Bug 458391 - Review Request: bro - Open-source, Unix-based Network Intrusion Detection System
Review Request: bro - Open-source, Unix-based Network Intrusion Detection System
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Michal Marciniszyn
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-08-07 19:24 EDT by Daniel Kopeček
Modified: 2014-02-10 18:03 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-04 03:31:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mmarcini: fedora‑review+
kevin: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Daniel Kopeček 2008-08-07 19:24:46 EDT
Spec URL: http://mildew.pfy.cz/redhat/bro/bro.spec
SRPM URL: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.pre.src.rpm

Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
that passively monitors network traffic and looks for suspicious activity.
Bro detects intrusions by first parsing network traffic to extract is
application-level semantics and then executing event-oriented analyzers that
compare the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures, but also
those defined in terms of events) and unusual activities (e.g., certain hosts
connecting to certain services, or patterns of failed connection attempts).
Comment 1 Daniel Kopeček 2008-08-08 11:37:05 EDT
(In reply to comment #0)
New SRPM url:
SRPM URL: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.pre.fc8.src.rpm

Added disttag and smp flags.
Comment 2 Daniel Kopeček 2008-08-10 06:47:09 EDT
> Miloslav Trmač <mitr@redhat.com> wrote:
> This is not a formal review: I didn't go through Packaging/Guidelines,
> and I won't be able to reply during the next week.
> rpmlint output:
> bro.i386: E:  
> wrong-script-interpreter /usr/share/bro/capture-events.bro "$Id:"
> bro.i386: E: non-executable-script /usr/share/bro/capture-events.bro  
> 0644
>> bro.i386: E:  
> wrong-script-interpreter /usr/share/bro/capture-state-updates.bro "$Id:"
>> bro.i386: E:  
> non-executable-script /usr/share/bro/capture-state-updates.bro 0644
> The .bro files are not scripts, so this is not a problem.
>> bro.i386: E: zero-length /usr/share/bro/ftp-safe-words.bro  
> Shipped that way, OK.
>> bro.i386: W: log-files-without-logrotate /var/log/bro  
> Have you checked this is OK?

I think this is ok because Bro periodically creates new log files (this can be set in /etc/sysconfig/bro). But it ships some archiving script too that are not installed now - I will fix that after I rewrite this scripts as they are not usable in our environment now.

> bro.i386: W: incoherent-subsys /etc/rc.d/init.d/bro $prog
>> rpmlint can not expand $prog, this is OK.  
> * blocker: The Release: field does not follow
> https://fedoraproject.org/wiki/Packaging/NamingGuidelines#Snapshot_packages

Changed to: 0.1.%{snapshot}svn%{?dist}

> * blocker: License: should be "BSD with advertising"
> * Why is the "Requires: perl openssl zlib ncurses" line necessary?
>  - I can't see anything that requires perl
>  - libssl dependency is discovered automatically; nothing uses the
>    command-line utility
>  - libz dependency is discovered automatically
>  - Only "shtool", which is not shipped at all, uses the command-line
>    programs from ncurses.

Fixed. (removed)

> * blocker: bro seems to ship its own copy of libedit.  If it's true, bro
>  needs to be patched to link to the package shipped in the libedit rpm.

Yes, it ships its own libedit but it is not installed nor linked with any installed executables, so this should be ok.

Thanks for review

New SRPM: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.20080804svn.fc8.src.rpm
New spec: http://mildew.pfy.cz/redhat/bro/bro.spec
Comment 3 Daniel Kopeček 2008-08-12 08:58:55 EDT
> * blocker: License: should be "BSD with advertising"

See: http://mailman.icsi.berkeley.edu/pipermail/bro/2008-August/003606.html
Comment 4 Daniel Kopeček 2008-08-13 12:28:37 EDT
New SRPM: http://mildew.pfy.cz/redhat/bro/bro-1.4-0.1.20080804svn.fc9.src.rpm
Comment 5 Michal Marciniszyn 2008-08-14 11:25:42 EDT
Latest bro package looks good. Problems reported by rpmlint are more caused due to the presence of #! sequence in the begining of some bro conf files. Bro successfully builds on i386/x86_64 and runs on both of those.
Comment 6 Daniel Kopeček 2008-08-14 11:36:20 EDT
New Package CVS Request
Package Name: bro
Short Description: Open-source, Unix-based Network Intrusion Detection System
Owners: dkopecek
InitialCC: pvrabec
Cvsextras Commits: yes
Comment 7 Kevin Fenzi 2008-08-23 00:23:59 EDT
When reviewing, please remember to assign the bug to the reviewer, and set it to ASSIGNED. 

Please use your FAS name for Owners. 

cvs done.
Comment 8 R P Herrold 2008-09-04 12:55:05 EDT
I find that the .spec file as issued, has a (disabled) option which causes a ./configure to fail on older systems.  This patch fixes that issue:

[herrold@centos-5 bro]$ diff -u bro.spec-ORIG bro.spec
--- bro.spec-ORIG       2008-09-04 12:50:54.000000000 -0400
+++ bro.spec    2008-09-04 12:49:50.000000000 -0400
@@ -43,6 +43,10 @@

+# fix up ./configure to elide unsuppoted option
+for i in `find . -name configure `; do
+       sed -i -e 's@^enable_option_checking@# enable_option_checking@g' $i
 %configure --enable-brov6 --disable-broccoli
 %{__make} %{?_smp_mflags} CFLAGS+="-I/usr/include/ncurses"

[herrold@centos-5 bro]$

-- Russ herrold

Note You need to log in before you can comment on or make changes to this bug.