Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: Review Request: Bro - Open-source, Unix-based Network Intrusion Detection System
https://bugzilla.redhat.com/show_bug.cgi?id=458391
Summary: Review Request: Bro - Open-source, Unix-based Network Intrusion Detection System Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: Package Review AssignedTo: nobody@fedoraproject.org ReportedBy: dkopecek@redhat.com QAContact: extras-qa@fedoraproject.org CC: notting@redhat.com, fedora-package-review@redhat.com Estimated Hours: 0.0 Classification: Fedora
Spec URL: http://mildew.pfy.cz/redhat/bro/bro.spec SRPM URL: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.pre.src.rpm
Description: Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract is application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
--- Comment #1 from Dan Kopeček dkopecek@redhat.com 2008-08-08 11:37:05 EDT --- (In reply to comment #0) New SRPM url: SRPM URL: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.pre.fc8.src.rpm
Added disttag and smp flags.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
--- Comment #2 from Dan Kopeček dkopecek@redhat.com 2008-08-10 06:47:09 EDT ---
Miloslav Trmač mitr@redhat.com wrote:
This is not a formal review: I didn't go through Packaging/Guidelines, and I won't be able to reply during the next week.
rpmlint output: bro.i386: E: wrong-script-interpreter /usr/share/bro/capture-events.bro "$Id:" bro.i386: E: non-executable-script /usr/share/bro/capture-events.bro 0644
bro.i386: E:
wrong-script-interpreter /usr/share/bro/capture-state-updates.bro "$Id:"
bro.i386: E:
non-executable-script /usr/share/bro/capture-state-updates.bro 0644 The .bro files are not scripts, so this is not a problem.
bro.i386: E: zero-length /usr/share/bro/ftp-safe-words.bro
Shipped that way, OK.
bro.i386: W: log-files-without-logrotate /var/log/bro
Have you checked this is OK?
I think this is ok because Bro periodically creates new log files (this can be set in /etc/sysconfig/bro). But it ships some archiving script too that are not installed now - I will fix that after I rewrite this scripts as they are not usable in our environment now.
bro.i386: W: incoherent-subsys /etc/rc.d/init.d/bro $prog
rpmlint can not expand $prog, this is OK.
- blocker: The Release: field does not follow
https://fedoraproject.org/wiki/Packaging/NamingGuidelines#Snapshot_packages
Changed to: 0.1.%{snapshot}svn%{?dist}
- blocker: License: should be "BSD with advertising"
- Why is the "Requires: perl openssl zlib ncurses" line necessary?
- I can't see anything that requires perl
- libssl dependency is discovered automatically; nothing uses the command-line utility
- libz dependency is discovered automatically
- Only "shtool", which is not shipped at all, uses the command-line programs from ncurses.
Fixed. (removed)
- blocker: bro seems to ship its own copy of libedit. If it's true, bro
needs to be patched to link to the package shipped in the libedit rpm.
Yes, it ships its own libedit but it is not installed nor linked with any installed executables, so this should be ok.
Thanks for review
New SRPM: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.20080804svn.fc8.src.rpm New spec: http://mildew.pfy.cz/redhat/bro/bro.spec
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
--- Comment #3 from Dan Kopeček dkopecek@redhat.com 2008-08-12 08:58:55 EDT ---
- blocker: License: should be "BSD with advertising"
See: http://mailman.icsi.berkeley.edu/pipermail/bro/2008-August/003606.html
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
Michal Marciniszyn mmarcini@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mmarcini@redhat.com AssignedTo|nobody@fedoraproject.org |mmarcini@redhat.com
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
Dan Kopeček dkopecek@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mmarcini@redhat.com |nobody@fedoraproject.org
--- Comment #4 from Dan Kopeček dkopecek@redhat.com 2008-08-13 12:28:37 EDT --- New SRPM: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.20080804svn.fc9.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
--- Comment #5 from Michal Marciniszyn mmarcini@redhat.com 2008-08-14 11:25:42 EDT --- Latest bro package looks good. Problems reported by rpmlint are more caused due to the presence of #! sequence in the begining of some bro conf files. Bro successfully builds on i386/x86_64 and runs on both of those.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
--- Comment #6 from Dan Kopeček dkopecek@redhat.com 2008-08-14 11:36:20 EDT --- New Package CVS Request ======================= Package Name: bro Short Description: Open-source, Unix-based Network Intrusion Detection System Owners: dkopecek Branches: InitialCC: pvrabec Cvsextras Commits: yes
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
Kevin Fenzi kevin@tummy.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|nobody@fedoraproject.org |mmarcini@redhat.com Summary|Review Request: Bro - |Review Request: bro - |Open-source, Unix-based |Open-source, Unix-based |Network Intrusion Detection |Network Intrusion Detection |System |System
--- Comment #7 from Kevin Fenzi kevin@tummy.com 2008-08-23 00:23:59 EDT --- When reviewing, please remember to assign the bug to the reviewer, and set it to ASSIGNED.
Please use your FAS name for Owners.
cvs done.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
Daniel Kopeček dkopecek@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=458391
R P Herrold herrold@owlriver.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |herrold@owlriver.com
--- Comment #8 from R P Herrold herrold@owlriver.com 2008-09-04 12:55:05 EDT --- I find that the .spec file as issued, has a (disabled) option which causes a ./configure to fail on older systems. This patch fixes that issue:
[herrold@centos-5 bro]$ diff -u bro.spec-ORIG bro.spec --- bro.spec-ORIG 2008-09-04 12:50:54.000000000 -0400 +++ bro.spec 2008-09-04 12:49:50.000000000 -0400 @@ -43,6 +43,10 @@
%build ./autogen.sh +# fix up ./configure to elide unsuppoted option +for i in `find . -name configure `; do + sed -i -e 's@^enable_option_checking@# enable_option_checking@g' $i +done %configure --enable-brov6 --disable-broccoli %{__make} %{?_smp_mflags} CFLAGS+="-I/usr/include/ncurses"
[herrold@centos-5 bro]$
-- Russ herrold
package-review@lists.fedoraproject.org