Le 04/12/2012 03:12, dlucio a écrit :
Description :
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform protocol analysis, content searching/matching and can be used
to detect a variety of attacks and probes, such as buffer overflows, stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
separate "alert" file, or as a WinPopup message via Samba's smbclient
This is perfectly enough as package description. Everything else is
package usage documentation, and should go elsewhere, such as a
README.mga file.
This rpm is different from previous rpms
Which ones ?
and while it will not clobber
your current snort file, you will need to modify it.
As for every other package.
There are 9 different packages available
All of them require the base snort rpm. Additionally, you will need
to chose a binary to install.
/usr/sbin/snort should end up being a symlink to a binary in one of
the following configurations. We use update-alternatives for this.
Here are the different packages along with their priorities.
plain(10) plain+flexresp(11) mysql(12)
mysql+flexresp(13) postgresql(14) postgresql+flexresp(15)
bloat(16) inline(17) inline+flexresp(18)
prelude(19) prelude+flexresp(20)
The day you'll modify those priorities, you'll have to modify those
values too.
Please see the documentation in /usr/share/doc/snort
As for every other package.
--
BOFH excuse #388:
Bad user karma.
