Re: Bug #173254 Submitted: Snort In Stable Unusable
Luis Bustamante wrote: I've been building latest snort on woody without problems. If someone is interested I usually upload updated versions for woody on: Thanks Luis for offering this service! Since you are not the official maintainer of snort I might ask before I add your URL to my apt.sources if you intend to keep your unofficial repository of snort up to date as we all know it is be essential for an IDS to have the latest signatures/rules. Kind regards, Marcus -- Fickle minds, pretentious attitudes and ugly | PGP-Key: [DH/DSS] 4096-bit make-up on ugly faces... The Gothgoose | Key-ID: 0xE10F502E Of The Week: http://www.gothgoose.net| Encrypted mails welcome!
Re: Bug #173254 Submitted: Snort In Stable Unusable
Quoting Noah L. Meyerhans ([EMAIL PROTECTED]): A third option might be to create a snort-tracker package that makes it easier to build an up-to-date snort binary, complete with up-to-date rules. Similar to pine-tracker, but for a different purpose. I'm not sure if that would be feasible, though. Does snort require significant patching to comply with our filesystem policies? I think that would be doable, although I have no idea if 1.9.0 depends on specific libraries only available in unstable atm. So i'd have to look into this some time.. Regards, sander -- | To be intoxicated is to feel sophisticated but not be able to say it. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D msg08235/pgp0.pgp Description: PGP signature
Re: Bug #173254 Submitted: Snort In Stable Unusable
Sander == Sander Smeenk [EMAIL PROTECTED] writes: Sander I think that would be doable, although I have no idea if Sander 1.9.0 depends on specific libraries only available in Sander unstable atm. So i'd have to look into this some time.. I've been building latest snort on woody without problems. If someone is interested I usually upload updated versions for woody on: deb http://debian.fluidsignal.com/ woody/updates main deb-src http://debian.fluidsignal.com/ woody/updates main Cheers, -- Luis Bustamantemailto:[EMAIL PROTECTED] The Debian Projecthttp://www.debian.org/~luferbu
Re: Bug #173254 Submitted: Snort In Stable Unusable
Quoting Nick Boyce ([EMAIL PROTECTED]): Sander's preferred option would be to remove the Snort package altogether in these circumstances. What would be quicker : remove the package, or add the warning to the web-page ? I guess we ought to do *something*. Hmm... IMHO, nobody reads the webpages at packages.debian.org before installing a pacakge. A prospective user wants an IDS so he/she does 'apt-cache search intrusion detection' sees 'snort - lightweight intrusion detection system' and decides to install it. Atleast, that is what I have seen most people doing. Therefore I would more like to either remove the entire package *OR* add a debconf / other intrusive warning that tells users that the package gives them a fake sense of security and instead they should considder installing snort 1.9.0 from source by doing apt-get source -b snort from the unstable archives or by building it themselves. It's the most effective way to prevent stable users from running outdated security tools. My $0.02, Sander. -- | How many weeks are there in a light year? | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug #173254 Submitted: Snort In Stable Unusable
On Tuesday 17 December 2002 10:36, Sander Smeenk wrote: A prospective user wants an IDS so he/she does 'apt-cache search intrusion detection' sees 'snort - lightweight intrusion detection system' and decides to install it. Atleast, that is what I have seen most people doing. *raises hand* I wondering, could it be an idea to have a fast-moving archive for things like SpamAssassin rules, Nessus plugins, Snort signatures, perhaps virus signatures in the future, etc.? Has there been any discussion on such a topic? That way, one could package these things in separate packages, which is made available in a separate archive, and people can apt-get them from there as they do with security updates. Just a thought. Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug #173254 Submitted: Snort In Stable Unusable
Quoting Kjetil Kjernsmo ([EMAIL PROTECTED]): Atleast, that is what I have seen most people doing. *raises hand* :) I wondering, could it be an idea to have a fast-moving archive for things like SpamAssassin rules, Nessus plugins, Snort signatures, perhaps virus signatures in the future, etc.? Has there been any discussion on such a topic? From reading the previous threads about this sort of issues, links provided to me by the bugsubmitter, I found that there were earlier plans to create such an archive, but I couldn't find anything actually happening. That way, one could package these things in separate packages, which is made available in a separate archive, and people can apt-get them from there as they do with security updates. But sepparating the ruleset from the snort binary distribution doesn't fix the problems as it is now. I mean, if snort.org releases new rulesets they might not work with older versions of the binary, so you'd have to either rewrite the rules for older binaries or release new binaries too. -- | My mind not only wanders, it sometimes leaves completely. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug #173254 Submitted: Snort In Stable Unusable
Quoting Nick Boyce ([EMAIL PROTECTED]): Sander's preferred option would be to remove the Snort package altogether in these circumstances. What would be quicker : remove the package, or add the warning to the web-page ? I guess we ought to do *something*. Hmm... IMHO, nobody reads the webpages at packages.debian.org before installing a pacakge. A prospective user wants an IDS so he/she does 'apt-cache search intrusion detection' sees 'snort - lightweight intrusion detection system' and decides to install it. Atleast, that is what I have seen most people doing. Therefore I would more like to either remove the entire package *OR* add a debconf / other intrusive warning that tells users that the package gives them a fake sense of security and instead they should considder installing snort 1.9.0 from source by doing apt-get source -b snort from the unstable archives or by building it themselves. It's the most effective way to prevent stable users from running outdated security tools. My $0.02, Sander. -- | How many weeks are there in a light year? | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
Re: Bug #173254 Submitted: Snort In Stable Unusable
On Tuesday 17 December 2002 10:36, Sander Smeenk wrote: A prospective user wants an IDS so he/she does 'apt-cache search intrusion detection' sees 'snort - lightweight intrusion detection system' and decides to install it. Atleast, that is what I have seen most people doing. *raises hand* I wondering, could it be an idea to have a fast-moving archive for things like SpamAssassin rules, Nessus plugins, Snort signatures, perhaps virus signatures in the future, etc.? Has there been any discussion on such a topic? That way, one could package these things in separate packages, which is made available in a separate archive, and people can apt-get them from there as they do with security updates. Just a thought. Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/
Re: Bug #173254 Submitted: Snort In Stable Unusable
Quoting Kjetil Kjernsmo ([EMAIL PROTECTED]): Atleast, that is what I have seen most people doing. *raises hand* :) I wondering, could it be an idea to have a fast-moving archive for things like SpamAssassin rules, Nessus plugins, Snort signatures, perhaps virus signatures in the future, etc.? Has there been any discussion on such a topic? From reading the previous threads about this sort of issues, links provided to me by the bugsubmitter, I found that there were earlier plans to create such an archive, but I couldn't find anything actually happening. That way, one could package these things in separate packages, which is made available in a separate archive, and people can apt-get them from there as they do with security updates. But sepparating the ruleset from the snort binary distribution doesn't fix the problems as it is now. I mean, if snort.org releases new rulesets they might not work with older versions of the binary, so you'd have to either rewrite the rules for older binaries or release new binaries too. -- | My mind not only wanders, it sometimes leaves completely. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
Re: Bug #173254 Submitted: Snort In Stable Unusable
On Tue, Dec 17, 2002 at 10:36:52AM +0100, Sander Smeenk wrote: Therefore I would more like to either remove the entire package *OR* add a debconf / other intrusive warning that tells users that the package gives them a fake sense of security and instead they should considder installing snort 1.9.0 from source by doing apt-get source -b snort from the unstable archives or by building it themselves. A third option might be to create a snort-tracker package that makes it easier to build an up-to-date snort binary, complete with up-to-date rules. Similar to pine-tracker, but for a different purpose. I'm not sure if that would be feasible, though. Does snort require significant patching to comply with our filesystem policies? noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpeEHnbtj6Qg.pgp Description: PGP signature
