Summary
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
Versions
v2.9.12 :: 0 :: gentoo
- Modified
- License
- GPL-2
- Keywords
- ~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86
- USE flags
- active-response control-socket debug file-inspect flexresp3 gre high-availability inline-init-failopen large-pcap-64bit libtirpc linux-smp-stats non-ether-decoders open-appid perfprofiling ppm react reload-error-restart selinux shared-rep side-channel sourcefire static threads
v2.9.8.3-r2 :: 0 :: gentoo
- Modified
- License
- GPL-2
- Keywords
- ~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86
- USE flags
- active-response control-socket debug file-inspect flexresp3 gre high-availability inline-init-failopen large-pcap-64bit libtirpc linux-smp-stats non-ether-decoders perfprofiling ppm react reload-error-restart selinux shared-rep side-channel sourcefire static threads
USE flags
General
- active-response
- Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments.
- control-socket
- Enables Snort's control socket.
- debug
- Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
- file-inspect
- Enables extended file inspection capabilities.
- flexresp3
- Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2.
- gre
- Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headders. Only needed if you are monitoring GRE tunnels.
- high-availability
- Enables high-availability state sharing.
- inline-init-failopen
- Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection.
- large-pcap-64bit
- Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!
- libtirpc
- Build against net-libs/libtirpc for RPC support
- linux-smp-stats
- Enable accurate statistics reporting through /proc on systems with multipule processors.
- non-ether-decoders
- Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc.
- open-appid
- Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires dev-lang/luajit.
- perfprofiling
- Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor.
- ppm
- Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments.
- react
- Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections.
- reload-error-restart
- Enables support for completely restarting snort if an error is detected durring a reload.
- selinux
- !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
- shared-rep
- Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems)
- side-channel
- Enables Snort's the side channel.
- sourcefire
- Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm.
- static
- !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
- threads
- Add threads support for various packages. Usually pthreads
Dependencies
app-portage / elt-patches : Collection of patches for libtool.eclass
dev-lang / luajit : Just-In-Time Compiler for the Lua programming language
dev-libs / libdnet : simplified, portable interface to several low-level networking routines
dev-libs / libpcre : Perl-compatible regular expression library
net-libs / daq : Data Acquisition library, for packet I/O
net-libs / libnsl : Public client interface for NIS(YP) and NIS+ in a IPv6 ready version
net-libs / libpcap : A system-independent library for user-level network packet capture
net-libs / libtirpc : Transport Independent RPC library (SunRPC replacement)
sys-devel / autoconf : Used to create autoconfiguration files
sys-devel / automake : Used to generate Makefile.in from Makefile.am
sys-devel / libtool : A shared library tool for developers
sys-libs / glibc : GNU libc C library
sys-libs / zlib : Standard (de)compression library
virtual / pkgconfig : Virtual for the pkg-config implementation
Runtime Dependencies
dev-lang / luajit : Just-In-Time Compiler for the Lua programming language
dev-libs / libdnet : simplified, portable interface to several low-level networking routines
dev-libs / libpcre : Perl-compatible regular expression library
net-libs / daq : Data Acquisition library, for packet I/O
net-libs / libnsl : Public client interface for NIS(YP) and NIS+ in a IPv6 ready version
net-libs / libpcap : A system-independent library for user-level network packet capture
net-libs / libtirpc : Transport Independent RPC library (SunRPC replacement)
sec-policy / selinux-snort : SELinux policy for snort
sys-libs / glibc : GNU libc C library
sys-libs / zlib : Standard (de)compression library
virtual / tmpfiles : Virtual to select between different tmpfiles.d handlers
Depending packages
net-analyzer / barnyard : Fast output system for Snort
net-analyzer / quidscor : Qualys IDS Correlation Daemon
net-analyzer / sguil-sensor : Sensor part of sguil Network Security Monitoring
Bugs
- 363769
- net-analyzer/snort 2.9.4.6 needs explicit parameter to find daq
- 558454
- net-analyzer/snort-2.9.7.5 - src/preprocessors/Session/session_common.h:140:5: error: unknown type name 'PreprocEvalFuncNode'
- 571550
- =net-analyzer/snort-2.9.8.0 - WARNING: /var/run/snort is invalid, trying /var/run... // Previous Error, errno=13, (Permission denied)
- 605362
- net-analyzer/snort-2.9.8.3-r1 : installs into paths that should be created at runtime
- 614826
- net-analyzer/snort-2.9.9.0 version bump
- 691886
- net-analyzer/snort-2.9.12 : ../.../util.h:374:21: error: static declaration of gettid follows non-static declaration
Change logs
- Repository mirror & CI · gentoo
Merge updates from master - Sergei Trofimovich · gentoo
net-analyzer/snort: drop old
Main target here is snort-2.9.4.6-r1 which OOMs m4 at src_prepare(). While at it drop EAPI=5 ebuilds and a few older revbumps. Package-Manager: Portage-2.3.56, Repoman-2.3.12 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-analyzer/snort: bump to v2.9.12
Closes: https://bugs.gentoo.org/550366 Closes: https://bugs.gentoo.org/618822 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Michael Mair-Keimberger · gentoo
net-analyzer/snort: use HTTPS, fix SRC_URI - Andreas K. Hüttel · gentoo
net-analyzer/snort: Depend unconditionally on libnsl
Package-Manager: Portage-2.3.13, Repoman-2.3.4 - Andreas K. Hüttel · gentoo
net-analyzer/snort: Allow building against libtirpc for rpc support, bug 631314
Closes: https://bugs.gentoo.org/631314 Package-Manager: Portage-2.3.10, Repoman-2.3.3 - Robin H. Johnson · gentoo
Drop $Id$ per council decision in bug #611234.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> - T. Malfatti · gentoo
media-libs/portaudio: Version bump - Zero_Chaos · gentoo
net-analyzer/snort: remove errant code block which should have been removed as part of USE=-* cleanup
Package-Manager: portage-2.3.1 - Sergei Trofimovich · gentoo
net-analyzer/snort: fix USE="-*" build failures, bug #595512
Minimum buildable configurations is: USE="-* targetbased normalizer mpls" Surrounding code assumes availability enums and defines guarded by these flags. Enable them unconditionally. Bug: https://bugs.gentoo.org/595512 Package-Manager: portage-2.3.2 - Patrick Lauer · gentoo
net-analyzer/snort: Bump #587194
Package-Manager: portage-2.3.0 - Patrick Lauer · gentoo
net-analyzer/snort: Bump
Package-Manager: portage-2.2.28 - Patrice Clement · gentoo
Merge remote-tracking branch 'github/pr/503'. - Patrick Lauer · gentoo
net-analyzer/snort: Bump
Package-Manager: portage-2.2.26 - Robin H. Johnson · gentoo
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed