current/SPECS/snort.spec

Summary:        An Intrusion Detection System (IDS)
Name:           snort
Version:        2.9.20
Release:        %mkrel 2
License:        GPLv2
Group:          Networking/Other
URL:            https://www.snort.org/
Source0:        https://www.snort.org/downloads/snort/snort-%{version}.tar.gz
Source3:        snort.init
Source4:        snort.logrotate
Source5:        snort.sysconfig
Source6:        snortdb-extra
Patch0:         snort-lib64.diff
# (oe) http://www.inliniac.net/files/
# http://www.snortsam.net/files/snort-plugin/snortsam-2.9.5.3-2.diff.gz
Patch1:         snort-2.9.20-snortsam.diff
Patch2:         snort-2.9.20-plugins_fix.diff
Patch5:         snort-2.9.4.6-conf.diff
Patch6:         snort-2.9.2.2-pcre-ldflags.patch
Patch7:         snort-2.9.8.0-cflags.patch
Patch8:         snort-2.9.20-libtirpc.patch
Requires(post): systemd >= %{systemd_required_version}
Requires(post): rpm-helper
Requires(post): snort-rules
Requires(preun): rpm-helper
Requires(preun): snort-rules
Requires(pre): rpm-helper
Requires(postun): rpm-helper
Requires:       pcre
Requires:       pcap
Requires:       snort-rules
Requires:       daq-modules
BuildRequires:  sed
BuildRequires:  pcap-devel
BuildRequires:  mysql-devel
BuildRequires:  openssl-devel
BuildRequires:  postgresql-devel
BuildRequires:  texlive
BuildRequires:  zlib-devel
BuildRequires:  pcre-devel
BuildRequires:  dnet-devel
BuildRequires:  chrpath
BuildRequires:  iptables-devel
BuildRequires:  flex
BuildRequires:  bison
BuildRequires:  latex2html
BuildRequires:  libgcrypt-devel
BuildRequires:  gnutls-devel
BuildRequires:  prelude-devel
BuildRequires:  iptables-ipq-devel
BuildRequires:  daq-devel
BuildRequires:  libtirpc-devel
BuildRequires:  luajit-devel
Recommends:     snortsam

%description
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

This rpm is different from previous rpms and while it will not clobber
your current snort file, you will need to modify it.

There are 9 different packages available

All of them require the base snort rpm.  Additionally, you will need
to chose a binary to install.

%{_sbindir}/snort should end up being a symlink to a binary in one of
the following configurations. We use update-alternatives for this.
Here are the different packages along with their priorities.

plain(10)               plain+flexresp(11)              mysql(12)
mysql+flexresp(13)      postgresql(14)                  postgresql+flexresp(15)
bloat(16)               inline(17)                      inline+flexresp(18)
prelude(19)             prelude+flexresp(20)

Please see the documentation in %{_docdir}/%{name}

%package        plain+flexresp
Summary:        Snort with Flexible Response
Group:          Networking/Other
Requires:       snort >= %{version}

%description    plain+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with flexresp support. FlexResp allows snort to actively close
offending connections.

%package        mysql
Summary:        Snort with MySQL database support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    mysql
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with mysql support.

%package        mysql+flexresp
Summary:        Snort with MySQL database and Flexible Response support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    mysql+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with mysql+flexresp support. FlexResp allows snort to actively
close offending connections.

%package        postgresql
Summary:        Snort with PostgreSQL database support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    postgresql
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with postgresql support. 

%package        postgresql+flexresp
Summary:        Snort with PostgreSQL database and Flexible Response support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    postgresql+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with postgresql+flexresp support. FlexResp allows snort to
actively close offending connections.

%package        bloat
Summary:        Snort with flexresp+mysql+postgresql+inline+prelude support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    bloat
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with flexresp+mysql+postgresql+inline+prelude support.

%package        inline
Summary:        Snort with Inline support
Group:          Networking/Other
Requires:       iptables
Requires:       snort >= %{version}

%description    inline
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with inline support. Snort-Inline takes packets from iptables
instead of libpcap. It then uses new rule types to help iptables make pass or
drop decisions based on snort rules.  

%package        inline+flexresp
Summary:        Snort with Inline and Flexible Response support
Group:          Networking/Other
Requires:       iptables
Requires:       snort >= %{version}

%description    inline+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with inline+flexresp support. FlexResp allows snort to actively
close offending connections. Snort-Inline takes packets from iptables instead
of libpcap. It then uses new rule types to help iptables make pass or drop
decisions based on snort rules.  

%package        prelude
Summary:        Snort with Prelude support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    prelude
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with prelude support.

%package        prelude+flexresp
Summary:        Snort with Prelude and Flexible Response support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    prelude+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with prelude+flexresp support. FlexResp allows snort to actively
close offending connections.

%package        devel
Summary:        Snort development files
Group:          Networking/Other
Requires:       snort = %{version}

%description    devel
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

This are snort H files.


%prep

%setup -q
%patch0 -p1 -b .lib64
%patch1 -p1 -b .snortsam
%patch2 -p1 -b .plugins_fix
%patch5 -p0
%patch6 -p0
%patch7 -p1 -b .cflags
%patch8 -p1

%{__cat} configure.in|%{__sed} -r 's|AM_CONFIG_HEADER|AC_CONFIG_HEADERS|' >  configure.in.1
%{__rm} -f configure.in
%{__mv} configure.in.1 configure.in

# fix pid file path
/bin/echo "#define _PATH_VARRUN \"/run/%{name}\"" >> acconfig.h

%{__cp} -a %{SOURCE6} .

%build
%serverbuild
export WANT_AUTOCONF_2_5=1
rm -f configure
libtoolize --automake --copy --force --install; aclocal -I m4; autoheader; automake --foreign --add-missing --copy -f; autoconf -f

# build snort
rm -rf building && install -d -m 755 building && cd building
export CONFIGURE_TOP=../..
SNORT_BASE_CONFIG="--prefix=%{_prefix} \
    --libdir=%{_libdir} \
    --libexecdir=%{_libdir}/%{name} \
    --mandir=%{_mandir} \
    --sysconfdir=%{_sysconfdir}/%{name} \
    --disable-prelude \
    --enable-shared \
    --enable-pthread \
    --enable-dynamicplugin \
    --enable-perfprofiling \
    --enable-linux-smp-stats \
    --enable-control-socket \
    --disable-static-daq \
    --enable-ppm \
    --enable-decoder-preprocessor-rules \
    --cache-file=../../config.cache \
    --enable-reload \
    --enable-reload-error-restart \
    --enable-zlib \
    --enable-mpls \
    --enable-targetbased \
    --enable-perfprofiling \
    --enable-inline-init-failopen \
    --enable-active-response \
    --enable-normalizer \
    --enable-react \
    --enable-large-pcap \
    --with-daq-includes=%{_includedir} \
    --with-daq-libraries=%{_libdir}"

# Will be, when I port razorback into Mandriva/Mageia
#    --enable-rzb-saac"

# there are some strange configure errors
# when not doing a distclean between major builds.
# plain 
{
install -d -m 755 plain; cd plain
%configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-plain
#make distclean 
cd ..
}

# plain+flexresp
{
install -d -m 755 plain+flexresp; cd plain+flexresp
%configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-plain+flexresp
# make distclean 
cd ..
}

# mysql+flexresp
{
install -d -m 755 mysql+flexresp; cd mysql+flexresp
%configure $SNORT_BASE_CONFIG \
    --with-mysql-includes=%{_includedir} \
    --with-mysql-libraries=%{_libdir} \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-mysql+flexresp
# make distclean 
cd ..
}

# mysql
{
install -d -m 755 mysql; cd mysql
%configure $SNORT_BASE_CONFIG \
    --with-mysql-includes=%{_includedir} \
    --with-mysql-libraries=%{_libdir} \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-mysql
# make distclean 
cd ..
}

# postgresql+flexresp
{
install -d -m 755 postgresql+flexresp; cd postgresql+flexresp
%configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --with-postgresql=%{_prefix} \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-postgresql+flexresp
# make distclean 
cd ..
}

# postgresql
{
install -d -m 755 postgresql; cd postgresql
%configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --with-postgresql=%{_prefix} \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-postgresql
# make distclean 
cd ..
}

# bloat
{
install -d -m 755 bloat; cd bloat
%configure $SNORT_BASE_CONFIG \
    --with-mysql-includes=%{_includedir} \
    --with-mysql-libraries=%{_libdir} \
    --with-postgresql=%{_prefix} \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --with-openssl=%{_prefix} \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --with-inline --enable-inline \
    --with-libipq-includes=%{_includedir} \
    --with-libipq-libraries=%{_libdir} \
    --enable-prelude --with-libprelude-prefix=%{_prefix}
%make_build
mv src/%{name} ../%{name}-bloat
# make distclean
cd ..
}

# inline
{
install -d -m 755 inline; cd inline
%configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --with-inline --enable-inline \
    --with-libipq-includes=%{_includedir} \
    --with-libipq-libraries=%{_libdir}
%make_build
mv src/%{name} ../%{name}-inline
#make distclean 
cd ..
}

# inline+flexresp
{
install -d -m 755 inline+flexresp; cd inline+flexresp
%configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --with-inline --enable-inline \
    --with-libipq-includes=%{_includedir} \
    --with-libipq-libraries=%{_libdir}
%make_build
mv src/%{name} ../%{name}-inline+flexresp
#make distclean 
cd ..
}

# prelude+flexresp
{
install -d -m 755 prelude+flexresp; cd prelude+flexresp
%configure $SNORT_BASE_CONFIG \
    --enable-prelude --with-libprelude-prefix=%{_prefix} \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-prelude+flexresp
# make distclean 
cd ..
}

# prelude
{
install -d -m 755 prelude; cd prelude
%configure $SNORT_BASE_CONFIG \
    --enable-prelude --with-libprelude-prefix=%{_prefix} \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%make_build
mv src/%{name} ../%{name}-prelude
# make distclean 
cd ..
}

cd ..

## make the html versions of the faq and manual
#pushd doc
#    latex2html -info 0 -local_icons -show_section_numbers -link +2 -split +1 faq.tex
#    latex2html -info 0 -local_icons -show_section_numbers -link +2 -split +2 -noaddress snort_manual.tex
#    # cleanup
#    rm -f faq/WARNINGS faq/*.tex faq/*.idx faq/*.log faq/*.aux faq/*.pl
#    rm -f snort_manual/WARNINGS snort_manual/*.tex snort_manual/*.aux snort_manual/*.log snort_manual/*.pl
#popd

%install
install -d -m 755 %{buildroot}%{_sysconfdir}/%{name}/rules
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
install -d -m 755 %{buildroot}/var/log/%{name}/empty
install -d -m 755 %{buildroot}%{_sbindir}
install -d -m 755 %{buildroot}%{_initrddir}
install -d -m 755 %{buildroot}%{_mandir}/man8

%make_install -C building/plain

# cleanup
rm -f  %{buildroot}%{_bindir}/%{name}
rm -rf %{buildroot}%{_prefix}/src
rm -f  %{buildroot}%{_libdir}/libsf_sorules.{a,la}
rm -f  %{buildroot}%{_libdir}/%{name}/*.{a,la}
rm -f  %{buildroot}%{_libdir}/%{name}/dynamicengine/*.{a,la}
rm -f  %{buildroot}%{_libdir}/%{name}/dynamicpreprocessor/*.{a,la}
rm -f  %{buildroot}%{_libdir}/%{name}_dynamicpreprocessor/*.{a,la}
#rm -f %%{buildroot}%%{_libdir}/%%{name}/dynamicrules/*.{a,la}
rm -f  %{buildroot}%{_libdir}/%{name}/dynamic_preproc/*.{a,la}
rm -f  %{buildroot}%{_libdir}/%{name}/dynamic_output/*.{a,la}

{
pushd building
install -m 755 %{name}-plain %{buildroot}%{_sbindir}/%{name}-plain
install -m 755 %{name}-plain+flexresp %{buildroot}%{_sbindir}/%{name}-plain+flexresp
install -m 755 %{name}-mysql %{buildroot}%{_sbindir}/%{name}-mysql
install -m 755 %{name}-mysql+flexresp %{buildroot}%{_sbindir}/%{name}-mysql+flexresp
install -m 755 %{name}-postgresql %{buildroot}%{_sbindir}/%{name}-postgresql
install -m 755 %{name}-postgresql+flexresp %{buildroot}%{_sbindir}/%{name}-postgresql+flexresp
install -m 755 %{name}-bloat %{buildroot}%{_sbindir}/%{name}-bloat
install -m 755 %{name}-inline %{buildroot}%{_sbindir}/%{name}-inline
install -m 755 %{name}-inline+flexresp %{buildroot}%{_sbindir}/%{name}-inline+flexresp
install -m 755 %{name}-prelude %{buildroot}%{_sbindir}/%{name}-prelude
install -m 755 %{name}-prelude+flexresp %{buildroot}%{_sbindir}/%{name}-prelude+flexresp
popd
}

install %{name}.8* %{buildroot}%{_mandir}/man8
perl -pi -e "s|var RULE_PATH ../rules|var RULE_PATH rules|" etc/%{name}.conf

install -m0644 etc/*.conf %{buildroot}%{_sysconfdir}/%{name}/
install -m0644 etc/*.config %{buildroot}%{_sysconfdir}/%{name}/
install -m0644 etc/*.map %{buildroot}%{_sysconfdir}/%{name}/

install -m0755 %{SOURCE3} %{buildroot}%{_initrddir}/snort
install -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/%{name}

# strip rpath
chrpath -d %{buildroot}%{_sbindir}/%{name}-*

# fix libexecdir
perl -pi -e "s|/usr/local/lib/snort_|%{_libdir}/%{name}/|g" %{buildroot}%{_sysconfdir}/%{name}/snort.conf
perl -pi -e "s|/usr/local/lib/daq|%{_libdir}/daq|g" %{buildroot}%{_sysconfdir}/%{name}/snort.conf

mkdir -p %{buildroot}%{_tmpfilesdir}
cat <<EOF > %{buildroot}%{_tmpfilesdir}/%{name}.conf
d /run/snort 0755 snort snort
EOF

# cleanup
rm -rf %{buildroot}%{_datadir}/doc/snort

%pre
%_pre_useradd snort /var/log/snort /bin/false

%post
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-plain 10
%_tmpfilescreate %{name}
%_post_service snort

%preun
%_preun_service snort

%postun
%_postun_userdel snort
# remove the link if not upgrade
if [ $1 = 0 ]; then
    %{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-plain
fi

%post plain+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-plain+flexresp 11

%postun plain+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-plain+flexresp

%post mysql
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-mysql 12

%postun mysql
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-mysql

%post mysql+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-mysql+flexresp 13

%postun mysql+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-mysql+flexresp

%post postgresql
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-postgresql 14

%postun postgresql
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-postgresql

%post postgresql+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-postgresql+flexresp 15

%postun postgresql+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-postgresql+flexresp

%post bloat
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-bloat 16

%postun bloat
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-bloat

%post inline
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-inline 17

%postun inline
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-inline

%post inline+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-inline+flexresp 18

%postun inline+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-inline+flexresp

%post prelude
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-prelude 19

%postun prelude
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-prelude

%post prelude+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-prelude+flexresp 20

%postun prelude+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-prelude+flexresp

%files
%doc COPYING ChangeLog RELEASE.NOTES
%doc doc/AUTHORS doc/BUGS doc/CREDITS doc/generators doc/INSTALL doc/NEWS doc/PROBLEMS doc/README
%doc doc/README.alert_order doc/README.asn1 doc/README.csv 
%doc doc/README.dcerpc2 doc/README.decode doc/README.dns doc/README.event_queue 
%doc doc/README.flowbits doc/README.frag3 doc/README.daq doc/README.decoder_preproc_rules doc/README.reload
%doc doc/README.ftptelnet doc/README.gre doc/README.http_inspect doc/README.ipip doc/README.filters
%doc doc/README.ipv6 doc/README.pcap_readmode doc/README.PerfProfiling doc/README.PLUGINS doc/README.ppm
%doc doc/README.sfportscan doc/README.SMTP doc/README.ssh doc/README.ssl doc/README.multipleconfigs
%doc doc/README.stream5 doc/README.tag doc/README.thresholding doc/README.UNSOCK doc/README.variables
%doc doc/README.WIN32 doc/TODO doc/USAGE doc/WISHLIST doc/README.active 
%doc doc/README.sensitive_data 
%doc doc/*.pdf doc/*.tex
#doc %%doc doc/CRYPTIX-LICENSE.TXT doc/README.sam
# latex2html is borked...
#doc  doc/snort_manual doc/faq
%{_sbindir}/%{name}-plain
%{_bindir}/u2boat
%{_bindir}/u2spewfoo
%{_bindir}/snort_control
%{_bindir}/snort_dump_packets_control
%{_bindir}/appid_detector_builder.sh
%{_bindir}/u2openappid
%{_bindir}/u2streamer
%{_mandir}/man8/%{name}.8*
%attr(0755,snort,snort) %dir /var/log/%{name}
%attr(0755,snort,snort) %dir /var/log/%{name}/empty
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/rules
%config(noreplace) %{_sysconfdir}/%{name}/*.config
%config(noreplace) %{_sysconfdir}/%{name}/threshold.conf
%config(noreplace) %{_sysconfdir}/%{name}/*.map
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/%{name}/file_magic.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%{_tmpfilesdir}/%{name}.conf
%{_initrddir}/snort
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/dynamicengine
%dir %{_libdir}/%{name}/dynamicpreprocessor
#dir %%{_libdir}/%%{name}/dynamicrules
%{_libdir}/%{name}/dynamicengine/libsf_engine.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_dce2_preproc.so
#attr(0755,root,root) %%{_libdir}/%%{name}/dynamicpreprocessor/libsf_dcerpc_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_dns_preproc.so
#{_libdir}/%%{name}/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_ftptelnet_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_smtp_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_ssh_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_ssl_preproc.so
#{_libdir}/%%{name}/dynamicrules/lib_sfdynamic_example_rule.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_sdf_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_imap_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_pop_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_reputation_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_sip_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_dnp3_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_gtp_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_modbus_preproc.so
%{_libdir}/%{name}/dynamicpreprocessor/libsf_appid_preproc.so
%{_libdir}/%{name}_dynamicpreprocessor/libsf_s7commplus_preproc.so*
%{_libdir}/libsf_sorules.so.*

%files plain+flexresp
%{_sbindir}/%{name}-plain+flexresp

%files mysql
#doc schemas/create_mysql
%{_sbindir}/%{name}-mysql

%files mysql+flexresp
#doc schemas/create_mysql
%{_sbindir}/%{name}-mysql+flexresp

%files postgresql
#doc schemas/create_postgresql
%{_sbindir}/%{name}-postgresql

%files postgresql+flexresp
#doc schemas/create_postgresql
%{_sbindir}/%{name}-postgresql+flexresp

%files bloat
%{_sbindir}/%{name}-bloat

%files inline
%{_sbindir}/%{name}-inline

%files inline+flexresp
%{_sbindir}/%{name}-inline+flexresp

%files prelude
%{_sbindir}/%{name}-prelude

%files prelude+flexresp
%{_sbindir}/%{name}-prelude+flexresp

%files devel
%{_libdir}/libsf_sorules.so
%{_libdir}/pkgconfig/snort.pc
%{_libdir}/pkgconfig/snort_preproc.pc
%{_libdir}/pkgconfig/snort_output.pc
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/dynamic_preproc/
%{_includedir}/%{name}/dynamic_output/