mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-29 13:00:32 +01:00
42 lines
2.1 KiB
Text
42 lines
2.1 KiB
Text
Snort is an open source network intrusion detection and prevention system. It
|
|
is capable of performing real-time traffic analysis, alerting, blocking and
|
|
packet logging on IP networks. It utilizes a combination of protocol analysis
|
|
and pattern matchingin order to detect a anomalies, misuse and attacks.
|
|
Snort uses a flexible rules language to describe activity that can be considered
|
|
malicious or anomalous as well as an analysis engine that incorporates a modular
|
|
plugin architecture. Snort is capable of detecting and responding in real-time,
|
|
sending alerts, performing session sniping, logging packets, or dropping
|
|
sessions/packets when deployed in-line.
|
|
|
|
Snort has three primary functional modes. It can be used as a packet sniffer
|
|
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
|
|
or as a full blown network intrusion detection and prevention system.
|
|
|
|
Please read the snort_manual.pdf file that should be included with this
|
|
distribution for full documentation on the program as well as a guide to
|
|
getting started.
|
|
|
|
This package builds a very basic snort implimentation useful for monitoring
|
|
traffic as an IDS or packet logger and as a sort of improved tcpdump (which
|
|
is what I use it for). MySQL support is included, so you should have little
|
|
trouble hooking snort up to a database or ACID. For more information on
|
|
these, check out snort's homepage at:
|
|
|
|
http://www.snort.org/
|
|
http://www.snort.org/docs/
|
|
|
|
snort.org has a nasty habit of changing the location of their source
|
|
code, which means there's no garauntee that the link in snort.info is
|
|
correct. If you can't get that link to work, look for the source code at:
|
|
|
|
http://www.snort.org/dl/old/
|
|
|
|
Please note that this build script disables dynamic plugins. This can be
|
|
easily added by deleting the following line in the script.
|
|
|
|
--disable-dynamicplugin \
|
|
|
|
This will put the headers and source for dynamic plugins into /usr/src/snort.
|
|
There is no rc.snort script included with this script at this time, but you
|
|
should have little trouble creating one of your own. Please e-mail me with
|
|
any questions or comments. -- Alan Hicks <alan@lizella.net>
|