From a5bb7598f0e5cfa032db37b22addff694f7df656 Mon Sep 17 00:00:00 2001
From: Steve <sgrubb@redhat.com>
Date: Aug 25 2012 19:13:37 +0000
Subject: New upstream release


- Switch startup to use systemd

---

diff --git a/.gitignore b/.gitignore
index e5e86b1..bd20c93 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ suricata-1.0.0.tar.gz.sig
 /suricata-1.2.1.tar.gz.sig
 /suricata-1.3.tar.gz
 /suricata-1.3.tar.gz.sig
+/suricata-1.3.1.tar.gz
diff --git a/fedora.notes b/fedora.notes
new file mode 100644
index 0000000..7f6421e
--- /dev/null
+++ b/fedora.notes
@@ -0,0 +1,12 @@
+This package does not ship with rules. For it to do its job, it must have
+rules. Rules can be used from a couple places. It knows how to use
+snort rules if you have those. But if you don't another place to get
+rules is the emerging threats web site. To install, you might do 
+something like:
+
+mkdir /etc/suricata/rules/emerging
+wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
+tar -xz -C /etc/suricata/rules/emerging --strip-components=1 -f emerging.rules.targ.gz
+
+Then enable the rules in /etc/suricata/suricata.yaml
+
diff --git a/sources b/sources
index 81a5776..eadafbc 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-058e4f2b2660330f790bff2e1e7a6ffb  suricata-1.3.tar.gz
-477ee72924d7609338cb00f9db60fbea  suricata-1.3.tar.gz.sig
+1d690a54f74900325cfec3f923e51448  suricata-1.3.1.tar.gz
diff --git a/suricata.init b/suricata.init
deleted file mode 100644
index 65ed91b..0000000
--- a/suricata.init
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/bash
-#
-# suricata     This starts and stops the suricata IDS engine
-#
-# chkconfig: - 40 60
-# description:  Suricata is a Network Intrusion Detection tool that \
-#		that can sniff network traffic or process tcpdump cpatures \
-#		to spot suspicious packets
-#
-# processname: /usr/sbin/suricata
-# config: /etc/sysconfig/suricata
-# config: /etc/suricata/suricata.yaml
-# pidfile: /var/run/suricata.pid
-#
-# Return values according to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-#
-
-
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-prog="suricata"
-
-# Source function library.
-. /etc/init.d/functions
-
-# Allow anyone to run status
-if [ "$1" = "status" ] ; then
-	status $prog
-	RETVAL=$?
-	exit $RETVAL
-fi
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0  ||  exit 4
-
-# Check config
-test -f /etc/sysconfig/suricata && . /etc/sysconfig/suricata
-
-RETVAL=0
-
-start(){
-	test -x /usr/sbin/suricata  || exit 5
-	test -f /etc/suricata/suricata.yaml  || exit 6
-
-	echo -n $"Starting $prog: "
-
-# Localization for auditd is controlled in /etc/synconfig/auditd
-	unset HOME MAIL USER USERNAME
-	daemon $prog "$OPTIONS -c /etc/suricata/suricata.yaml"
-	RETVAL=$?
-	echo
-	if test $RETVAL = 0 ; then
-		touch /var/lock/subsys/suricata
-	fi
-	return $RETVAL
-}
-
-stop(){
-	echo -n $"Stopping $prog: "
-	killproc $prog
-	RETVAL=$?
-	echo
-	rm -f /var/lock/subsys/suricata
-	return $RETVAL
-}
-
-reload(){
-	test -f /etc/suricata/suricata.yaml  || exit 6
-	echo -n $"Reloading configuration: "	
-	killproc $prog -HUP
-	RETVAL=$?
-	echo
-	return $RETVAL
-}
-
-restart(){
-	test -f /etc/suricata/suricata.yaml  || exit 6
-	stop
-	start
-}
-
-condrestart(){
-	[ -e /var/lock/subsys/suricata ] && restart
-	return 0
-}
-
-
-# See how we were called.
-case "$1" in
-    start)
-	start
-	;;
-    stop)
-	stop
-	;;
-    restart)
-	restart
-	;;
-    reload|force-reload)
-	reload
-	;;
-    condrestart|try-restart)
-	condrestart
-	;;
-    *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
-	RETVAL=3
-esac
-
-exit $RETVAL
-
diff --git a/suricata.service b/suricata.service
new file mode 100644
index 0000000..e1c1eab
--- /dev/null
+++ b/suricata.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Suricata Intrusion Detection Service
+After=syslog.target
+
+[Service]
+ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml $OPTIONS
+EnvironmentFile=-/etc/sysconfig/suricata
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/suricata.spec b/suricata.spec
index bdd8996..c3d9db2 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,24 +1,28 @@
 
 Summary: Intrusion Detection System
 Name: suricata
-Version: 1.3
-Release: 2%{?dist}
+Version: 1.3.1
+Release: 1%{?dist}
 License: GPLv2
 Group: Applications/Internet
 URL: http://www.openinfosecfoundation.org
 Source0: http://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
-Source1: suricata.init
+Source1: suricata.service
 Source2: suricata.sysconfig
 Source3: suricata.logrotate
+Source4: fedora.notes
 Patch1:  suricata-1.1.1-flags.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: libyaml-devel libprelude-devel
 BuildRequires: libnfnetlink-devel libnetfilter_queue-devel libnet-devel
 BuildRequires: zlib-devel libpcap-devel pcre-devel libcap-ng-devel
 BuildRequires: file-devel nspr-devel nss-softokn-devel
+BuildRequires: systemd-units
 # Remove when rpath issues are fixed
 BuildRequires: autoconf automake libtool
-Requires: chkconfig
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
 
 %description
 The Suricata Engine is an Open Source Next Generation Intrusion
@@ -32,6 +36,7 @@ GPU cards.
 
 %prep
 %setup -q
+install -m 644 %{SOURCE4} doc/
 %patch1 -p1
 # This is to fix rpaths created by bad Makefile.in
 autoreconf -fv --install
@@ -47,8 +52,10 @@ make DESTDIR="${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install
 # Setup etc directory
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/suricata/rules
 install -m 600 suricata.yaml $RPM_BUILD_ROOT%{_sysconfdir}/suricata
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
-install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/suricata
+install -m 600 classification.config $RPM_BUILD_ROOT%{_sysconfdir}/suricata
+install -m 600 reference.config $RPM_BUILD_ROOT%{_sysconfdir}/suricata
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 install -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/suricata
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
@@ -71,33 +78,45 @@ make check
 rm -rf $RPM_BUILD_ROOT
 
 %post
-/sbin/chkconfig --add suricata
-/sbin/ldconfig
+if [ $1 -eq 1 ] ; then 
+    # Initial installation 
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
 
 %preun
-if [ $1 -eq 0 ]; then
-   /sbin/service suricata stop > /dev/null 2>&1
-   /sbin/chkconfig --del suricata
+if [ $1 -eq 0 ] ; then
+    # Package removal, not upgrade
+    /bin/systemctl --no-reload disable suricata.service > /dev/null 2>&1 || :
+    /bin/systemctl stop suricata.service > /dev/null 2>&1 || :
 fi
 
-%postun -p /sbin/ldconfig
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    # Package upgrade, not uninstall
+    /bin/systemctl try-restart suricata.service >/dev/null 2>&1 || :
+fi
 
 %files
 %defattr(-,root,root,-)
-%doc COPYING doc/INSTALL
+%doc COPYING doc/INSTALL doc/Basic_Setup.txt
+%doc doc/Setting_up_IPSinline_for_Linux.txt doc/fedora.notes
 %{_sbindir}/suricata
 %{_libdir}/libhtp-*
 %attr(750,root,root) %dir %{_var}/log/suricata
-%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/suricata/suricata.yaml
+%config(noreplace) %{_sysconfdir}/suricata/suricata.yaml
+%config(noreplace) %{_sysconfdir}/suricata/classification.config
+%config(noreplace) %{_sysconfdir}/suricata/reference.config
 %dir %attr(750,root,root) %{_sysconfdir}/suricata
 %dir %attr(750,root,root) %{_sysconfdir}/suricata/rules
 %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/suricata
-%attr(755,root,root) %{_sysconfdir}/rc.d/init.d/suricata
+%attr(755,root,root) %{_unitdir}/suricata.service
 %config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/suricata
 
 %changelog
-* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+* Sat Aug 25 2012 Steve Grubb <sgrubb@redhat.com> 1.3.1-1
+- New upstream release
+- Switch startup to use systemd
 
 * Fri Jul 06 2012 Steve Grubb <sgrubb@redhat.com> 1.3-1
 - New upstream release
diff --git a/suricata.sysconfig b/suricata.sysconfig
index 9c38335..8f8a5ac 100644
--- a/suricata.sysconfig
+++ b/suricata.sysconfig
@@ -1,8 +1,8 @@
-# What user account should we run under.
-USER="snortd"
-
-# What group account should we run under. 
-GROUP="snortd"
+# The following parameters are the most commonly needed to configure
+# suricata. A full list can be seen by running /sbin/suricata --help
+# -i <network interface device>
+# --user <acct name>
+# --group <group name>
 
 # Add options to be passed to the daemon
-OPTIONS=" "
+OPTIONS="-i eth0 "