bro 2.5.4 with af_packet rpm spec

bro.spec

#
# spec file for package Bro
#
# Copyright (c) 1995-2014 The Regents of the University of California
# through the Lawrence Berkeley National Laboratory and the
# International Computer Science Institute. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# (1) Redistributions of source code must retain the above copyright
#     notice, this list of conditions and the following disclaimer.
#
# (2) Redistributions in binary form must reproduce the above copyright
#     notice, this list of conditions and the following disclaimer in the
#     documentation and/or other materials provided with the distribution.
#
# (3) Neither the name of the University of California, Lawrence Berkeley
#     National Laboratory, U.S. Dept. of Energy, International Computer
#     Science Institute, nor the names of contributors may be used to endorse
#     or promote products derived from this software without specific prior
#     written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# Note that some files in the distribution may carry their own copyright
# notices.
Name:           bro
Version:        2.5.4
Release:        1.1
Summary:        Bro is a powerful framework for network analysis and security monitoring
Group:          Productivity/Networking/Diagnostic

License:        BSD-3-Clause
URL:            http://bro.org
Source0:        http://www.bro.org/downloads/bro-2.5.4.tar.gz
Patch0:         install-symlink-old-cmake.patch
%if 0%{?centos_version} == 600 || 0%{?scientificlinux_version} == 600 || 0%{?rhel_version} == 505
Patch1:         cmake-2.6.patch
%endif
Requires:       bro-core = %{version}
Requires:       broctl = %{version}
Requires:       libbroccoli = %{version}
#Requires:       libbroccoli-devel = %{version}
Requires(pre):  /usr/sbin/groupadd, /usr/bin/getent

%if %{defined rhel_version}
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%endif

%define _prefix /opt/bro
%define _sysconfdir %{_prefix}/etc
%define _libdir %{_prefix}/lib
%define _mandir %{_prefix}/share/man

%if 0%{?suse_version}
%define __cmake /usr/bin/cmake
%endif

%description
Bro is a powerful network analysis framework that is much different from the
typical IDS you may know.  While focusing on network security monitoring, Bro
provides a comprehensive platform for more general network traffic analysis as
well. Well grounded in more than 15 years of research, Bro has successfully
bridged the traditional gap between academia and operations since its
inception. Today, it is relied upon operationally in particular by many
scientific environments for securing their cyberinfrastructure. Bro's user
community includes major universities, research labs, supercomputing centers,
and open-science communities.

%package -n bro-core
Summary:        The core bro installation without broctl
Group:          Productivity/Networking/Diagnostic
BuildRequires:  flex bison cmake zlib-devel python-devel swig gcc-c++
BuildRequires:  libpcap-devel
%if 0%{?fedora} >= 26
BuildRequires:  compat-openssl10-devel
%else
BuildRequires:  openssl-devel
%endif

%description -n bro-core
Bro is a powerful network analysis framework that is much different from the
typical IDS you may know.  While focusing on network security monitoring, Bro
provides a comprehensive platform for more general network traffic analysis as
well. Well grounded in more than 15 years of research, Bro has successfully
bridged the traditional gap between academia and operations since its
inception. Today, it is relied upon operationally in particular by many
scientific environments for securing their cyberinfrastructure. Bro's user
community includes major universities, research labs, supercomputing centers,
and open-science communities.

%package -n libbroccoli
Summary:        Broccoli library
Group:          System/Libraries

%description -n libbroccoli
Broccoli is the "Bro client communications library". It allows you
to create client sensors for the Bro intrusion detection system.
Broccoli can speak a good subset of the Bro communication protocol,
in particular, it can receive Bro IDs, send and receive Bro events,
and send and receive event requests to/from peering Bros. You can
currently create and receive values of pure types like integers,
counters, timestamps, IP addresses, port numbers, booleans, and
strings.

%package -n libbroccoli-devel
Summary:        Development files for broccoli
Group:          Development/Libraries/C and C++
Requires:       libbroccoli = %{version}

%description -n libbroccoli-devel
Development headers for libbroccoli.

%package -n broctl
Summary:        Bro Control
Group:          Productivity/Networking/Diagnostic
Requires:       python
Requires:       libbroccoli = %{version}
Requires:       bro-core = %{version}
%if 0%{?suse_version}
Requires:       python-curses
%endif

%description -n broctl
BroControl is Bro's interactive shell for operating Bro installations.

%pre
/usr/bin/getent group bro >/dev/null || /usr/sbin/groupadd -r bro

%pre -n bro-core
/usr/bin/getent group bro >/dev/null || /usr/sbin/groupadd -r bro

%pre -n broctl
/usr/bin/getent group bro >/dev/null || /usr/sbin/groupadd -r bro

%pre -n libbroccoli
/usr/bin/getent group bro >/dev/null || /usr/sbin/groupadd -r bro

%pre -n libbroccoli-devel
/usr/bin/getent group bro >/dev/null || /usr/sbin/groupadd -r bro

%prep
%setup -n bro-2.5.4 -q
# some platforms do in-source builds when using cmake. I don't really care, so just patch the error out.
find ./ -name "ProhibitInSourceBuild.cmake" | xargs -I file sh -c 'cat /dev/null > "file"'
%patch0 -p0
%if 0%{?centos_version} == 600 || 0%{?scientificlinux_version} == 600 || 0%{?rhel_version} == 505
%patch1 -p0
%endif

%build
./configure --prefix=%{_prefix} --binary-package
make %{?_smp_mflags}
mkdir -p aux/plugins/af_packet
git clone https://github.com/J-Gras/bro-af_packet-plugin.git aux/plugins/af_packet
pushd aux/plugins/af_packet
./configure  --install-root=%{buildroot}%{_libdir}/bro/plugins --with-latest-kernel
make %{?_smp_mflags}
popd


%install
rm -rf $RPM_BUILD_ROOT
%if %{defined rhel_version}
make install DESTDIR=$RPM_BUILD_ROOT
%else
%make_install
%endif
mkdir -p %{?buildroot}/opt/bro/spool/tmp
mkdir -p %{?buildroot}/opt/bro/logs
touch %{?buildroot}/opt/bro/spool/broctl-config.sh
pushd aux/plugins/af_packet
make install 
popd

%post -n libbroccoli -p /sbin/ldconfig

%postun -n libbroccoli -p /sbin/ldconfig

%files

%files -n bro-core
%defattr(-,root,bro,0755)
%dir %{_prefix}
%dir %{_bindir}
%dir %{_datadir}
%dir %{_datadir}/bro
%dir %{_mandir}
%dir %{_mandir}/man1
%dir %{_mandir}/man8
%{_bindir}/bro
%{_bindir}/bro-cut
%{_bindir}/adtrace
%{_bindir}/bro-config
%{_bindir}/rst
%{_datadir}/bro/base
%{_datadir}/bro/policy
%{_datadir}/bro/broxygen
%{_mandir}/man1/bro-cut.1
%{_mandir}/man8/bro.8
%defattr(0664,root,bro,2775)
%dir %{_datadir}/bro/site
%config %{_datadir}/bro/site/local-manager.bro
%config %{_datadir}/bro/site/local-proxy.bro
%config %{_datadir}/bro/site/local-worker.bro
%config %{_datadir}/bro/site/local-logger.bro
%config %{_datadir}/bro/site/local.bro
%defattr(-,root,bro,0755)
%dir %{_libdir}/bro/plugins/Bro_AF_Packet
%dir %{_libdir}/bro/plugins/Bro_AF_Packet/lib
%dir %{_libdir}/bro/plugins/Bro_AF_Packet/lib/bif
%dir %{_libdir}/bro/plugins/Bro_AF_Packet/scripts
%{_libdir}/bro/plugins/Bro_AF_Packet/__bro_plugin__
%{_libdir}/bro/plugins/Bro_AF_Packet/lib/*.so
%{_libdir}/bro/plugins/Bro_AF_Packet/lib/bif/*.bro
%{_libdir}/bro/plugins/Bro_AF_Packet/scripts/*.bro


%files -n broctl
%defattr(-,root,bro,0755)
%dir %{_prefix}
%dir %{_bindir}
%dir %{_datadir}
%dir %{_datadir}/bro
%dir %{_libdir}
%dir %{_libdir}/broctl
%dir %{_mandir}
%dir %{_mandir}/man1
%dir %{_mandir}/man8
%{_bindir}/broctl
%{_bindir}/capstats
%{_bindir}/trace-summary
%{_datadir}/broctl
%{_datadir}/bro/broctl
%{_libdir}/broctl/*.so
%{_libdir}/broctl/*.p*
%{_libdir}/broctl/plugins
%{_libdir}/broctl/BroControl
%{_mandir}/man8/broctl.8
%{_mandir}/man1/trace-summary.1
%defattr(0664,root,bro,2775)
%dir %{_sysconfdir}
%config %{_sysconfdir}/broctl.cfg
%config %{_sysconfdir}/networks.cfg
%config %{_sysconfdir}/node.cfg
%defattr(0664,root,bro,2770)
%{_prefix}/spool
%{_prefix}/logs
%defattr(-,root,bro,0755)
%dir %{_libdir}/bro/plugins/Bro_AF_Packet
%dir %{_libdir}/bro/plugins/Bro_AF_Packet/broctl
%{_libdir}/bro/plugins/Bro_AF_Packet/broctl/af_packet.py
%{_libdir}/bro/plugins/Bro_AF_Packet/broctl/af_packet.pyc
%{_libdir}/bro/plugins/Bro_AF_Packet/broctl/af_packet.pyo


%files -n libbroccoli
%defattr(-,root,bro,0755)
%dir %{_prefix}
%dir %{_bindir}
%dir %{_libdir}
%{_bindir}/broccoli-config
%{_libdir}/libbroccoli.so.*
%defattr(0664,root,bro,2775)
%dir %{_sysconfdir}
%config %{_sysconfdir}/broccoli.conf

%files -n libbroccoli-devel
%defattr(-,root,bro,0755)
%dir %{_prefix}
%dir %{_includedir}
%dir %{_libdir}
%{_includedir}/broccoli.h
%{_libdir}/libbroccoli.so
%{_libdir}/libbroccoli.a

%doc CHANGES COPYING NEWS README VERSION

%changelog
* Mon Feb 09 2015 Johanna Amann <build@xxon.net> 2.5.4-0
Nightly build version specification
* Wed Jan 28 2015 Johanna Amann <build@xxon.net> 2.3.2
Update to Bro 2.3.2
* Wed Oct 29 2014 Johanna Amann <build@xxon.net> 2.3.1
Initial version
-

bro.spec.md

Bro 2.5.4 with af_packet rpm

Pre-builed RPM-s with af_packet here

https://packagecloud.io/AlexAkulov/candy-repo/

Build

1. yum install -y rpm-build kernel-headers and other deps
2. Download http://download.opensuse.org/repositories/network:/bro/CentOS_7/src/bro-2.5.4-1.1.src.rpm
3. Use mc for extract bro-2.5.4-1.1.src.rpm/CONTENT.cpio/* to ~/rpmbuild/SOURCES
4. Download bro.spec
5. rpmbuild -bb bro.spec

See also

• Alternative bro.spec https://gist.github.com/dcode/1619dfa9212bbd5f4f0b11240b77c1f3
• Dependencies list for build bro https://github.com/juju4/ansible-bro-ids/blob/master/tasks/source.yml
• Package for modification http://download.opensuse.org/repositories/network:/bro/CentOS_7/