# # MIT License # # Copyright © 2022, TANGENT NETWORKS # # Permission is hereby granted, free of charge, to any person ob- # taining a copy of this software and associated documentation # files (the "Software"), to deal in the Software without restric- # tion, including without limitation the rights to use, copy, modi- # fy, merge, publish, distribute, sublicense, and/or sell copies of # the Software, and to permit persons to whom the Software is fur- # nished to do so, subject to the following conditions: # # THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE # INCLUDED IN ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES # OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONIN- # FRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # Summary: Intrusion Detection System Name: suricata Version: 6.0.19 Release: 1 License: GPL-2.0-only URL: https://suricata-ids.org/ Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz Source1: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata.sysconfig Source2: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata-tmpfiles.conf Source3: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/fedora.notes Patch0: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata-2.0.9-docs.patch Patch1: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata-4.1.1-service.patch Patch2: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata-5.0.4-geolite-path-fixup.patch Patch3: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata-6.0.3-log-path-fixup.patch Patch4: https://src.fedoraproject.org/rpms/suricata/raw/f39/f/suricata-6.0.9-python.patch BuildRequires: make BuildRequires: gcc gcc-c++ BuildRequires: cargo rust >= 1.33 BuildRequires: libyaml-devel python3-pyyaml BuildRequires: libnfnetlink-devel libnetfilter_queue-devel libnet-devel BuildRequires: zlib-devel pcre-devel libcap-ng-devel BuildRequires: lz4-devel libpcap-devel BuildRequires: nspr-devel nss-devel nss-softokn-devel file-devel BuildRequires: jansson-devel libmaxminddb-devel python3-devel lua-devel BuildRequires: pkgconfig(htp) BuildRequires: pkgconfig(libhs) # Next line is for eBPF support %if 0%{?fedora} >= 32 %ifarch x86_64 BuildRequires: clang llvm libbpf-devel %endif %endif BuildRequires: autoconf automake libtool BuildRequires: systemd-devel BuildRequires: hiredis-devel BuildRequires: libevent-devel %ifarch aarch64 BuildRequires: vectorscan BuildRequires: vectorscan-devel %endif BuildRequires: libhtp-devel # Prelude is disabled pending resolution of bz 1908783 #BuildRequires: libprelude-devel BuildRequires: pkgconfig(gnutls) %if 0%{?fedora} || 0%{?epel} >= 8 %ifarch x86_64 BuildRequires: hyperscan-devel %endif %endif Requires: python3-pyyaml Requires(pre): /usr/sbin/useradd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # Rust is not working on ppc64le systems (bz 1757548) # Or i686 (bz 2047425) ExcludeArch: ppc64le i686 %description The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB!), Gzip Decompression, Fast IP Matching, and GeoIP identification. %prep %setup -q install -m 644 %{SOURCE3} doc/ %autosetup -p1 #%patch -P0 -p1 #%patch -P1 -p1 #%patch -P2 -p1 #%patch -P3 -p1 #%patch -P4 -p1 sed -i 's/(datadir)/(sysconfdir)/' etc/Makefile.am %ifarch x86_64 sed -i 's/-D__KERNEL__/-D__KERNEL__ -D__x86_64__/' ebpf/Makefile.am %endif autoreconf -fv --install %build %configure \ --enable-gccprotect \ --enable-pie \ --disable-gccmarch-native \ --disable-coccinelle \ --enable-nfqueue \ --enable-af-packet \ --with-libnspr-includes=/usr/include/nspr4 \ --with-libnss-includes=/usr/include/nss3 \ --enable-jansson \ --enable-geoip \ --enable-lua \ --enable-hiredis \ --enable-rust \ --enable-non-bundled-htp \ --with-libhs=$(pkg-config --libs libhs) \ --with-include=$(pkg-config --cflags libhs) \ --with-libs=$(pkg-config --libs htp) \ --with-include=$(pkg-config --cflags htp) \ %if 0%{?fedora} >= 32 %ifarch x86_64 --enable-ebpf-build --enable-ebpf \ %endif %endif --enable-python %make_build %install make DESTDIR="%{buildroot}" "bindir=%{_sbindir}" install # Setup etc directory mkdir -p %{buildroot}%{_sysconfdir}/%{name}/rules install -m 640 rules/*.rules %{buildroot}%{_sysconfdir}/%{name}/rules install -m 600 etc/*.config %{buildroot}%{_sysconfdir}/%{name} install -m 600 threshold.config %{buildroot}%{_sysconfdir}/%{name} install -m 600 suricata.yaml %{buildroot}%{_sysconfdir}/%{name} mkdir -p %{buildroot}%{_unitdir} install -m 0644 etc/%{name}.service %{buildroot}%{_unitdir}/ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig install -m 0755 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/%{name} # Set up logging mkdir -p %{buildroot}/%{_var}/log/%{name} mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 etc/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Remove a couple things so they don't get picked up rm -rf %{buildroot}%{_includedir} rm -rf %{buildroot}%{_libdir}/pkgconfig # Setup suricata-update data directory mkdir -p %{buildroot}/%{_var}/lib/%{name} # Setup tmpdirs mkdir -p %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf mkdir -p %{buildroot}/run install -d -m 0755 %{buildroot}/run/%{name}/ cp suricata-update/README.rst doc/suricata-update-README.rst %check make check %pre getent passwd suricata >/dev/null || useradd -r -M -s /sbin/nologin suricata %post %systemd_post suricata.service if [ -d %{_var}/log/%{name} ] ; then file=$(ls %{_var}/log/%{name}/* 2> /dev/null | wc -l) if [ -n "$files" ] && [ "$files" != "0" ] ; then chown suricata %{_var}/log/%{name}/* 2> /dev/null fi fi %preun %systemd_preun suricata.service %postun %systemd_postun_with_restart suricata.service %files %doc doc/Basic_Setup.txt doc/suricata-update-README.rst %{!?_licensedir:%global license %%doc} %license COPYING %attr(644,root,root) %{_mandir}/man1/* %{_sbindir}/suricata %{_sbindir}/suricatasc %{_sbindir}/suricatactl %{_sbindir}/suricata-update /usr/lib/suricata/python/suricata/* /usr/lib/suricata/python/suricatasc %config(noreplace) %attr(0640,suricata,suricata) %{_sysconfdir}/%{name}/suricata.yaml %config(noreplace) %attr(0640,suricata,suricata) %{_sysconfdir}/%{name}/*.config %config(noreplace) %attr(0640,suricata,suricata) %{_sysconfdir}/%{name}/rules/*.rules %config(noreplace) %attr(0600,suricata,root) %{_sysconfdir}/sysconfig/%{name} %attr(644,root,root) %{_unitdir}/suricata.service %config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/%{name} %attr(750,suricata,suricata) %dir %{_var}/log/%{name} %attr(750,suricata,suricata) %dir %{_sysconfdir}/%{name} %attr(750,suricata,suricata) %dir %{_sysconfdir}/%{name}/rules %attr(2770,suricata,suricata) %dir %{_var}/lib/%{name} %attr(2770,suricata,suricata) %dir /run/%{name}/ %{_tmpfilesdir}/%{name}.conf %{_datadir}/%{name}/rules %changelog * Thu May 30 2024 David Peter 6.0.19-1 - Built package for aarch64 Fedora f39, f40, el9 - Built against non-bundled libhtp - Added vectorscan support