mirror of
https://github.com/Ponce/slackbuilds
synced 2024-12-02 13:04:42 +01:00
43 lines
2.1 KiB
Text
43 lines
2.1 KiB
Text
|
Snort is an open source network intrusion detection and prevention system. It
|
||
|
is capable of performing real-time traffic analysis, alerting, blocking and
|
||
|
packet logging on IP networks. It utilizes a combination of protocol analysis
|
||
|
and pattern matchingin order to detect a anomalies, misuse and attacks.
|
||
|
Snort uses a flexible rules language to describe activity that can be considered
|
||
|
malicious or anomalous as well as an analysis engine that incorporates a modular
|
||
|
plugin architecture. Snort is capable of detecting and responding in real-time,
|
||
|
sending alerts, performing session sniping, logging packets, or dropping
|
||
|
sessions/packets when deployed in-line.
|
||
|
|
||
|
Snort has three primary functional modes. It can be used as a packet sniffer
|
||
|
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
|
||
|
or as a full blown network intrusion detection and prevention system.
|
||
|
|
||
|
Please read the snort_manual.pdf file that should be included with this
|
||
|
distribution for full documentation on the program as well as a guide to
|
||
|
getting started.
|
||
|
|
||
|
This package builds a very basic snort implimentation useful for monitoring
|
||
|
traffic as an IDS or packet logger and as a sort of improved tcpdump (which
|
||
|
is what I use it for). MySQL support is included, so you should have little
|
||
|
trouble hooking snort up to a database or ACID. For more information on
|
||
|
these, check out snort's homepage at:
|
||
|
|
||
|
http://www.snort.org/
|
||
|
http://www.snort.org/docs/
|
||
|
|
||
|
snort.org has a nasty habit of changing the location of their source
|
||
|
code, which means there's no garauntee that the link in snort.info is
|
||
|
correct. If you can't get that link to work, look for the source code at:
|
||
|
|
||
|
http://www.snort.org/dl/old/
|
||
|
|
||
|
Please note that this build script disables dynamic plugins. This can be
|
||
|
easily added by deleting the following line in the script.
|
||
|
|
||
|
--disable-dynamicplugin \
|
||
|
|
||
|
This will put the headers and source for dynamic plugins into /usr/src/snort.
|
||
|
There is no rc.snort script included with this script at this time, but you
|
||
|
should have little trouble creating one of your own. Please e-mail me with
|
||
|
any questions or comments. -- Alan Hicks <alan@lizella.net>
|