current/SPECS/snort.spec

Summary:        An Intrusion Detection System (IDS)
Name:           snort
Version:        2.9.0.3
Release:        %mkrel 4
License:        GPLv2
Group:          Networking/Other
URL:            http://www.snort.org/
Source0:        http://www.snort.org/dl/current/%{name}-%{version}.tar.gz
#Source1:       http://www.snort.org/dl/current/%{name}-%{version}.tar.gz.sig
Source3:        snort.init
Source4:        snort.logrotate
Source5:        snort.sysconfig
Source6:        snortdb-extra
Patch0:         snort-lib64.diff
# (oe) http://www.inliniac.net/files/
Patch1:         snortsam-2.9.0-dlucio.diff
Patch2:         snort-2.9.0-plugins_fix.diff
Patch3:         snort-2.8.5-werror_antibork.diff
Patch4:         snort-2.8.5-missing-header.patch
Requires(post): rpm-helper snort-rules
Requires(preun): rpm-helper snort-rules
Requires(pre): rpm-helper
Requires(postun): rpm-helper
Requires:       pcre
Requires:       pcap
Requires:       snort-rules
BuildRequires:  autoconf2.5
BuildRequires:  automake
BuildRequires:  pcap-devel
BuildRequires:  mysql-devel
BuildRequires:  openssl-devel
BuildRequires:  postgresql-devel
BuildRequires:  texinfo
BuildRequires:  zlib-devel
BuildRequires:  pcre-devel
BuildRequires:  dnet-devel
BuildRequires:  net1.0-devel
BuildRequires:  chrpath
BuildRequires:  iptables-devel
BuildRequires:  flex
BuildRequires:  bison
BuildRequires:  latex2html
BuildRequires:  gnutls-devel
BuildRequires:  prelude-devel
BuildRequires:  iptables-ipq-devel
BuildRequires:  daq-devel
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Suggests:       snortsam

%description
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

This rpm is different from previous rpms and while it will not clobber
your current snort file, you will need to modify it.

There are 9 different packages available

All of them require the base snort rpm.  Additionally, you will need
to chose a binary to install.

%{_sbindir}/snort should end up being a symlink to a binary in one of
the following configurations. We use update-alternatives for this.
Here are the different packages along with their priorities.

plain(10)               plain+flexresp(11)              mysql(12)
mysql+flexresp(13)      postgresql(14)                  postgresql+flexresp(15)
bloat(16)               inline(17)                      inline+flexresp(18)
prelude(19)             prelude+flexresp(20)

Please see the documentation in %{_docdir}/%{name}

%package        plain+flexresp
Summary:        Snort with Flexible Response
Group:          Networking/Other
Requires:       snort >= %{version}

%description    plain+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with flexresp support. FlexResp allows snort to actively close
offending connections.

%package        mysql
Summary:        Snort with MySQL database support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    mysql
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with mysql support.

%package        mysql+flexresp
Summary:        Snort with MySQL database and Flexible Response support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    mysql+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with mysql+flexresp support. FlexResp allows snort to actively
close offending connections.

%package        postgresql
Summary:        Snort with PostgreSQL database support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    postgresql
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with postgresql support. 

%package        postgresql+flexresp
Summary:        Snort with PostgreSQL database and Flexible Response support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    postgresql+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with postgresql+flexresp support. FlexResp allows snort to
actively close offending connections.

%package        bloat
Summary:        Snort with flexresp+mysql+postgresql+inline+prelude support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    bloat
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with flexresp+mysql+postgresql+inline+prelude support.

%package        inline
Summary:        Snort with Inline support
Group:          Networking/Other
Requires:       iptables
Requires:       snort >= %{version}

%description    inline
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with inline support. Snort-Inline takes packets from iptables
instead of libpcap. It then uses new rule types to help iptables make pass or
drop decisions based on snort rules.  

%package        inline+flexresp
Summary:        Snort with Inline and Flexible Response support
Group:          Networking/Other
Requires:       iptables
Requires:       snort >= %{version}

%description    inline+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with inline+flexresp support. FlexResp allows snort to actively
close offending connections. Snort-Inline takes packets from iptables instead
of libpcap. It then uses new rule types to help iptables make pass or drop
decisions based on snort rules.  

%package        prelude
Summary:        Snort with Prelude support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    prelude
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with prelude support.

%package        prelude+flexresp
Summary:        Snort with Prelude and Flexible Response support
Group:          Networking/Other
Requires:       snort >= %{version}

%description    prelude+flexresp
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient

Snort compiled with prelude+flexresp support. FlexResp allows snort to actively
close offending connections.

%prep

%setup -q -n %{name}-%{version}
%patch0 -p0 -b .lib64
%patch1 -p1 -b .snortsam
%patch2 -p1 -b .plugins_fix
%patch3 -p0 -b .werror_antibork
#%patch4 -p1

# fix pid file path
/bin/echo "#define _PATH_VARRUN \"%{_var}/run/%{name}\"" >> acconfig.h

%{__cp} -a %{SOURCE6} .

%build
%serverbuild
export WANT_AUTOCONF_2_5=1
rm -f configure
libtoolize --automake --copy --force; aclocal -I m4; autoheader; automake --foreign --add-missing --copy; autoconf

# build snort
%{__rm} -rf building && %{__mkdir_p} building && cd building
SNORT_BASE_CONFIG="--prefix=%{_prefix} \
    --libdir=%{_libdir} \
    --libexecdir=%{_libdir}/%{name} \
    --mandir=%{_mandir} \
    --sysconfdir=%{_sysconfdir}/%{name} \
    --disable-prelude \
    --enable-shared \
    --enable-pthread \
    --enable-dynamicplugin \
    --enable-perfprofiling \
    --enable-linux-smp-stats \
    --disable-static-daq \
    --enable-ppm \
    --enable-decoder-preprocessor-rules \
    --cache-file=../../config.cache \
    --enable-reload \
    --enable-reload-error-restart \
    --enable-zlib \
    --enable-mpls \
    --enable-targetbased \
    --enable-perfprofiling \
    --enable-active-response \
    --enable-normalizer \
    --enable-react \
    --with-daq-includes=%{_includedir} \
    --with-daq-libraries=%{_libdir}"

# there are some strange configure errors
# when not doing a distclean between major builds.
# plain 
{
%{__mkdir_p} plain; cd plain
../../configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-plain
#%{__make} distclean 
cd ..
}

# plain+flexresp
{
%{__mkdir_p} plain+flexresp; cd plain+flexresp
../../configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-plain+flexresp
# %{__make} distclean 
cd ..
}

# mysql+flexresp
{
%{__mkdir_p} mysql+flexresp; cd mysql+flexresp
../../configure $SNORT_BASE_CONFIG \
    --with-mysql-includes=%{_includedir} \
    --with-mysql-libraries=%{_libdir} \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-mysql+flexresp
# %{__make} distclean 
cd ..
}

# mysql
{
%{__mkdir_p} mysql; cd mysql
../../configure $SNORT_BASE_CONFIG \
    --with-mysql-includes=%{_includedir} \
    --with-mysql-libraries=%{_libdir} \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-mysql
# %{__make} distclean 
cd ..
}

# postgresql+flexresp
{
%{__mkdir_p} postgresql+flexresp; cd postgresql+flexresp
../../configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --with-postgresql=%{_prefix} \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-postgresql+flexresp
# %{__make} distclean 
cd ..
}

# postgresql
{
%{__mkdir_p} postgresql; cd postgresql
../../configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --with-postgresql=%{_prefix} \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-postgresql
# %{__make} distclean 
cd ..
}

# bloat
{
%{__mkdir_p} bloat; cd bloat
../../configure $SNORT_BASE_CONFIG \
    --with-mysql-includes=%{_includedir} \
    --with-mysql-libraries=%{_libdir} \
    --with-postgresql=%{_prefix} \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --with-openssl=%{_prefix} \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --with-inline --enable-inline \
    --with-libipq-includes=%{_includedir} \
    --with-libipq-libraries=%{_libdir} \
    --enable-prelude --with-libprelude-prefix=%{_prefix}
%{__make}
%{__mv} src/%{name} ../%{name}-bloat
# %{__make} distclean
cd ..
}

# inline
{
%{__mkdir_p} inline; cd inline
../../configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --with-inline --enable-inline \
    --with-libipq-includes=%{_includedir} \
    --with-libipq-libraries=%{_libdir}
%{__make}
%{__mv} src/%{name} ../%{name}-inline
#%{__make} distclean 
cd ..
}

# inline+flexresp
{
%{__mkdir_p} inline+flexresp; cd inline+flexresp
../../configure $SNORT_BASE_CONFIG \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --with-inline --enable-inline \
    --with-libipq-includes=%{_includedir} \
    --with-libipq-libraries=%{_libdir}
%{__make}
%{__mv} src/%{name} ../%{name}-inline+flexresp
#%{__make} distclean 
cd ..
}

# prelude+flexresp
{
%{__mkdir_p} prelude+flexresp; cd prelude+flexresp
../../configure $SNORT_BASE_CONFIG \
    --enable-prelude --with-libprelude-prefix=%{_prefix} \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --enable-flexresp3 \
    --with-dnet-includes=%{_includedir} \
    --with-dnet-libraries=%{_libdir} \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-prelude+flexresp
# %{__make} distclean 
cd ..
}

# prelude
{
%{__mkdir_p} prelude; cd prelude
../../configure $SNORT_BASE_CONFIG \
    --enable-prelude --with-libprelude-prefix=%{_prefix} \
    --without-mysql --disable-mysql \
    --without-postgresql --disable-postgresql \
    --without-oracle --disable-oracle \
    --without-odbc --disable-odbc \
    --without-inline --disable-inline
%{__make}
%{__mv} src/%{name} ../%{name}-prelude
# %{__make} distclean 
cd ..
}

cd ..

## make the html versions of the faq and manual
#pushd doc
#    latex2html -info 0 -local_icons -show_section_numbers -link +2 -split +1 faq.tex
#    latex2html -info 0 -local_icons -show_section_numbers -link +2 -split +2 -noaddress snort_manual.tex
#    # cleanup
#    %{__rm} -f faq/WARNINGS faq/*.tex faq/*.idx faq/*.log faq/*.aux faq/*.pl
#    %{__rm} -f snort_manual/WARNINGS snort_manual/*.tex snort_manual/*.aux snort_manual/*.log snort_manual/*.pl
#popd

%install
%{__rm} -rf %{buildroot} 

%{__mkdir_p} %{buildroot}%{_sysconfdir}/%{name}/rules
%{__mkdir_p} %{buildroot}%{_sysconfdir}/sysconfig
%{__mkdir_p} %{buildroot}%{_sysconfdir}/logrotate.d
%{__mkdir_p} %{buildroot}/var/log/%{name}/empty
%{__mkdir_p} %{buildroot}/var/run/%{name}
%{__mkdir_p} %{buildroot}%{_sbindir}
%{__mkdir_p} %{buildroot}%{_initrddir}
%{__mkdir_p} %{buildroot}%{_mandir}/man8

%{makeinstall_std} -C building/plain

# cleanup
%{__rm} -f %{buildroot}%{_bindir}/%{name}
%{__rm} -rf %{buildroot}%{_prefix}/src
%{__rm} -f %{buildroot}%{_libdir}/%{name}/dynamicengine/*.{a,la}
%{__rm} -f %{buildroot}%{_libdir}/%{name}/dynamicpreprocessor/*.{a,la}
#%{__rm} -f %{buildroot}%{_libdir}/%{name}/dynamicrules/*.{a,la}

{
pushd building
%{__install} %{name}-plain %{buildroot}%{_sbindir}/%{name}-plain
%{__install} %{name}-plain+flexresp %{buildroot}%{_sbindir}/%{name}-plain+flexresp
%{__install} %{name}-mysql %{buildroot}%{_sbindir}/%{name}-mysql
%{__install} %{name}-mysql+flexresp %{buildroot}%{_sbindir}/%{name}-mysql+flexresp
%{__install} %{name}-postgresql %{buildroot}%{_sbindir}/%{name}-postgresql
%{__install} %{name}-postgresql+flexresp %{buildroot}%{_sbindir}/%{name}-postgresql+flexresp
%{__install} %{name}-bloat %{buildroot}%{_sbindir}/%{name}-bloat
%{__install} %{name}-inline %{buildroot}%{_sbindir}/%{name}-inline
%{__install} %{name}-inline+flexresp %{buildroot}%{_sbindir}/%{name}-inline+flexresp
%{__install} %{name}-prelude %{buildroot}%{_sbindir}/%{name}-prelude
%{__install} %{name}-prelude+flexresp %{buildroot}%{_sbindir}/%{name}-prelude+flexresp
popd
}

%{__install} %{name}.8* %{buildroot}%{_mandir}/man8
%{__perl} -pi -e "s|var RULE_PATH ../rules|var RULE_PATH rules|" etc/%{name}.conf

%{__install} -m0644 etc/*.conf %{buildroot}%{_sysconfdir}/%{name}/
%{__install} -m0644 etc/*.config %{buildroot}%{_sysconfdir}/%{name}/
%{__install} -m0644 etc/*.map %{buildroot}%{_sysconfdir}/%{name}/

%{__install} -m0755 %{SOURCE3} %{buildroot}%{_initrddir}/snort
%{__install} -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%{__install} -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/%{name}

# strip rpath
chrpath -d %{buildroot}%{_sbindir}/%{name}-*

# fix libexecdir
%{__perl} -pi -e "s|/usr/local/lib/snort_|%{_libdir}/%{name}/|g" %{buildroot}%{_sysconfdir}/%{name}/snort.conf

%pre
%_pre_useradd snort /var/log/snort /bin/false

%post
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-plain 10
%_post_service snort

%preun
%_preun_service snort

%postun
%_postun_userdel snort
# remove the link if not upgrade
if [ $1 = 0 ]; then
    %{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-plain
fi

%post plain+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-plain+flexresp 11

%postun plain+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-plain+flexresp

%post mysql
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-mysql 12

%postun mysql
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-mysql

%post mysql+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-mysql+flexresp 13

%postun mysql+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-mysql+flexresp

%post postgresql
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-postgresql 14

%postun postgresql
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-postgresql

%post postgresql+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-postgresql+flexresp 15

%postun postgresql+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-postgresql+flexresp

%post bloat
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-bloat 16

%postun bloat
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-bloat

%post inline
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-inline 17

%postun inline
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-inline

%post inline+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-inline+flexresp 18

%postun inline+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-inline+flexresp

%post prelude
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-prelude 19

%postun prelude
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-prelude

%post prelude+flexresp
%{_sbindir}/update-alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-prelude+flexresp 20

%postun prelude+flexresp
%{_sbindir}/update-alternatives --remove %{name} %{_sbindir}/%{name}-prelude+flexresp

%clean
%{__rm} -rf %{buildroot} 

%files
%defattr(-,root,root)
%doc COPYING ChangeLog RELEASE.NOTES
%doc doc/AUTHORS doc/BUGS doc/CREDITS doc/generators doc/INSTALL doc/NEWS doc/PROBLEMS doc/README
%doc doc/README.alert_order doc/README.ARUBA doc/README.asn1 doc/README.csv doc/README.database
%doc doc/README.dcerpc2 doc/README.decode doc/README.dns doc/README.event_queue 
%doc doc/README.flowbits doc/README.frag3 doc/README.daq doc/README.decoder_preproc_rules doc/README.reload
%doc doc/README.ftptelnet doc/README.gre doc/README.http_inspect doc/README.ipip doc/README.filters
%doc doc/README.ipv6 doc/README.pcap_readmode doc/README.PerfProfiling doc/README.PLUGINS doc/README.ppm
%doc doc/README.sfportscan doc/README.SMTP doc/README.ssh doc/README.ssl doc/README.multipleconfigs
%doc doc/README.stream5 doc/README.tag doc/README.thresholding doc/README.UNSOCK doc/README.variables
%doc doc/README.WIN32 doc/TODO doc/USAGE doc/WISHLIST doc/README.active 
%doc doc/README.sensitive_data 
%doc doc/*.pdf doc/*.tex
#%doc %doc doc/CRYPTIX-LICENSE.TXT doc/README.sam
# latex2html is borked...
#%doc  doc/snort_manual doc/faq
%attr(0755,root,root) %{_sbindir}/%{name}-plain
%attr(0755,root,root) %{_bindir}/u2boat
%attr(0755,root,root) %{_bindir}/u2spewfoo
%attr(0755,root,root) %{_mandir}/man8/%{name}.8*
%attr(0755,snort,snort) %dir /var/log/%{name}
%attr(0755,snort,snort) %dir /var/log/%{name}/empty
%attr(0755,snort,snort) %dir /var/run/%{name}
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}/rules
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*.config
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/threshold.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*.map
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%attr(0755,root,root) %{_initrddir}/snort
%attr(0755,root,root) %dir %{_libdir}/pkgconfig
%attr(0644,root,root) %{_libdir}/pkgconfig/snort.pc
%attr(0755,root,root) %dir %{_libdir}/%{name}
%attr(0755,root,root) %dir %{_libdir}/%{name}/dynamicengine
%attr(0755,root,root) %dir %{_libdir}/%{name}/dynamicpreprocessor
#%attr(0755,root,root) %dir %{_libdir}/%{name}/dynamicrules
%attr(0755,root,root) %{_libdir}/%{name}/dynamicengine/libsf_engine.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_dce2_preproc.so
#attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_dcerpc_preproc.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_dns_preproc.so
#%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_ftptelnet_preproc.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_smtp_preproc.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_ssh_preproc.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_ssl_preproc.so
#%attr(0755,root,root) %{_libdir}/%{name}/dynamicrules/lib_sfdynamic_example_rule.so
%attr(0755,root,root) %{_libdir}/%{name}/dynamicpreprocessor/libsf_sdf_preproc.so


%files plain+flexresp
%defattr(-,root,root)
%attr(0755,root,root) %{_sbindir}/%{name}-plain+flexresp

%files mysql
%defattr(-,root,root)
%doc schemas/create_mysql
%attr(0755,root,root) %{_sbindir}/%{name}-mysql

%files mysql+flexresp
%defattr(-,root,root)
%doc schemas/create_mysql
%attr(0755,root,root) %{_sbindir}/%{name}-mysql+flexresp

%files postgresql
%defattr(-,root,root)
%doc schemas/create_postgresql
%attr(0755,root,root) %{_sbindir}/%{name}-postgresql

%files postgresql+flexresp
%defattr(-,root,root)
%doc schemas/create_postgresql
%attr(0755,root,root) %{_sbindir}/%{name}-postgresql+flexresp

%files bloat
%defattr(-,root,root)
%attr(0755,root,root) %{_sbindir}/%{name}-bloat

%files inline
%defattr(-,root,root)
%attr(0755,root,root) %{_sbindir}/%{name}-inline

%files inline+flexresp
%defattr(-,root,root)
%attr(0755,root,root) %{_sbindir}/%{name}-inline+flexresp

%files prelude
%defattr(-,root,root)
%attr(0755,root,root) %{_sbindir}/%{name}-prelude

%files prelude+flexresp
%defattr(-,root,root)
%attr(0755,root,root) %{_sbindir}/%{name}-prelude+flexresp

