diff options
author | Guillermo Gomez S. (Gomix) <guillermo.gomez@gmail.com> | 2010-02-04 14:06:43 -0430 |
---|---|---|
committer | Guillermo Gomez S. (Gomix) <guillermo.gomez@gmail.com> | 2010-02-04 14:06:43 -0430 |
commit | a72c26efb228adef090020c47b6eb95e485b230c (patch) | |
tree | f043b0a7be19db8579dc4f0b75f2db7289045755 | |
parent | 2556168c4feb9c7b1731df0feb34b3263039711d (diff) | |
download | fwsnort-a72c26efb228adef090020c47b6eb95e485b230c.tar.gz fwsnort-a72c26efb228adef090020c47b6eb95e485b230c.tar.xz fwsnort-a72c26efb228adef090020c47b6eb95e485b230c.zip |
Release 3, License ajustada a derecho :)
Esta versión puede ser la que vea la luz.
-rw-r--r-- | 1.0.6-3/fwsnort-1.0.6-3.fc12.noarch.rpm | bin | 0 -> 465144 bytes | |||
-rw-r--r-- | 1.0.6-3/fwsnort.spec | 113 | ||||
-rw-r--r-- | fwsnort-1.0.6-3.fc12.noarch.rpm | bin | 0 -> 465144 bytes | |||
-rw-r--r-- | fwsnort.spec | 7 |
4 files changed, 118 insertions, 2 deletions
diff --git a/1.0.6-3/fwsnort-1.0.6-3.fc12.noarch.rpm b/1.0.6-3/fwsnort-1.0.6-3.fc12.noarch.rpm Binary files differnew file mode 100644 index 0000000..3f60787 --- /dev/null +++ b/1.0.6-3/fwsnort-1.0.6-3.fc12.noarch.rpm diff --git a/1.0.6-3/fwsnort.spec b/1.0.6-3/fwsnort.spec new file mode 100644 index 0000000..c0dcb44 --- /dev/null +++ b/1.0.6-3/fwsnort.spec @@ -0,0 +1,113 @@ +%global fwsnortlogdir /var/log/fwsnort + +### get the first @INC directory that includes the string "linux". +### This may be 'i386-linux', or 'i686-linux-thread-multi', etc. +%define fwsnortmoddir `perl -e '$path='i386-linux'; for (@INC) { if($_ =~ m|.*/(.*linux.*)|) {$path = $1; last; }} print $path'` + +Summary: Translates Snort rules into equivalent iptables rules +Name: fwsnort +Version: 1.0.6 +Release: 3%{?dist} +License: GPLv2+ +Group: System Environment/Daemons +Url: http://www.cipherdyne.org/fwsnort/ +Source0: http://www.cipherdyne.org/fwsnort/download/fwsnort-1.0.6.tar.gz +Source1: logrotate.fwsnort +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch +Requires: iptables,perl-Net-IPv4Addr, perl-IPTables-Parse, perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description +fwsnort translates Snort rules into equivalent iptables rules and generates +a Bourne shell script that implements the resulting iptables commands. This +ruleset allows network traffic that exhibits Snort signatures to be logged +and/or dropped by iptables directly without putting any interface into +promiscuous mode or queuing packets from kernel to user space. In addition, +fwsnort (optionally) uses the IPTables::Parse module to parse the iptables +ruleset on the machine to determine which Snort rules are applicable to the +specific iptables policy. After all, if iptables is blocking all inbound +http traffic from external addresses, it is probably not of much use to try +detecting inbound attacks against against tcp/80. By default fwsnort +generates iptables rules that log Snort sid's with --log-prefix to klogd +where the messages can be analyzed with a log watcher such as logwatch or +psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables +string match module to match Snort content fields in the application portion +of ip traffic. Since Snort rules can contain hex data in content fields, +fwsnort implements a patch against iptables-1.2.7a which adds a +"--hex-string" option which will accept content fields such as +"|0d0a5b52504c5d3030320d0a|". fwsnort is able to translate approximately 60% +of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. For +more information about the translation strategy as well as +advantages/disadvantages of the method used by fwsnort to obtain intrusion +detection data, see the README included with the fwsnort sources or browse +to: http://www.cipherdyne.org/fwsnort/ + +%prep +%setup -q +mv deps/snort_rules/VERSION SNORT-RULES-VERSION +cp -p %SOURCE1 . + +%build + +%install +rm -rf $RPM_BUILD_ROOT +### log directory +mkdir -p $RPM_BUILD_ROOT%fwsnortlogdir + +### fwsnort config +mkdir -p $RPM_BUILD_ROOT%_sysconfdir/fwsnort + +mkdir -p $RPM_BUILD_ROOT%_bindir +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 +mkdir -p $RPM_BUILD_ROOT%_sbindir + +install -m 755 fwsnort $RPM_BUILD_ROOT%_sbindir/ +install -m 644 fwsnort.conf $RPM_BUILD_ROOT%_sysconfdir/fwsnort/ +install -m 644 fwsnort.8 $RPM_BUILD_ROOT%{_mandir}/man8/ + +### install snort rules files +cp -r deps/snort_rules $RPM_BUILD_ROOT%_sysconfdir/fwsnort + +mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d +install -p -m 644 logrotate.fwsnort $RPM_BUILD_ROOT/etc/logrotate.d/fwsnort + +%clean +rm -rf $RPM_BUILD_ROOT + +#%pre +### not used + +%post +### not used + +%preun +### not used + +%files +%defattr(-,root,root) +%doc LICENSE VERSION README CREDITS TODO SNORT-RULES-VERSION +%dir %fwsnortlogdir +%_sbindir/* +%{_mandir}/man8/* + +%dir %_sysconfdir/fwsnort +%config(noreplace) %_sysconfdir/fwsnort/fwsnort.conf + +%dir %_sysconfdir/logrotate.d +%config(noreplace) %_sysconfdir/logrotate.d/fwsnort + +%dir %_sysconfdir/fwsnort/snort_rules +%config(noreplace) %_sysconfdir/fwsnort/snort_rules/* + +%changelog +* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-3 +- License adjusted to GPLv2+ + +* Wed Feb 03 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-2 +- documentation included, LICENSE VERSION README CREDITS TODO + SNORT-RULES-VERSION + +* Sat Jan 2 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-1 +- First Fedora spec compliant version, several modifications +- No deps included +- Free snort rules included diff --git a/fwsnort-1.0.6-3.fc12.noarch.rpm b/fwsnort-1.0.6-3.fc12.noarch.rpm Binary files differnew file mode 100644 index 0000000..3f60787 --- /dev/null +++ b/fwsnort-1.0.6-3.fc12.noarch.rpm diff --git a/fwsnort.spec b/fwsnort.spec index bd1498b..c0dcb44 100644 --- a/fwsnort.spec +++ b/fwsnort.spec @@ -7,8 +7,8 @@ Summary: Translates Snort rules into equivalent iptables rules Name: fwsnort Version: 1.0.6 -Release: 2%{?dist} -License: GPLv2 +Release: 3%{?dist} +License: GPLv2+ Group: System Environment/Daemons Url: http://www.cipherdyne.org/fwsnort/ Source0: http://www.cipherdyne.org/fwsnort/download/fwsnort-1.0.6.tar.gz @@ -100,6 +100,9 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %_sysconfdir/fwsnort/snort_rules/* %changelog +* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-3 +- License adjusted to GPLv2+ + * Wed Feb 03 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-2 - documentation included, LICENSE VERSION README CREDITS TODO SNORT-RULES-VERSION |