Summary
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
Versions
v2.9.20 :: 0 :: gentoo
- Modified
- License
- GPL-2
- Keywords
- ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~sparc ~x86
- USE flags
- active-response control-socket debug file-inspect flexresp3 gre high-availability inline-init-failopen large-pcap-64bit libtirpc linux-smp-stats non-ether-decoders open-appid perfprofiling ppm react reload-error-restart selinux shared-rep side-channel sourcefire threads
USE flags
General
- active-response
- Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments.
- control-socket
- Enables Snort's control socket.
- debug
- Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
- file-inspect
- Enables extended file inspection capabilities.
- flexresp3
- Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2.
- gre
- Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headers. Only needed if you are monitoring GRE tunnels.
- high-availability
- Enables high-availability state sharing.
- inline-init-failopen
- Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection.
- large-pcap-64bit
- Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!
- libtirpc
- Build against net-libs/libtirpc for RPC support
- linux-smp-stats
- Enable accurate statistics reporting through /proc on systems with multiple processors.
- non-ether-decoders
- Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc.
- open-appid
- Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires dev-lang/luajit.
- perfprofiling
- Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor.
- ppm
- Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments.
- react
- Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections.
- reload-error-restart
- Enables support for completely restarting snort if an error is detected during a reload.
- selinux
- !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
- shared-rep
- Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems)
- side-channel
- Enables Snort's side channel.
- sourcefire
- Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm.
- threads
- Add threads support for various packages. Usually pthreads
lua_single_target
- luajit
- Build for LuaJIT only
Dependencies
acct-group / snort : System group: snort
acct-user / snort : User for snort
dev-lang / luajit : Just-In-Time Compiler for the Lua programming language
dev-libs / libdnet : Simplified, portable interface to several low-level networking routines
dev-libs / libpcre : Perl-compatible regular expression library
net-libs / libnsl : Public client interface for NIS(YP) in a IPv6 ready version
net-libs / libpcap : A system-independent library for user-level network packet capture
net-libs / libtirpc : Transport Independent RPC library (SunRPC replacement)
Runtime Dependencies
acct-group / snort : System group: snort
acct-user / snort : User for snort
dev-lang / luajit : Just-In-Time Compiler for the Lua programming language
dev-libs / libdnet : Simplified, portable interface to several low-level networking routines
dev-libs / libpcre : Perl-compatible regular expression library
net-libs / libnsl : Public client interface for NIS(YP) in a IPv6 ready version
net-libs / libpcap : A system-independent library for user-level network packet capture
net-libs / libtirpc : Transport Independent RPC library (SunRPC replacement)
sec-policy / selinux-snort : SELinux policy for snort
sys-libs / glibc : GNU libc C library
sys-libs / zlib : Standard (de)compression library
virtual / tmpfiles : Virtual to select between different tmpfiles.d handlers
Depending packages
net-analyzer / barnyard : Fast output system for Snort
Bugs
- 363769
- net-analyzer/snort 2.9.4.6 needs explicit parameter to find daq
- 571550
- =net-analyzer/snort-2.9.8.0 - WARNING: /var/run/snort is invalid, trying /var/run... // Previous Error, errno=13, (Permission denied)
- 773343
- net-analyzer/snort-2.9.16-r100 undefined symbol: SSLHAPostConfigInit
- 784074
- net-analyzer/snort-2.9.17 snort -c /etc/snort/snort.conf => undefined symbol: SSLHAPostConfigInit
- 899930
- net-analyzer/snort-2.9.20 has implicit function declarations in configure logs (GCC-13-SYSTEM)
- 918617
- net-analyzer/snort: IP geolocation rule circumvention
- 921185
- net-analyzer/snort-2.9.20 fails to compile (GCC-14-SYSTEM): dce2_smb.c:6932:60: error: pointer type mismatch in conditional expression [-Wincompatible-pointer-types]
- 928296
- net-analyzer/snort: version bump 3.1.83.0
- 934152
- net-analyzer/snort-2.9.20 fails to compile: fcntl2.h:50:11: error: call to __open_missing_mode declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
- 943927
- net-analyzer/snort-2.9.20 - [libtool] [gcc-15] file_decomp_PDF.c: error: conflicting types for File_Decomp_PDF; have fd_status_t(struct fd_session_s ) {aka enum fd_status
- 945295
- net-analyzer/snort-2.9.20 fails to compile: getopt_long.c:293:23: error: too many arguments to function getenv
Change logs
- Repository mirror & CI · gentoo
Merge updates from master - Eli Schwartz · gentoo
net-analyzer/snort: update EAPI 7 -> 8
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> - Eli Schwartz · gentoo
net-analyzer/snort: add 2.9.20
Upstream update fixes the misnamed USE=debug code. Fails to fix anything else... they did add some code to handle libtirpc. It looks like this: ``` ################################################## # Centos 8+ does not have inbuilt SunRPC support # # in glibc and is separately availble in tirpc # # package. Make sure we've got the library and # # link it # ################################################## if test -f /etc/centos-release ; then [...] ``` Obviously this doesn't work... There is also a snort 3.x which may be better but it looks like a lot more work to package, and upstream still lists both as "stable releases"? Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> - Eli Schwartz · gentoo
net-analyzer/snort: mark as LTO-unsafe, strict-aliasing unsafe
Closes: https://bugs.gentoo.org/861239 Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
net-analyzer/snort: drop 2.9.17
Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Repository mirror & CI · gentoo
Merge updates from master - John Helmert III · gentoo
net-analyzer/snort: drop 2.9.16, 2.9.16-r100
Bug: https://bugs.gentoo.org/765466 Signed-off-by: John Helmert III <ajak@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
net-analyzer/snort: multilib--
Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
net-analyzer/snort: multilib--
Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
net-analyzer/snort: forcefully remove .la files
Fixes build with slibtool where they don't exist in the first place. Closes: https://bugs.gentoo.org/775179 Signed-off-by: Sam James <sam@gentoo.org> - Alessandro Barbieri · gentoo
net-analyzer/snort: fix ip path
Closes: https://bugs.gentoo.org/792297 Package-Manager: Portage-3.0.15, Repoman-3.0.2 Signed-off-by: Alessandro Barbieri <lssndrbarbieri@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/19699 Signed-off-by: Sam James <sam@gentoo.org> - John Helmert III · gentoo
net-analyzer/snort: drop 2.9.15
Closes: https://github.com/gentoo/gentoo/pull/19071 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: John Helmert III <ajak@gentoo.org> - John Helmert III · gentoo
net-analyzer/snort: add 2.9.17
Drop GCC 10 patch, unconditionally disable static, convert to GLEP 81. Bug: https://bugs.gentoo.org/765466 Closes: https://bugs.gentoo.org/781365 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: John Helmert III <ajak@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Andreas K. Huettel · gentoo
net-analyzer/snort: Remove old
Bug: https://bugs.gentoo.org/706858 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Andreas K. Huettel <dilfridge@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sam James · gentoo
net-analyzer/snort: Keyword 2.9.16-r100 arm64, #728712
Signed-off-by: Sam James <sam@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Marek Szuba · gentoo
net-analyzer/snort: migrate to lua-single.eclass
Only supports luajit so simple enough. Closes: https://bugs.gentoo.org/752783 Signed-off-by: Marek Szuba <marecki@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Jeroen Roovers · gentoo
net-analyzer/snort: Version 2.9.16
Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Jeroen Roovers <jer@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Michał Górny · gentoo
*/*: Bump copyright on files touched this year
Update the copyright notice on all files that were touched since January 1st but did not have the notice updated. Signed-off-by: Michał Górny <mgorny@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - David Seifert · gentoo
net-analyzer/snort: [QA] Fix UnnecessarySlashStrip
Signed-off-by: David Seifert <soap@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Jeroen Roovers · gentoo
net-analyzer/snort: Fix CFLAGS=-fno-common
While there, drop a couple of ineffective sed scripts. Package-Manager: Portage-2.3.86, Repoman-2.3.20 Closes: https://bugs.gentoo.org/show_bug.cgi?id=706858 Signed-off-by: Jeroen Roovers <jer@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Jeroen Roovers · gentoo
net-analyzer/snort: Version 2.9.15.1
Package-Manager: Portage-2.3.84, Repoman-2.3.20 Closes: https://bugs.gentoo.org/691886 Signed-off-by: Jeroen Roovers <jer@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Jeroen Roovers · gentoo
net-analyzer/snort: Version 2.9.15
Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Jeroen Roovers <jer@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sergei Trofimovich · gentoo
net-analyzer/snort: drop old
Main target here is snort-2.9.4.6-r1 which OOMs m4 at src_prepare(). While at it drop EAPI=5 ebuilds and a few older revbumps. Package-Manager: Portage-2.3.56, Repoman-2.3.12 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-analyzer/snort: bump to v2.9.12
Closes: https://bugs.gentoo.org/550366 Closes: https://bugs.gentoo.org/618822 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Michael Mair-Keimberger · gentoo
net-analyzer/snort: use HTTPS, fix SRC_URI - Andreas K. Hüttel · gentoo
net-analyzer/snort: Depend unconditionally on libnsl
Package-Manager: Portage-2.3.13, Repoman-2.3.4 - Andreas K. Hüttel · gentoo
net-analyzer/snort: Allow building against libtirpc for rpc support, bug 631314
Closes: https://bugs.gentoo.org/631314 Package-Manager: Portage-2.3.10, Repoman-2.3.3 - Robin H. Johnson · gentoo
Drop $Id$ per council decision in bug #611234.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> - T. Malfatti · gentoo
media-libs/portaudio: Version bump - Zero_Chaos · gentoo
net-analyzer/snort: remove errant code block which should have been removed as part of USE=-* cleanup
Package-Manager: portage-2.3.1 - Sergei Trofimovich · gentoo
net-analyzer/snort: fix USE="-*" build failures, bug #595512
Minimum buildable configurations is: USE="-* targetbased normalizer mpls" Surrounding code assumes availability enums and defines guarded by these flags. Enable them unconditionally. Bug: https://bugs.gentoo.org/595512 Package-Manager: portage-2.3.2 - Patrick Lauer · gentoo
net-analyzer/snort: Bump #587194
Package-Manager: portage-2.3.0 - Patrick Lauer · gentoo
net-analyzer/snort: Bump
Package-Manager: portage-2.2.28 - Patrice Clement · gentoo
Merge remote-tracking branch 'github/pr/503'. - Patrick Lauer · gentoo
net-analyzer/snort: Bump
Package-Manager: portage-2.2.26 - Robin H. Johnson · gentoo
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed