|
 |
c63155d |
%define psadlogdir %{_localstatedir}/log/psad
|
|
|
c63155d |
%define psadrundir %{_localstatedir}/run/psad
|
|
|
c63155d |
%define psadvarlibdir %{_localstatedir}/lib/psad
|
|
|
c63155d |
|
|
|
c63155d |
Summary: Port Scan Attack Detector (psad) watches for suspect traffic
|
|
|
c63155d |
Name: psad
|
|
|
dafb9b6 |
Version: 2.1.7
|
|
 |
c940f4f |
Release: 6%{?dist}
|
|
|
c63155d |
License: GPLv2+
|
|
|
c63155d |
Group: System Environment/Daemons
|
|
|
c63155d |
Url: http://www.cipherdyne.org/psad/
|
|
 |
55a6002 |
Source: http://www.cipherdyne.org/psad/download/%name-%version.tar.bz2
|
|
|
c63155d |
Patch1: psad-2.1.2-initscript.patch
|
|
|
dafb9b6 |
Patch2: psad-2.1.7-archive.patch
|
|
|
fe232df |
Patch3: psad-2.1.7-qw.patch
|
|
|
636061d |
Patch4: psad-2.1.7-tmp.patch
|
|
|
c63155d |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
c63155d |
Requires: iptables
|
|
|
c63155d |
Requires(post): chkconfig
|
|
|
c63155d |
Requires(preun): chkconfig, initscripts
|
|
|
c63155d |
Requires(postun): initscripts
|
|
|
c63155d |
# The automatic dependency generator doesn't find this
|
|
|
c63155d |
Requires: perl(IPTables::ChainMgr)
|
|
|
c63155d |
Requires: perl(Net::IPv4Addr)
|
|
|
c63155d |
Requires: perl(Date::Calc)
|
|
|
c63155d |
Requires: perl(Unix::Syslog)
|
|
|
c63155d |
|
|
|
c63155d |
%description
|
|
|
c63155d |
Port Scan Attack Detector (psad) is a collection of three lightweight
|
|
|
c63155d |
system daemons written in Perl and in C that are designed to work with Linux
|
|
|
c63155d |
iptables firewalling code to detect port scans and other suspect traffic. It
|
|
|
c63155d |
features a set of highly configurable danger thresholds (with sensible
|
|
|
c63155d |
defaults provided), verbose alert messages that include the source,
|
|
|
c63155d |
destination, scanned port range, begin and end times, tcp flags and
|
|
|
c63155d |
corresponding nmap options, reverse DNS info, email and syslog alerting,
|
|
|
c63155d |
automatic blocking of offending ip addresses via dynamic configuration of
|
|
|
c63155d |
iptables rulesets, and passive operating system fingerprinting. In addition,
|
|
|
c63155d |
psad incorporates many of the tcp, udp, and icmp signatures included in the
|
|
|
c63155d |
snort intrusion detection system (http://www.snort.org) to detect highly
|
|
|
c63155d |
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
|
|
|
c63155d |
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
|
|
|
c63155d |
xmas) which are easily leveraged against a machine via nmap. psad can also
|
|
|
c63155d |
alert on snort signatures that are logged via fwsnort
|
|
|
c63155d |
(http://www.cipherdyne.org/fwsnort/), which makes use of the
|
|
|
c63155d |
iptables string match module to detect application layer signatures.
|
|
|
c63155d |
|
|
|
c63155d |
|
|
|
c63155d |
%prep
|
|
|
c63155d |
%setup -q
|
|
|
c63155d |
%patch1 -p1 -b .init
|
|
|
dafb9b6 |
%patch2 -p1 -b .archive
|
|
|
fe232df |
%patch3 -p1 -b .qw
|
|
|
636061d |
%patch4 -p1 -b .tmp
|
|
|
fe232df |
|
|
|
c63155d |
sed -i 's,_CHANGEME_,localhost,' psad.conf
|
|
|
c63155d |
|
|
|
c63155d |
%build
|
|
|
c63155d |
### build psad binaries (kmsgsd and psadwatchd)
|
|
|
c63155d |
make OPTS="$RPM_OPT_FLAGS" %{?_smp_mflags}
|
|
|
c63155d |
|
|
|
c63155d |
### build the whois client
|
|
|
dafb9b6 |
make OPTS="$RPM_OPT_FLAGS" -C deps/whois
|
|
|
c63155d |
|
|
|
c63155d |
|
|
|
c63155d |
%install
|
|
|
c63155d |
rm -rf $RPM_BUILD_ROOT
|
|
|
c63155d |
### log directory
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%psadlogdir
|
|
|
c63155d |
### dir for psadfifo
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%psadvarlibdir
|
|
|
c63155d |
### dir for pidfiles
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%psadrundir
|
|
|
c63155d |
|
|
|
c63155d |
### whois_psad binary
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%{_bindir}
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
|
|
c63155d |
### psad config
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
|
|
|
c63155d |
### psad init script
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
|
|
c63155d |
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
|
|
|
c63155d |
|
|
|
c63155d |
### psad
|
|
|
c63155d |
install -p -m 755 psad $RPM_BUILD_ROOT%{_sbindir}/
|
|
|
c63155d |
install -p -m 755 kmsgsd $RPM_BUILD_ROOT%{_sbindir}/
|
|
|
c63155d |
install -p -m 755 psadwatchd $RPM_BUILD_ROOT%{_sbindir}/
|
|
|
c63155d |
install -p -m 755 fwcheck_psad.pl $RPM_BUILD_ROOT%{_sbindir}/fwcheck_psad
|
|
|
dafb9b6 |
install -p -m 755 deps/whois/whois $RPM_BUILD_ROOT/%{_bindir}/whois_psad
|
|
|
c63155d |
install -p -m 755 nf2csv $RPM_BUILD_ROOT/%{_bindir}/nf2csv
|
|
|
c63155d |
install -p -m 755 init-scripts/psad-init.fedora $RPM_BUILD_ROOT/etc/rc.d/init.d/psad
|
|
|
dafb9b6 |
install -p -m 644 logrotate.psad $RPM_BUILD_ROOT/etc/logrotate.d/psad
|
|
|
c63155d |
install -p -m 644 psad.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 signatures $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 icmp_types $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 ip_options $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 auto_dl $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 snort_rule_dl $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 pf.os $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 posf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
|
|
|
c63155d |
install -p -m 644 *.8 $RPM_BUILD_ROOT%{_mandir}/man8/
|
|
|
c63155d |
install -p -m 644 nf2csv.1 $RPM_BUILD_ROOT%{_mandir}/man1/
|
|
|
c63155d |
|
|
|
c63155d |
### install snort rules files
|
|
|
dafb9b6 |
cp -r deps/snort_rules $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
|
|
|
c63155d |
|
|
|
c63155d |
%clean
|
|
|
c63155d |
rm -rf $RPM_BUILD_ROOT
|
|
|
c63155d |
|
|
|
c63155d |
%post
|
|
|
c63155d |
/sbin/chkconfig --add psad
|
|
|
c63155d |
|
|
|
c63155d |
%preun
|
|
|
c63155d |
if [ $1 -eq 0 ]; then
|
|
|
c63155d |
/sbin/service psad stop > /dev/null 2>&1
|
|
|
c63155d |
/sbin/chkconfig --del psad
|
|
|
c63155d |
fi
|
|
|
c63155d |
|
|
|
c63155d |
%postun
|
|
|
c63155d |
if [ $1 -ge 1 ]; then
|
|
|
c63155d |
/sbin/service psad condrestart >/dev/null 2>&1 || :
|
|
|
c63155d |
fi
|
|
|
c63155d |
|
|
|
c63155d |
%files
|
|
|
c63155d |
%defattr(-,root,root)
|
|
|
c63155d |
%doc BENCHMARK FW_HELP FW_EXAMPLE_RULES README README.SYSLOG SCAN_LOG
|
|
|
c63155d |
%{_sbindir}/*
|
|
|
c63155d |
%{_bindir}/*
|
|
|
c63155d |
%{_mandir}/man1/*
|
|
|
c63155d |
%{_mandir}/man8/*
|
|
|
c63155d |
%{_initrddir}/psad
|
|
|
c63155d |
%dir %{_sysconfdir}/%{name}
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/logrotate.d/psad
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/*.conf
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/signatures
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/auto_dl
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/ip_options
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/snort_rule_dl
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/posf
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/pf.os
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/icmp_types
|
|
|
c63155d |
%dir %{_sysconfdir}/%{name}/snort_rules
|
|
|
c63155d |
%config(noreplace) %{_sysconfdir}/%{name}/snort_rules/*
|
|
|
c63155d |
%dir %psadlogdir
|
|
|
c63155d |
%dir %psadvarlibdir
|
|
|
c63155d |
%dir %psadrundir
|
|
|
c63155d |
|
|
|
c63155d |
%changelog
|
|
|
c940f4f |
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.7-6
|
|
|
c940f4f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
c940f4f |
|
|
|
636061d |
* Tue Feb 07 2012 Peter Vrabec <pvrabec@redhat.com> 2.1.7-5
|
|
|
636061d |
- don't write to /tmp (#782527)
|
|
|
636061d |
|
|
|
fe232df |
* Thu Jan 19 2012 Peter Vrabec <pvrabec@redhat.com> 2.1.7-4
|
|
|
fe232df |
- adjust qw() use to new perl (#771779)
|
|
|
fe232df |
|
|
|
008a989 |
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.7-3
|
|
|
008a989 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
008a989 |
|
|
|
58d815e |
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.7-2
|
|
|
58d815e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
58d815e |
|
|
|
dafb9b6 |
* Thu Nov 25 2010 Peter Vrabec <pvrabec@redhat.com> 2.1.7-1
|
|
|
dafb9b6 |
- upgrade
|
|
|
dafb9b6 |
|
|
|
55a6002 |
* Tue Aug 11 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.1.3-4
|
|
|
55a6002 |
- Use bzipped upstream tarball.
|
|
|
55a6002 |
|
|
 |
bf5cfd8 |
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-3
|
|
|
bf5cfd8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
bf5cfd8 |
|
|
|
7c679e6 |
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-2
|
|
|
7c679e6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
7c679e6 |
|
|
|
c63155d |
* Wed Aug 13 2008 Peter Vrabec <pvrabec@redhat.com> 2.1.3-1
|
|
|
c63155d |
- some adjustments to meet fedora standartds
|
|
|
c63155d |
|
|
|
c63155d |
* Sun Apr 27 2008 Steve Grubb <sgrubb@redhat.com> 2.1.2-1
|
|
|
c63155d |
- Initial packaging
|