diff options
author | Guillermo Gomez S. (Gomix) <guillermo.gomez@gmail.com> | 2010-02-04 14:46:28 -0430 |
---|---|---|
committer | Guillermo Gomez S. (Gomix) <guillermo.gomez@gmail.com> | 2010-02-04 14:46:28 -0430 |
commit | 730ad67c08cffd4af07be0340f1154f4d5bfa54f (patch) | |
tree | a9345bfef7b7326636a85bb61e041980eb9f2b9c | |
parent | 83265c31f1ef014e1dce8ada38582a3608d69d5a (diff) | |
download | fwsnort-730ad67c08cffd4af07be0340f1154f4d5bfa54f.tar.gz fwsnort-730ad67c08cffd4af07be0340f1154f4d5bfa54f.tar.xz fwsnort-730ad67c08cffd4af07be0340f1154f4d5bfa54f.zip |
Description en el spec reducida
-rw-r--r-- | 1.0.6-4/fwsnort-1.0.6-4.fc12.src.rpm | bin | 0 -> 545926 bytes | |||
-rw-r--r-- | 1.0.6-4/fwsnort.spec | 102 | ||||
-rw-r--r-- | fwsnort-1.0.6-4.fc12.src.rpm | bin | 0 -> 545926 bytes | |||
-rw-r--r-- | fwsnort.spec | 35 |
4 files changed, 114 insertions, 23 deletions
diff --git a/1.0.6-4/fwsnort-1.0.6-4.fc12.src.rpm b/1.0.6-4/fwsnort-1.0.6-4.fc12.src.rpm Binary files differnew file mode 100644 index 0000000..8e1da7a --- /dev/null +++ b/1.0.6-4/fwsnort-1.0.6-4.fc12.src.rpm diff --git a/1.0.6-4/fwsnort.spec b/1.0.6-4/fwsnort.spec new file mode 100644 index 0000000..00d8fb6 --- /dev/null +++ b/1.0.6-4/fwsnort.spec @@ -0,0 +1,102 @@ +%global fwsnortlogdir /var/log/fwsnort + +### get the first @INC directory that includes the string "linux". +### This may be 'i386-linux', or 'i686-linux-thread-multi', etc. +%define fwsnortmoddir `perl -e '$path='i386-linux'; for (@INC) { if($_ =~ m|.*/(.*linux.*)|) {$path = $1; last; }} print $path'` + +Summary: Translates Snort rules into equivalent iptables rules +Name: fwsnort +Version: 1.0.6 +Release: 4%{?dist} +License: GPLv2+ +Group: System Environment/Daemons +Url: http://www.cipherdyne.org/fwsnort/ +Source0: http://www.cipherdyne.org/fwsnort/download/fwsnort-1.0.6.tar.gz +Source1: logrotate.fwsnort +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch +Requires: iptables,perl-Net-IPv4Addr, perl-IPTables-Parse, perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description +fwsnort translates Snort rules into equivalent iptables rules and generates +a Bourne shell script that implements the resulting iptables commands. + +In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the +iptables ruleset on the machine to determine which Snort rules are applicable +to the specific iptables policy. + +fwsnort is able to translate approximately 60% of all rules from the +Snort-2.3.3 IDS into equivalent iptables rules. + +%prep +%setup -q +mv deps/snort_rules/VERSION SNORT-RULES-VERSION +cp -p %SOURCE1 . + +%build + +%install +rm -rf $RPM_BUILD_ROOT +### log directory +mkdir -p $RPM_BUILD_ROOT%fwsnortlogdir + +### fwsnort config +mkdir -p $RPM_BUILD_ROOT%_sysconfdir/fwsnort + +mkdir -p $RPM_BUILD_ROOT%_bindir +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 +mkdir -p $RPM_BUILD_ROOT%_sbindir + +install -m 755 fwsnort $RPM_BUILD_ROOT%_sbindir/ +install -m 644 fwsnort.conf $RPM_BUILD_ROOT%_sysconfdir/fwsnort/ +install -m 644 fwsnort.8 $RPM_BUILD_ROOT%{_mandir}/man8/ + +### install snort rules files +cp -r deps/snort_rules $RPM_BUILD_ROOT%_sysconfdir/fwsnort + +mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d +install -p -m 644 logrotate.fwsnort $RPM_BUILD_ROOT/etc/logrotate.d/fwsnort + +%clean +rm -rf $RPM_BUILD_ROOT + +#%pre +### not used + +%post +### not used + +%preun +### not used + +%files +%defattr(-,root,root) +%doc LICENSE VERSION README CREDITS TODO SNORT-RULES-VERSION +%dir %fwsnortlogdir +%_sbindir/* +%{_mandir}/man8/* + +%dir %_sysconfdir/fwsnort +%config(noreplace) %_sysconfdir/fwsnort/fwsnort.conf + +%dir %_sysconfdir/logrotate.d +%config(noreplace) %_sysconfdir/logrotate.d/fwsnort + +%dir %_sysconfdir/fwsnort/snort_rules +%config(noreplace) %_sysconfdir/fwsnort/snort_rules/* + +%changelog +* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-4 +- Description shortened + +* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-3 +- License adjusted to GPLv2+ + +* Wed Feb 03 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-2 +- documentation included, LICENSE VERSION README CREDITS TODO + SNORT-RULES-VERSION + +* Sat Jan 2 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-1 +- First Fedora spec compliant version, several modifications +- No deps included +- Free snort rules included diff --git a/fwsnort-1.0.6-4.fc12.src.rpm b/fwsnort-1.0.6-4.fc12.src.rpm Binary files differnew file mode 100644 index 0000000..8e1da7a --- /dev/null +++ b/fwsnort-1.0.6-4.fc12.src.rpm diff --git a/fwsnort.spec b/fwsnort.spec index c0dcb44..00d8fb6 100644 --- a/fwsnort.spec +++ b/fwsnort.spec @@ -7,7 +7,7 @@ Summary: Translates Snort rules into equivalent iptables rules Name: fwsnort Version: 1.0.6 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Daemons Url: http://www.cipherdyne.org/fwsnort/ @@ -19,28 +19,14 @@ Requires: iptables,perl-Net-IPv4Addr, perl-IPTables-Parse, perl(:MODULE_COMPAT_% %description fwsnort translates Snort rules into equivalent iptables rules and generates -a Bourne shell script that implements the resulting iptables commands. This -ruleset allows network traffic that exhibits Snort signatures to be logged -and/or dropped by iptables directly without putting any interface into -promiscuous mode or queuing packets from kernel to user space. In addition, -fwsnort (optionally) uses the IPTables::Parse module to parse the iptables -ruleset on the machine to determine which Snort rules are applicable to the -specific iptables policy. After all, if iptables is blocking all inbound -http traffic from external addresses, it is probably not of much use to try -detecting inbound attacks against against tcp/80. By default fwsnort -generates iptables rules that log Snort sid's with --log-prefix to klogd -where the messages can be analyzed with a log watcher such as logwatch or -psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables -string match module to match Snort content fields in the application portion -of ip traffic. Since Snort rules can contain hex data in content fields, -fwsnort implements a patch against iptables-1.2.7a which adds a -"--hex-string" option which will accept content fields such as -"|0d0a5b52504c5d3030320d0a|". fwsnort is able to translate approximately 60% -of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. For -more information about the translation strategy as well as -advantages/disadvantages of the method used by fwsnort to obtain intrusion -detection data, see the README included with the fwsnort sources or browse -to: http://www.cipherdyne.org/fwsnort/ +a Bourne shell script that implements the resulting iptables commands. + +In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the +iptables ruleset on the machine to determine which Snort rules are applicable +to the specific iptables policy. + +fwsnort is able to translate approximately 60% of all rules from the +Snort-2.3.3 IDS into equivalent iptables rules. %prep %setup -q @@ -100,6 +86,9 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %_sysconfdir/fwsnort/snort_rules/* %changelog +* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-4 +- Description shortened + * Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-3 - License adjusted to GPLv2+ |