summaryrefslogtreecommitdiff
path: root/network/snort/README
blob: 6a15d09b6209437d2dba2217f06c014d226815fa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Snort is an open source network intrusion detection and prevention system.  It 
is capable of performing real-time traffic analysis, alerting, blocking and 
packet logging on IP networks.  It utilizes a combination of protocol analysis 
and pattern matchingin order to detect a anomalies, misuse and attacks.  
Snort uses a flexible rules language to describe activity that can be considered
malicious or anomalous as well as an analysis engine that incorporates a modular 
plugin architecture.  Snort is capable of detecting and responding in real-time, 
sending alerts, performing session sniping, logging packets, or dropping 
sessions/packets when deployed in-line.

Snort has three primary functional modes.  It can be used as a packet sniffer 
like tcpdump(1), a packet logger (useful for network traffic debugging, etc), 
or as a full blown network intrusion detection and prevention system.

Please read the snort_manual.pdf file that should be included with this 
distribution for full documentation on the program as well as a guide to 
getting started.

This package builds a very basic snort implimentation useful for monitoring
traffic as an IDS or packet logger and as a sort of improved tcpdump (which
is what I use it for). MySQL support is included, so you should have little
trouble hooking snort up to a database or ACID. For more information on
these, check out snort's homepage at:

  http://www.snort.org/
  http://www.snort.org/docs/

snort.org has a nasty habit of changing the location of their source
code, which means there's no garauntee that the link in snort.info is
correct.  If you can't get that link to work, look for the source code at:

  http://www.snort.org/dl/old/

Please note that this build script disables dynamic plugins. This can be
easily added by deleting the following line in the script.

  --disable-dynamicplugin \

This will put the headers and source for dynamic plugins into /usr/src/snort.
There is no rc.snort script included with this script at this time, but you
should have little trouble creating one of your own. Please e-mail me with
any questions or comments.  -- Alan Hicks <alan@lizella.net>