_rules/*

%{_prefix}/lib/%{name}
1	%define rel 2
2	%define fwsnortlibdir %{_prefix}/lib/%{name}
3	%define fwsnortlogdir /var/log/fwsnort
4
5	### get the first @INC directory that includes the string "linux".
6	### This may be 'i386-linux', or 'i686-linux-thread-multi', etc.
7	%define fwsnortmoddir `perl -e '$path=q\|i386-linux\|; for (@INC) { if($_ =~ m\|./(.linux.*)\|) {$path = $1; last; }} print $path'`
8
9	Name: fwsnort
10	Version: 1.6.5
11	Release: %mkrel %{rel}
12	Summary: Translates Snort rules into equivalent iptables rules
13	License: GPLv2+
14	Group: System/Servers
15	Url: http://www.cipherdyne.org/fwsnort/
16	Source0: http://www.cipherdyne.org/fwsnort/download/%{name}-%{version}.tar.gz
17	Source1: logrotate.fwsnort
18	BuildArch: noarch
19	Requires: iptables
20	BuildRequires: perl-devel
21
22	%description
23	fwsnort translates Snort rules into equivalent iptables rules and generates
24	a Bourne shell script that implements the resulting iptables commands. This
25	ruleset allows network traffic that exhibits Snort signatures to be logged
26	and/or dropped by iptables directly without putting any interface into
27	promiscuous mode or queuing packets from kernel to user space. In addition,
28	fwsnort (optionally) uses the IPTables::Parse module to parse the iptables
29	ruleset on the machine to determine which Snort rules are applicable to the
30	specific iptables policy. After all, if iptables is blocking all inbound
31	http traffic from external addresses, it is probably not of much use to try
32	detecting inbound attacks against against tcp/80. By default fwsnort
33	generates iptables rules that log Snort sid's with --log-prefix to klogd
34	where the messages can be analyzed with a log watcher such as logwatch or
35	psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables
36	string match extension to match Snort content fields in the application portion
37	of ip traffic. Since Snort rules can contain hex data in content fields,
38	fwsnort implements a patch against iptables-1.2.7a which adds a
39	"--hex-string" option which will accept content fields such as
40	"\|0d0a5b52504c5d3030320d0a\|". fwsnort bundles the latest rule set from
41	Emerging Threats (http://www.emergingthreats.net) and also includes all rules
42	from the Snort-2.3.3 IDS - the final Snort rule set that was released under
43	the GPL. fwsnort is able to translate well over 60% of all bundled rules.
44	For more information about the translation strategy as well as
45	advantages/disadvantages of the method used by fwsnort to obtain intrusion
46	detection data, see the README included with the fwsnort sources or browse
47	to: http://www.cipherdyne.org/fwsnort/
48
49	%prep
50
51	%setup -q
52
53	cp -p %{SOURCE1} .
54
55	cd deps
56	cd IPTables-Parse && perl Makefile.PL PREFIX=%{fwsnortlibdir} LIB=%{fwsnortlibdir}
57	cd ..
58	cd NetAddr-IP && perl Makefile.PL PREFIX=%{fwsnortlibdir} LIB=%{fwsnortlibdir}
59	cd ../..
60
61	%build
62	### build perl modules used by fwsnort
63	cd deps
64	make OPTS="%{optflags}" -C IPTables-Parse
65	make OPTS="%{optflags}" -C NetAddr-IP
66	cd ..
67
68	%install
69	### config directory
70	### log directory
71	mkdir -p %{buildroot}%{fwsnortlogdir}
72
73	### fwsnort module dirs
74	mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/IPTables/Parse
75	mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util
76	mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP
77	mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase
78	mkdir -p %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP
79	mkdir -p %{buildroot}%{fwsnortlibdir}/IPTables
80
81	mkdir -p %{buildroot}%{_bindir}
82	mkdir -p %{buildroot}%{_mandir}/man8
83	mkdir -p %{buildroot}%{_sbindir}
84
85	### fwsnort config
86	mkdir -p %{buildroot}%{_sysconfdir}/%{name}
87
88	install -m 755 fwsnort %{buildroot}%{_sbindir}/
89	install -m 644 fwsnort.conf %{buildroot}%{_sysconfdir}/%{name}/
90	install -m 644 fwsnort.8 %{buildroot}%{_mandir}/man8/
91
92	### install perl modules used by fwsnort
93	cd deps
94	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/hostenum.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/hostenum.al
95	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/compactref.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/compactref.al
96	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/nprefix.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/nprefix.al
97	[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/.packlist ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/.packlist %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/.packlist
98	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/re.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/re.al
99	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/prefix.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/prefix.al
100	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/do_prefix.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/do_prefix.al
101	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/wildcard.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/wildcard.al
102	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_compact_v6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_compact_v6.al
103	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/autosplit.ix
104	[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.so ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.so %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util/Util.so
105	[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.bs ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/Util.bs %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util/Util.bs
106	[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/Util/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/Util/autosplit.ix
107	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/shiftleft.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/shiftleft.al
108	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipv4to6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/ipv4to6.al
109	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/maskanyto6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/maskanyto6.al
110	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/comp128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/comp128.al
111	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_deadlen.al
112	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/sub128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/sub128.al
113	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/notcontiguous.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/notcontiguous.al
114	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcdn2bin.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bcdn2bin.al
115	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/add128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/add128.al
116	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipv6to4.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/ipv6to4.al
117	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bcdcheck.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_bcdcheck.al
118	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/mask4to6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/mask4to6.al
119	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_128x2.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_128x2.al
120	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/ipanyto6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/ipanyto6.al
121	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/hasbits.al
122	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcdn2txt.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bcdn2txt.al
123	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/slowadd128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/slowadd128.al
124	[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/autosplit.ix
125	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/simple_pack.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/simple_pack.al
126	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bcd2bin.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bcd2bin.al
127	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bin2bcdn.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bin2bcdn.al
128	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bin2bcdn.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_bin2bcdn.al
129	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/bin2bcd.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/bin2bcd.al
130	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_sa128.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_sa128.al
131	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_bcd2bin.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_bcd2bin.al
132	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/addconst.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/addconst.al
133	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/UtilPP/_128x10.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/UtilPP/_128x10.al
134	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/mod_version.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/mod_version.al
135	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_splitref.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_splitref.al
136	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_compV6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_compV6.al
137	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_any2n.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_any2n.al
138	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_inet_ntop.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/_inet_ntop.al
139	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_n2ad.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_n2ad.al
140	[ -e NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/autosplit.ix ] && install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/autosplit.ix %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/autosplit.ix
141	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_packzeros.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/_packzeros.al
142	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_n2dx.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_n2dx.al
143	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/ipv6_aton.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/ipv6_aton.al
144	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/ipv6_ntoa.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/ipv6_ntoa.al
145	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/inet_ntoa.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/inet_ntoa.al
146	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/InetBase/_inet_pton.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/InetBase/_inet_pton.al
147	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/coalesce.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/coalesce.al
148	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/re6.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/re6.al
149	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/short.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/short.al
150	install -m 444 NetAddr-IP/blib/lib/auto/NetAddr/IP/_splitplan.al %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/auto/NetAddr/IP/_splitplan.al
151	install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/InetBase.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/InetBase.pm
152	install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/UtilPP.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/UtilPP.pm
153	install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Util.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/Util.pm
154	install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Lite.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/Lite.pm
155	install -m 444 NetAddr-IP/blib/lib/NetAddr/IP/Util_IS.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP/Util_IS.pm
156	install -m 444 NetAddr-IP/blib/lib/NetAddr/IP.pm %{buildroot}%{fwsnortlibdir}/%{fwsnortmoddir}/NetAddr/IP.pm
157	install -m 444 IPTables-Parse/blib/lib/IPTables/Parse.pm %{buildroot}%{fwsnortlibdir}/IPTables/Parse.pm
158	cd ..
159
160	### install snort rules files
161	cp -r deps/snort_rules %{buildroot}%{_sysconfdir}/%{name}
162
163	### install fwsnort logrotate files
164	mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
165	install -m 644 logrotate.fwsnort %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
166
167	%pre
168	### not used
169
170	%post
171	### not used
172
173	%preun
174	### not used
175
176	%files
177	%doc ChangeLog VERSION README CREDITS TODO
178	%license LICENSE
179	%dir %{fwsnortlogdir}
180	%{_sbindir}/*
181	%{_mandir}/man8/*
182
183	%dir %{_sysconfdir}/%{name}
184	%config(noreplace) %{_sysconfdir}/%{name}/fwsnort.conf
185
186	%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
187
188	%dir %{_sysconfdir}/%{name}/snort_rules
189	%config(noreplace) %{_sysconfdir}/%{name}/snort_rules/*
190
191	%{_prefix}/lib/%{name}