%{?dist: %{expand: %%define dist_%dist 1}} Summary: A low interaction honeypot Name: nepenthes Version: 0.2.2 Release: 4 License: GPL Group: System Environment/Daemons Source0: http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.gz Source1: %{name}.init Source2: %{name}.sysconfig # Snippets from http://nepenthes.mwcollect.org/snippets Source3: bdiffm.c Source4: mkcarray.c Source5: mwcollect-dump.pl Patch0: %{name}_0.2.0_submit_postgres.conf.dist.diff Patch1: %{name}-0.2.0-libipq.patch Patch2: %{name}-0.2.0-libssh.patch Patch3: %{name}-0.2.0-install.patch Patch4: %{name}-0.2.0-vulnssh_bindaddress.diff URL: http://%{name}.mwcollect.org/ Buildroot: /var/tmp/%{name}-root Vendor: The Nepenthes Team Packager: Peter Pramberger Provides: %{name}.pp Requires: curl file libadns libcap libgcc libidn libpcap Requires: libssh libstdc++ openssl pcre perl postgresql-libs Requires: zlib Prereq: coreutils glibc shadow-utils BuildPrereq: coreutils glibc-devel gcc-c++ make BuildPrereq: autoconf automake curl-devel bison file flex BuildPrereq: libadns-devel libcap-devel libidn-devel libpcap BuildPrereq: libssh-devel libstdc++-devel openssl-devel BuildPrereq: pcre-devel postgresql-devel zlib-devel ExclusiveOS: linux BuildRequires: libtool BuildRequires: automake17 automake16 automake15 automake14 # FC7, FC8, FC9 have adns natively BuildRequires: subversion automake libtool flex bison gcc gcc-c++ curl curl-devel pcre pcre-devel file libpcap iptables-devel %if 0%{?fc8}%{?fc9}%{?fc10} BuildRequires: libpcap-devel file-devel %endif %description Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilties worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular. There are module interfaces to resolve dns asynchronous, emulate vulnerabilities, download files, submit the downloaded files, trigger events and shellcode handler. %prep %setup -q #%patch0 -p1 -b .pqconf %patch1 -p1 -b .libipq %patch2 -p1 -b .libssh #%patch3 -p1 -b .install %patch4 -p1 -b .vulnssh # FC7/8 %if 0%{?fc7}%{?fc8} aclocal %endif # FC9 %if 0%{?fc9}%{?fc10} aclocal-1.10 %endif # FC7-10 %if 0%{?fc7}%{?fc8}%{?fc9}%{?fc10} automake --add-missing %endif # Rebuild autotools autoreconf # Prepare snippets %{__mkdir} snippets %{__cp} %{SOURCE3} %{SOURCE4} %{SOURCE5} snippets %build ./configure \ CFLAGS="${CFLAGS} -DOPENSSL_NO_KRB5" \ --prefix=%{_localstatedir}/%{name} \ --mandir=%{_mandir} \ --disable-static \ --enable-shared \ --enable-pcap \ --enable-ssh \ --enable-postgre \ --enable-lfs \ --enable-dnsresolve-adns \ --enable-capabilities \ --with-pcre-include=%{_includedir}/pcre \ --with-ssh-include=%{_includedir}/libssh %{__make} \ all # Build snippets pushd snippets %{__cc} -Wall -Werror -o bdiffm bdiffm.c %{__cc} -Wall -Werror -o mkcarray mkcarray.c popd %install [ -n "${RPM_BUILD_ROOT}" -a "${RPM_BUILD_ROOT}" != "/" ] && %{__rm} -rf ${RPM_BUILD_ROOT} %{__mkdir_p} ${RPM_BUILD_ROOT}%{_initrddir} %{__mkdir_p} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig %{__mkdir_p} ${RPM_BUILD_ROOT}%{_bindir} %{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/%{name} %{__make} \ DESTDIR=${RPM_BUILD_ROOT} \ install %{__install} -m 0644 modules/submit-postgres/submit-postgres.conf.dist \ ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/etc/%{name}/submit-postgres.conf %{__install} -m 0755 %{SOURCE1} ${RPM_BUILD_ROOT}%{_initrddir}/%{name} %{__install} -m 0644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} %{__rm} -f ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/etc/%{name}/vuln-ssh.conf %{__rm} -rf ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/share # Install snippets pushd snippets %{__install} -m 0755 bdiffm ${RPM_BUILD_ROOT}%{_bindir} %{__install} -m 0755 mkcarray ${RPM_BUILD_ROOT}%{_bindir} %{__install} -m 0755 mwcollect* ${RPM_BUILD_ROOT}%{_bindir} popd %pre if ! %{__id} -g %{name} >/dev/null 2>&1; then groupadd -r %{name} fi if ! %{__id} -u %{name} >/dev/null 2>&1; then useradd -g %{name} -G %{name} \ -d %{_localstatedir}/%{name} \ -r -s /sbin/nologin %{name} fi %post if [ $1 = 1 ]; then chkconfig --add %{name} chkconfig %{name} on fi if [ -f %{_localstatedir}/lock/subsys/%{name} ]; then %{_initrddir}/%{name} restart fi %preun if [ $1 = 0 ]; then chkconfig %{name} off chkconfig --del %{name} if [ -f %{_localstatedir}/lock/subsys/%{name} ]; then %{_initrddir}/%{name} stop fi fi %clean [ -n "${RPM_BUILD_ROOT}" -a "${RPM_BUILD_ROOT}" != "/" ] && %{__rm} -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,root) %doc AUTHORS CHANGES COPYING INSTALL README %doc doc/README* doc/*.svg %{_initrddir}/* %config(noreplace) %{_sysconfdir}/sysconfig/* %{_bindir}/* %{_mandir}/man8/* %attr(750,root,root) %dir %{_localstatedir}/%{name} %dir %{_localstatedir}/%{name}/bin %{_localstatedir}/%{name}/bin/* %dir %{_localstatedir}/%{name}/etc %dir %{_localstatedir}/%{name}/etc/%{name} %config(noreplace) %{_localstatedir}/%{name}/etc/%{name}/*.conf %{_localstatedir}/%{name}/etc/%{name}/*.dist %dir %{_localstatedir}/%{name}/lib %{_localstatedir}/%{name}/lib/* %dir %{_localstatedir}/%{name}/var %config(noreplace) %{_localstatedir}/%{name}/var/* %changelog * Thu Sep 4 2007 Scott R. Shinn - 0.2.2-1 * Tue Feb 27 2007 peter.pramberger@member.fsf.org 0.2.0-4 - some spec file cleanups (x86_64 support) - removed libipq support (see #158623) * Mon Dec 18 2006 peter.pramberger@member.fsf.org 0.2.0-3 - created