Name: ja4sentinel Version: 1.0.0 Release: 1%{?dist} Summary: JA4 TLS fingerprinting daemon for network monitoring License: MIT URL: https://github.com/your-repo/ja4sentinel BuildArch: x86_64 # Rocky Linux / RHEL compatibility # Requires EPEL for some dependencies if not in base repos %if 0%{?rhel} >= 8 Requires: systemd Requires: libpcap %endif %description JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers, extracting client-side TLS handshakes, generating JA4 signatures, enriching with IP/TCP metadata, and logging results to configurable outputs. Features: - Network packet capture with BPF filters - TLS ClientHello extraction - JA4/JA3 fingerprint generation - IP/TCP metadata enrichment - Multiple output formats (stdout, file, UNIX socket) - Structured JSON logging for systemd/journald - Compatible with Rocky Linux, RHEL, CentOS %prep # No source to unpack, binary is pre-built %build # No build needed, binary is pre-built %install mkdir -p %{buildroot}/usr/bin mkdir -p %{buildroot}/etc/ja4sentinel mkdir -p %{buildroot}/var/lib/ja4sentinel mkdir -p %{buildroot}/var/log/ja4sentinel mkdir -p %{buildroot}/var/run/ja4sentinel mkdir -p %{buildroot}/usr/lib/systemd/system mkdir -p %{buildroot}/usr/share/ja4sentinel # Install binary install -m 755 %{_sourcedir}/ja4sentinel %{buildroot}/usr/bin/ja4sentinel # Install systemd service install -m 644 %{_sourcedir}/ja4sentinel.service %{buildroot}/usr/lib/systemd/system/ja4sentinel.service # Install default config install -m 640 %{_sourcedir}/config.yml %{buildroot}/etc/ja4sentinel/config.yml.default install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/config.yml %pre getent group ja4sentinel >/dev/null || groupadd -r ja4sentinel getent passwd ja4sentinel >/dev/null || \ useradd -r -g ja4sentinel -d /var/lib/ja4sentinel -s /sbin/nologin \ -c "JA4Sentinel Service User" ja4sentinel exit 0 %post # Set proper ownership chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel # Set proper permissions chmod 750 /var/lib/ja4sentinel chmod 750 /var/log/ja4sentinel chmod 750 /etc/ja4sentinel # Install config if not exists if [ ! -f /etc/ja4sentinel/config.yml ]; then cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml chmod 640 /etc/ja4sentinel/config.yml fi # Enable service if [ $1 -eq 1 ] && [ -x /bin/systemctl ]; then /bin/systemctl daemon-reload /bin/systemctl enable ja4sentinel.service /bin/systemctl start ja4sentinel.service fi %preun if [ $1 -eq 0 ]; then # Package removal, stop and disable service if [ -x /bin/systemctl ]; then /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || true /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || true fi fi %postun if [ $1 -eq 0 ]; then # Package removal, reload systemd if [ -x /bin/systemctl ]; then /bin/systemctl daemon-reload fi fi %files /usr/bin/ja4sentinel /usr/lib/systemd/system/ja4sentinel.service /usr/share/ja4sentinel/config.yml %config(noreplace) /etc/ja4sentinel/config.yml.default %dir /etc/ja4sentinel %dir /var/lib/ja4sentinel %dir /var/log/ja4sentinel %dir /var/run/ja4sentinel %changelog * Wed Feb 25 2026 JA4Sentinel Team - 1.0.0-1 - Initial package release