Summary: Open-source, Unix-based Network Intrusion Detection System
Name: bro
Version: 1.4
Release: 1%{?dist}
License: BSD
Group: Applications/Internet
URL: http://bro-ids.org
Source0: bro-%{version}-release.tar.gz
Source1: bro.cfg
Source2: bro.rc
Patch0: bro-1.4-installpolicy.patch
Patch1: bro-1.4-scripts.patch
Patch2: bro-1.4-pl_scripts.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libpcap-devel openssl-devel zlib-devel ncurses-devel
BuildRequires: automake autoconf libtool flex bison file-devel
BuildRequires: texinfo-tex
Requires: rsync
Requires: python
Requires: perl >= 5.6.1, perl(Config::General), perl(Getopt::Long)
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
%description
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
that passively monitors network traffic and looks for suspicious activity.
Bro detects intrusions by first parsing network traffic to extract is
application-level semantics and then executing event-oriented analyzers that
compare the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures, but also
those defined in terms of events) and unusual activities (e.g., certain hosts
connecting to certain services, or patterns of failed connection attempts).
%prep
%setup -q
%patch0 -p1 -b .installpolicy
%patch1 -p1 -b .scripts
%patch2 -p1 -b .pl_scripts
%build
./autogen.sh
%configure --enable-brov6 --disable-broccoli
%{__make} %{?_smp_mflags} CFLAGS+="-I/usr/include/ncurses"
%install
rm -rf %{buildroot}
%{__make} DESTDIR="%{buildroot}" install
# Install config
%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/bro
%{__install} -D -c -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/bro
# Create runtime dir
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/bro
# Create log dirs
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/log/bro
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/log/bro/archive
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/log/bro/sorted-logs
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/log/bro/reports
# Install scripts
pushd scripts/
%{__install} -d -m 755 %{buildroot}%{_datadir}/bro/scripts
%{__install} -c -m 644 bro.rc-hooks.sh %{buildroot}%{_datadir}/bro/scripts/bro.rc-hooks.sh
%{__install} -D -c -m 755 %{SOURCE2} %{buildroot}%{_initrddir}/bro
##
## FIXME: perl(Bro) needed by site-report.pl
##
%{__install} -d -m 755 %{buildroot}%{_datadir}/bro/perl
for PSCRIPT in perl/script/site-report.pl perl/lib/Bro/*.pm perl/lib/Bro/Report/*.pm; do
sed -i "s|@@BROCONFIG@@|%{_sysconfdir}/sysconfig/bro|g" "$PSCRIPT"
sed -i "s|@@BROCONFIGDIR@@|%{_sysconfdir}/bro|g" "$PSCRIPT"
sed -i "s|@@BROPERLLIB@@|%{_datadir}/bro/perl|g" "$PSCRIPT"
sed -i "s|@@BROHOME@@|%{_localstatedir}/run/bro|g" "$PSCRIPT"
done
pushd perl/lib
cp -r Bro %{buildroot}%{_datadir}/bro/perl
popd
for SPATH in push_logs.sh mail_reports.sh mail_notice.sh frontend-mail-reports.sh frontend-site-report.sh perl/script/site-report.pl; do
SNAME=$(basename "$SPATH")
%{__install} -c -m 755 "$SPATH" %{buildroot}%{_datadir}/bro/scripts
sed -i "s|@@CONFIGDIR@@|%{_sysconfdir}/sysconfig|g" "%{buildroot}%{_datadir}/bro/scripts/$SNAME"
sed -i "s|@@SCRIPTSDIR@@|%{_datadir}/bro/scripts|g" "%{buildroot}%{_datadir}/bro/scripts/$SNAME"
done
%{__install} -d -m 755 %{buildroot}%{_datadir}/bro/scripts/s2b
%{__install} -c -m 755 s2b/bin/s2b.pl %{buildroot}%{_datadir}/bro/scripts/s2b/s2b.pl
sed -i "s|/usr/local/etc/bro/s2b|%{_datadir}/bro/scripts/s2b|g" %{buildroot}%{_datadir}/bro/scripts/s2b/s2b.pl
%{__install} -c -m 644 s2b/etc/s2b.cfg %{buildroot}%{_datadir}/bro/scripts/s2b/s2b.cfg
%{__install} -c -m 644 s2b/etc/s2b-augment.cfg %{buildroot}%{_datadir}/bro/scripts/s2b/s2b-augment.cfg
%{__install} -c -m 644 s2b/etc/s2b-ruleset-augment.cfg %{buildroot}%{_datadir}/bro/scripts/s2b/s2b-ruleset-augment.cfg
%{__install} -c -m 644 s2b/etc/s2b-sigmap.cfg %{buildroot}%{_datadir}/bro/scripts/s2b/s2b-sigmap.cfg
%{__install} -c -m 755 s2b/bin/snort2bro %{buildroot}%{_datadir}/bro/scripts/s2b/snort2bro
popd
# Install example signatures, site policy
%{__install} -D -d -m 755 %{buildroot}%{_localstatedir}/lib/bro/site
%{__install} -D -d -m 755 %{buildroot}%{_localstatedir}/lib/bro/host
%{__install} -c -m 644 scripts/s2b/example_bro_files/signatures.sig %{buildroot}%{_localstatedir}/lib/bro/site/signatures.sig
%{__install} -c -m 644 scripts/local.lite.bro %{buildroot}%{_localstatedir}/lib/bro/site/localhost.bro
%{__install} -c -m 644 scripts/alert_scores %{buildroot}%{_sysconfdir}/bro/alert_scores
%{__install} -c -m 644 scripts/signature_scores %{buildroot}%{_sysconfdir}/bro/signature_scores
rm -rf src/libedit
# Generate docs
for d in doc/user-manual/Bro-user-manual.texi doc/ref-manual/Bro-Ref-Manual.texi doc/quick-start/Bro-quick-start.texi; do
pushd "$(dirname "$d")"
texi2dvi --clean --pdf "$(basename "$d")"
popd
done
%clean
rm -rf %{buildroot}
%post
/sbin/chkconfig --add bro
%preun
if [ $1 = 0 ] ; then
/sbin/service bro stop >/dev/null 2>&1
/sbin/chkconfig --del bro
fi
%files
%defattr(-,root,root,-)
%doc README COPYING doc/user-manual/Bro-user-manual.pdf doc/ref-manual/Bro-Ref-Manual.pdf doc/quick-start/Bro-quick-start.pdf
%config(noreplace) %{_sysconfdir}/sysconfig/bro
%{_initrddir}/bro
%{_bindir}/bro
%{_datadir}/bro
%{_localstatedir}/run/bro
%{_localstatedir}/log/bro
%{_localstatedir}/lib/bro
%{_sysconfdir}/bro
%changelog
* Mon Feb 9 2009 Daniel Kopecek <dkopecek@redhat.com> - 1.4-1
- rebase to 1.4-release
* Mon Nov 10 2008 Daniel Kopecek <dkopecek@redhat.com> - 1.4-0.3.20080804svn
- Removed bind-devel from BuildRequires
* Tue Aug 26 2008 Daniel Kopecek <dkopecek@redhat.com> - 1.4-0.2.20080804svn
- Added patch to prevent collision with the internal
variable in Autoconf 2.62. Thanks to skasal@redhat.com.
* Wed May 7 2008 Daniel Kopecek <dkopecek@redhat.com> - 1.4-0.1.20080804svn
- Initial build.