%global fwsnortlogdir /var/log/fwsnort
Summary: Translates Snort rules into equivalent iptables rules
Name: fwsnort
Version: 1.6.2
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Daemons
Url: http://www.cipherdyne.org/%{name}/
Source0: http://www.cipherdyne.org/%{name}/download/%{name}-%{version}.tar.gz
Source1: logrotate.fwsnort
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: iptables
Requires: perl(NetAddr::IP)
Requires: perl(IPTables::Parse)
Requires: logrotate
Requires: wget
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
%description
fwsnort translates Snort rules into equivalent iptables rules and generates
a Bourne shell script that implements the resulting iptables commands.
In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the
iptables ruleset on the machine to determine which Snort rules are applicable
to the specific iptables policy.
fwsnort is able to translate approximately 60% of all rules from the
Snort-2.3.3 IDS into equivalent iptables rules.
%prep
%setup -q
mv deps/snort_rules/VERSION SNORT-RULES-VERSION
cp -p %SOURCE1 .
%build
%install
rm -rf $RPM_BUILD_ROOT
### log directory
mkdir -p $RPM_BUILD_ROOT%{fwsnortlogdir}
### fwsnort config
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
install -m 755 fwsnort $RPM_BUILD_ROOT%{_sbindir}/
install -m 644 fwsnort.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -m 644 fwsnort.8 $RPM_BUILD_ROOT%{_mandir}/man8/
### install snort rules files
cp -r deps/snort_rules $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -p -m 644 logrotate.fwsnort $RPM_BUILD_ROOT/etc/logrotate.d/%{name}
%clean
rm -rf $RPM_BUILD_ROOT
%pre
### not used
%post
### not used
%preun
### not used
%files
%defattr(-,root,root)
%doc LICENSE VERSION README CREDITS TODO SNORT-RULES-VERSION
%dir %{fwsnortlogdir}
%{_sbindir}/*
%{_mandir}/man8/*
%dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/fwsnort.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%dir %{_sysconfdir}/%{name}/snort_rules
%config(noreplace) %{_sysconfdir}/%{name}/snort_rules/*
%changelog
* Sun May 26 2012 Guillermo Gómez <gomix@fedoraproject.org> - 1.6.2-1
- Update to version 1.6.2
- Replaced Net::IPv4Addr with NetAddr::IP module which has support for IPv6
address network parsing and comparisons.
- wget added as required to support default configuration.
* Fri Sep 02 2011 Guillermo Gómez <gomix@fedoraproject.org> - 1.6.1-1
- Update to version 1.6.1
- Bug fix for 'Couldn't load target' error
- Bug fix for fast_pattern interpretation for relative matches
- Updated to the latest Emerging Threats rule set
* Mon Aug 01 2011 Guillermo Gómez <gomix@fedoraproject.org - 1.6-1
- Update to major release version 1.6
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Dec 29 2010 Guillermo Gomez <gomix@fedoraproject.org> - 1.5-0
- Upgrade to major release version 1.5-0
- WARNING: Compatibility issue with 1.0.6 fwsnort.conf, previous
fwsnort.conf renamed as /etc/fwsnort/fwsnort.conf.rpmsave.
* Wed Dec 29 2010 Guillermo Gomez <gomix@fedoraproject.org>
- Upgrade to major prerelease version 1.5pre
* Tue Oct 12 2010 Mark Chappell <tremble@tremble.org.uk> - 1.0.6-8
- Replace the perl dependencies with the virtual modules rather than
the package name
* Sun May 16 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-7
- Ownership of /etc/logrotate.d corrected and requires logrotate instead which
provides it
* Sun Apr 25 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-6
- Macros use improved for consistency
* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-5
- Removed unnecesary macro definition
* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-4
- Description shortened
* Thu Feb 04 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-3
- License adjusted to GPLv2+
* Wed Feb 03 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-2
- documentation included, LICENSE VERSION README CREDITS TODO
SNORT-RULES-VERSION
* Sat Jan 2 2010 Guillermo Gómez <ggomez@neotechgw.com> - 1.0.6-1
- First Fedora spec compliant version, several modifications
- No deps included
- Free snort rules included