Source: harden Version: 0.1.38+nmu1 Severity: important Tags: patch The harden-nids package claims to provide a network intrusion detection upon installation but depends on: 'snort | ntop'
Snort is a network intrusion detection program, but ntop is not. Ntop is a network traffic probe that makes it possible to do traffic analysis but it does not have any capabilities to detect malicious network traffic either through behavioural or signature-based mechanisms (an upstream does not claim it to). Ntop does not comply with the package description definition either: " A network intrusion detection system is a tool that analyzes network packets and logs anomalies or known crack attempts. " I would suggest the package to remove ntop and include 'suricata' instead which *is* a network intrusion system. Attached is a patch that does just that. I'm setting the severity to 'important' since currently, in testing, Snort is not available (due to a removal from the Release Managers in December) and users installing this package currently in testing (and possibly in the 'jessie' release) would be just installing 'ntop' and not really an NIDS. In that way, the package description would be completely misleading. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- control.orig 2015-01-28 02:06:09.000000000 +0100 +++ control 2015-01-28 02:06:36.000000000 +0100 @@ -111,7 +111,7 @@ Package: harden-nids Architecture: all -Depends: snort | ntop +Depends: snort | suricata Recommends: logcheck Description: Harden a system by using a network intrusion detection system This package helps you to install a network intrusion detection system.
