[suricata/f18] New upstream release
Steve Grubb
sgrubb at fedoraproject.org
Sat Aug 25 19:53:04 UTC 2012
commit 49d25c87f9bf2f26549742141653c7f82ac68f4b
Author: Steve <sgrubb at redhat.com>
Date: Sat Aug 25 15:53:00 2012 -0400
New upstream release
- Switch startup to use systemd
fedora.notes | 12 +++++
sources | 3 +-
suricata.init | 118 ----------------------------------------------------
suricata.service | 11 +++++
suricata.spec | 54 ++++++++++++++++-------
suricata.sysconfig | 12 +++---
6 files changed, 67 insertions(+), 143 deletions(-)
---
diff --git a/fedora.notes b/fedora.notes
new file mode 100644
index 0000000..7f6421e
--- /dev/null
+++ b/fedora.notes
@@ -0,0 +1,12 @@
+This package does not ship with rules. For it to do its job, it must have
+rules. Rules can be used from a couple places. It knows how to use
+snort rules if you have those. But if you don't another place to get
+rules is the emerging threats web site. To install, you might do
+something like:
+
+mkdir /etc/suricata/rules/emerging
+wget http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
+tar -xz -C /etc/suricata/rules/emerging --strip-components=1 -f emerging.rules.targ.gz
+
+Then enable the rules in /etc/suricata/suricata.yaml
+
diff --git a/sources b/sources
index 81a5776..eadafbc 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-058e4f2b2660330f790bff2e1e7a6ffb suricata-1.3.tar.gz
-477ee72924d7609338cb00f9db60fbea suricata-1.3.tar.gz.sig
+1d690a54f74900325cfec3f923e51448 suricata-1.3.1.tar.gz
diff --git a/suricata.service b/suricata.service
new file mode 100644
index 0000000..e1c1eab
--- /dev/null
+++ b/suricata.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Suricata Intrusion Detection Service
+After=syslog.target
+
+[Service]
+ExecStart=/sbin/suricata -c /etc/suricata/suricata.yaml $OPTIONS
+EnvironmentFile=-/etc/sysconfig/suricata
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/suricata.spec b/suricata.spec
index bdd8996..4030da2 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,24 +1,29 @@
Summary: Intrusion Detection System
Name: suricata
-Version: 1.3
-Release: 2%{?dist}
+Version: 1.3.1
+Release: 1%{?dist}
License: GPLv2
Group: Applications/Internet
URL: http://www.openinfosecfoundation.org
Source0: http://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
-Source1: suricata.init
+Source1: suricata.service
Source2: suricata.sysconfig
Source3: suricata.logrotate
+Source4: fedora.notes
Patch1: suricata-1.1.1-flags.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libyaml-devel libprelude-devel
BuildRequires: libnfnetlink-devel libnetfilter_queue-devel libnet-devel
BuildRequires: zlib-devel libpcap-devel pcre-devel libcap-ng-devel
BuildRequires: file-devel nspr-devel nss-softokn-devel
+BuildRequires: systemd-units
# Remove when rpath issues are fixed
BuildRequires: autoconf automake libtool
-Requires: chkconfig
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+ExclusiveArch: x86_64
%description
The Suricata Engine is an Open Source Next Generation Intrusion
@@ -32,6 +37,7 @@ GPU cards.
%prep
%setup -q
+install -m 644 %{SOURCE4} doc/
%patch1 -p1
# This is to fix rpaths created by bad Makefile.in
autoreconf -fv --install
@@ -47,8 +53,10 @@ make DESTDIR="${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install
# Setup etc directory
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/suricata/rules
install -m 600 suricata.yaml $RPM_BUILD_ROOT%{_sysconfdir}/suricata
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
-install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/suricata
+install -m 600 classification.config $RPM_BUILD_ROOT%{_sysconfdir}/suricata
+install -m 600 reference.config $RPM_BUILD_ROOT%{_sysconfdir}/suricata
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/suricata
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
@@ -71,33 +79,45 @@ make check
rm -rf $RPM_BUILD_ROOT
%post
-/sbin/chkconfig --add suricata
-/sbin/ldconfig
+if [ $1 -eq 1 ] ; then
+ # Initial installation
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
%preun
-if [ $1 -eq 0 ]; then
- /sbin/service suricata stop > /dev/null 2>&1
- /sbin/chkconfig --del suricata
+if [ $1 -eq 0 ] ; then
+ # Package removal, not upgrade
+ /bin/systemctl --no-reload disable suricata.service > /dev/null 2>&1 || :
+ /bin/systemctl stop suricata.service > /dev/null 2>&1 || :
fi
-%postun -p /sbin/ldconfig
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+ # Package upgrade, not uninstall
+ /bin/systemctl try-restart suricata.service >/dev/null 2>&1 || :
+fi
%files
%defattr(-,root,root,-)
-%doc COPYING doc/INSTALL
+%doc COPYING doc/INSTALL doc/Basic_Setup.txt
+%doc doc/Setting_up_IPSinline_for_Linux.txt doc/fedora.notes
%{_sbindir}/suricata
%{_libdir}/libhtp-*
%attr(750,root,root) %dir %{_var}/log/suricata
-%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/suricata/suricata.yaml
+%config(noreplace) %{_sysconfdir}/suricata/suricata.yaml
+%config(noreplace) %{_sysconfdir}/suricata/classification.config
+%config(noreplace) %{_sysconfdir}/suricata/reference.config
%dir %attr(750,root,root) %{_sysconfdir}/suricata
%dir %attr(750,root,root) %{_sysconfdir}/suricata/rules
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/suricata
-%attr(755,root,root) %{_sysconfdir}/rc.d/init.d/suricata
+%attr(755,root,root) %{_unitdir}/suricata.service
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/suricata
%changelog
-* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+* Sat Aug 25 2012 Steve Grubb <sgrubb at redhat.com> 1.3.1-1
+- New upstream release
+- Switch startup to use systemd
* Fri Jul 06 2012 Steve Grubb <sgrubb at redhat.com> 1.3-1
- New upstream release
diff --git a/suricata.sysconfig b/suricata.sysconfig
index 9c38335..8f8a5ac 100644
--- a/suricata.sysconfig
+++ b/suricata.sysconfig
@@ -1,8 +1,8 @@
-# What user account should we run under.
-USER="snortd"
-
-# What group account should we run under.
-GROUP="snortd"
+# The following parameters are the most commonly needed to configure
+# suricata. A full list can be seen by running /sbin/suricata --help
+# -i <network interface device>
+# --user <acct name>
+# --group <group name>
# Add options to be passed to the daemon
-OPTIONS=" "
+OPTIONS="-i eth0 "
More information about the scm-commits
mailing list