[suricata/f18] New upstream release

Steve Grubb sgrubb at fedoraproject.org
Sat Aug 25 19:53:04 UTC 2012 

commit 49d25c87f9bf2f26549742141653c7f82ac68f4b
Author: Steve <sgrubb at redhat.com>
Date:   Sat Aug 25 15:53:00 2012 -0400

    New upstream release
    
    - Switch startup to use systemd

 fedora.notes       |   12 +++++
 sources            |    3 +-
 suricata.init      |  118 ----------------------------------------------------
 suricata.service   |   11 +++++
 suricata.spec      |   54 ++++++++++++++++-------
 suricata.sysconfig |   12 +++---
 6 files changed, 67 insertions(+), 143 deletions(-)
---
diff --git a/fedora.notes b/fedora.notes
new file mode 100644
index 0000000..7f6421e
--- /dev/null
+++ b/fedora.notes
@@ -0,0 +1,12 @@
+This package does not ship with rules. For it to do its job, it must have
+rules. Rules can be used from a couple places. It knows how to use
+snort rules if you have those. But if you don't another place to get
+rules is the emerging threats web site. To install, you might do 
+something like:
+
+mkdir /etc/suricata/rules/emerging
+wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
+tar -xz -C /etc/suricata/rules/emerging --strip-components=1 -f emerging.rules.targ.gz
+
+Then enable the rules in /etc/suricata/suricata.yaml
+
diff --git a/sources b/sources
index 81a5776..eadafbc 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-058e4f2b2660330f790bff2e1e7a6ffb  suricata-1.3.tar.gz
-477ee72924d7609338cb00f9db60fbea  suricata-1.3.tar.gz.sig
+1d690a54f74900325cfec3f923e51448  suricata-1.3.1.tar.gz
diff --git a/suricata.service b/suricata.service
new file mode 100644
index 0000000..e1c1eab
--- /dev/null
+++ b/suricata.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Suricata Intrusion Detection Service
+After=syslog.target
+
+[Service]
+ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml $OPTIONS
+EnvironmentFile=-/etc/sysconfig/suricata
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/suricata.spec b/suricata.spec
index bdd8996..4030da2 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,24 +1,29 @@
 
 Summary: Intrusion Detection System
 Name: suricata
-Version: 1.3
-Release: 2%{?dist}
+Version: 1.3.1
+Release: 1%{?dist}
 License: GPLv2
 Group: Applications/Internet
 URL: http://www.openinfosecfoundation.org
 Source0: http://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
-Source1: suricata.init
+Source1: suricata.service
 Source2: suricata.sysconfig
 Source3: suricata.logrotate
+Source4: fedora.notes
 Patch1:  suricata-1.1.1-flags.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: libyaml-devel libprelude-devel
 BuildRequires: libnfnetlink-devel libnetfilter_queue-devel libnet-devel
 BuildRequires: zlib-devel libpcap-devel pcre-devel libcap-ng-devel
 BuildRequires: file-devel nspr-devel nss-softokn-devel
+BuildRequires: systemd-units
 # Remove when rpath issues are fixed
 BuildRequires: autoconf automake libtool
-Requires: chkconfig
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+ExclusiveArch: x86_64
 
 %description
 The Suricata Engine is an Open Source Next Generation Intrusion
@@ -32,6 +37,7 @@ GPU cards.
 
 %prep
 %setup -q
+install -m 644 %{SOURCE4} doc/
 %patch1 -p1
 # This is to fix rpaths created by bad Makefile.in
 autoreconf -fv --install
@@ -47,8 +53,10 @@ make DESTDIR="${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install
 # Setup etc directory
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/suricata/rules
 install -m 600 suricata.yaml $RPM_BUILD_ROOT%{_sysconfdir}/suricata
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
-install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/suricata
+install -m 600 classification.config $RPM_BUILD_ROOT%{_sysconfdir}/suricata
+install -m 600 reference.config $RPM_BUILD_ROOT%{_sysconfdir}/suricata
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 install -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/suricata
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
@@ -71,33 +79,45 @@ make check
 rm -rf $RPM_BUILD_ROOT
 
 %post
-/sbin/chkconfig --add suricata
-/sbin/ldconfig
+if [ $1 -eq 1 ] ; then 
+    # Initial installation 
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
 
 %preun
-if [ $1 -eq 0 ]; then
-   /sbin/service suricata stop > /dev/null 2>&1
-   /sbin/chkconfig --del suricata
+if [ $1 -eq 0 ] ; then
+    # Package removal, not upgrade
+    /bin/systemctl --no-reload disable suricata.service > /dev/null 2>&1 || :
+    /bin/systemctl stop suricata.service > /dev/null 2>&1 || :
 fi
 
-%postun -p /sbin/ldconfig
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    # Package upgrade, not uninstall
+    /bin/systemctl try-restart suricata.service >/dev/null 2>&1 || :
+fi
 
 %files
 %defattr(-,root,root,-)
-%doc COPYING doc/INSTALL
+%doc COPYING doc/INSTALL doc/Basic_Setup.txt
+%doc doc/Setting_up_IPSinline_for_Linux.txt doc/fedora.notes
 %{_sbindir}/suricata
 %{_libdir}/libhtp-*
 %attr(750,root,root) %dir %{_var}/log/suricata
-%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/suricata/suricata.yaml
+%config(noreplace) %{_sysconfdir}/suricata/suricata.yaml
+%config(noreplace) %{_sysconfdir}/suricata/classification.config
+%config(noreplace) %{_sysconfdir}/suricata/reference.config
 %dir %attr(750,root,root) %{_sysconfdir}/suricata
 %dir %attr(750,root,root) %{_sysconfdir}/suricata/rules
 %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/suricata
-%attr(755,root,root) %{_sysconfdir}/rc.d/init.d/suricata
+%attr(755,root,root) %{_unitdir}/suricata.service
 %config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/suricata
 
 %changelog
-* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+* Sat Aug 25 2012 Steve Grubb <sgrubb at redhat.com> 1.3.1-1
+- New upstream release
+- Switch startup to use systemd
 
 * Fri Jul 06 2012 Steve Grubb <sgrubb at redhat.com> 1.3-1
 - New upstream release
diff --git a/suricata.sysconfig b/suricata.sysconfig
index 9c38335..8f8a5ac 100644
--- a/suricata.sysconfig
+++ b/suricata.sysconfig
@@ -1,8 +1,8 @@
-# What user account should we run under.
-USER="snortd"
-
-# What group account should we run under. 
-GROUP="snortd"
+# The following parameters are the most commonly needed to configure
+# suricata. A full list can be seen by running /sbin/suricata --help
+# -i <network interface device>
+# --user <acct name>
+# --group <group name>
 
 # Add options to be passed to the daemon
-OPTIONS=" "
+OPTIONS="-i eth0 "

More information about the scm-commits mailing list