From 13305ca7e5a64cb1c968469068ebdb3fbc1f5483 Mon Sep 17 00:00:00 2001 From: "Guillermo Gomez S. (Gomix)" Date: Tue, 5 Jan 2010 15:55:04 -0430 Subject: Versionado basado en las versiones fwsnort & release de Fedora --- 1.0.6-1/fc12/fwsnort-1.0.6-1.fc12.src.rpm | Bin 0 -> 547397 bytes 1.0.6-1/fc12/fwsnort.spec | 108 ++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 1.0.6-1/fc12/fwsnort-1.0.6-1.fc12.src.rpm create mode 100644 1.0.6-1/fc12/fwsnort.spec (limited to '1.0.6-1') diff --git a/1.0.6-1/fc12/fwsnort-1.0.6-1.fc12.src.rpm b/1.0.6-1/fc12/fwsnort-1.0.6-1.fc12.src.rpm new file mode 100644 index 0000000..2f240e4 Binary files /dev/null and b/1.0.6-1/fc12/fwsnort-1.0.6-1.fc12.src.rpm differ diff --git a/1.0.6-1/fc12/fwsnort.spec b/1.0.6-1/fc12/fwsnort.spec new file mode 100644 index 0000000..df0f002 --- /dev/null +++ b/1.0.6-1/fc12/fwsnort.spec @@ -0,0 +1,108 @@ +%define name fwsnort +%define version 1.0.6 +%define release 1 +%define fwsnortlogdir /var/log/fwsnort + +### get the first @INC directory that includes the string "linux". +### This may be 'i386-linux', or 'i686-linux-thread-multi', etc. +%define fwsnortmoddir `perl -e '$path='i386-linux'; for (@INC) { if($_ =~ m|.*/(.*linux.*)|) {$path = $1; last; }} print $path'` + +Summary: Translates Snort rules into equivalent iptables rules +Name: %name +Version: %version +Release: %release%{?dist} +License: GPLv2 +Group: System Environment/Daemons +Url: http://www.cipherdyne.org/fwsnort/ +Source0: http://www.cipherdyne.org/fwsnort/download/%name-%version.tar.gz +Source1: logrotate.fwsnort +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch +Requires: iptables,perl-Net-IPv4Addr, perl-IPTables-Parse, perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description +fwsnort translates Snort rules into equivalent iptables rules and generates +a Bourne shell script that implements the resulting iptables commands. This +ruleset allows network traffic that exhibits Snort signatures to be logged +and/or dropped by iptables directly without putting any interface into +promiscuous mode or queuing packets from kernel to user space. In addition, +fwsnort (optionally) uses the IPTables::Parse module to parse the iptables +ruleset on the machine to determine which Snort rules are applicable to the +specific iptables policy. After all, if iptables is blocking all inbound +http traffic from external addresses, it is probably not of much use to try +detecting inbound attacks against against tcp/80. By default fwsnort +generates iptables rules that log Snort sid's with --log-prefix to klogd +where the messages can be analyzed with a log watcher such as logwatch or +psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables +string match module to match Snort content fields in the application portion +of ip traffic. Since Snort rules can contain hex data in content fields, +fwsnort implements a patch against iptables-1.2.7a which adds a +"--hex-string" option which will accept content fields such as +"|0d0a5b52504c5d3030320d0a|". fwsnort is able to translate approximately 60% +of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. For +more information about the translation strategy as well as +advantages/disadvantages of the method used by fwsnort to obtain intrusion +detection data, see the README included with the fwsnort sources or browse +to: http://www.cipherdyne.org/fwsnort/ + +%prep + +%setup -q +cp -p %SOURCE1 . + +%build + +%install +rm -rf $RPM_BUILD_ROOT +### log directory +mkdir -p $RPM_BUILD_ROOT%fwsnortlogdir + +### fwsnort config +mkdir -p $RPM_BUILD_ROOT%_sysconfdir/%name + +mkdir -p $RPM_BUILD_ROOT%_bindir +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 +mkdir -p $RPM_BUILD_ROOT%_sbindir + +install -m 755 fwsnort $RPM_BUILD_ROOT%_sbindir/ +install -m 644 fwsnort.conf $RPM_BUILD_ROOT%_sysconfdir/%name/ +install -m 644 fwsnort.8 $RPM_BUILD_ROOT%{_mandir}/man8/ + +### install snort rules files +cp -r deps/snort_rules $RPM_BUILD_ROOT%_sysconfdir/%name + +mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d +install -p -m 644 logrotate.fwsnort $RPM_BUILD_ROOT/etc/logrotate.d/fwsnort + +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT + +%pre +### not used + +%post +### not used + +%preun +### not used + +%files +%defattr(-,root,root) +%dir %fwsnortlogdir +%_sbindir/* +%{_mandir}/man8/* + +%dir %_sysconfdir/%name +%config(noreplace) %_sysconfdir/%name/fwsnort.conf + +%dir %_sysconfdir/logrotate.d +%config(noreplace) %_sysconfdir/logrotate.d/fwsnort + +%dir %_sysconfdir/%name/snort_rules +%config(noreplace) %_sysconfdir/%name/snort_rules/* + +%changelog +* Sat Jan 2 2010 Guillermo Gómez - 1.0.6-1 +- First Fedora spec compliant version, several modifications +- No deps included +- Free snort rules included -- cgit