Please find, for review, the debconf templates and packages descriptions for the snort source package. This review will last from Tuesday, February 19, 2008 to Friday, February 29, 2008. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- ../snort.old/debian/snort.templates 2008-01-25 06:17:03.829193343 +0100 +++ debian/snort.templates 2008-02-13 18:41:57.654679252 +0100 @@ -1,10 +1,10 @@ Template: snort/startup Type: select -_Choices: boot, dialup, manual +__Choices: boot, dialup, manual Split out choices. Default: boot -_Description: When should Snort be started? +_Description: Snort start method: Avoid interrogative form Snort can be started during boot, when connecting to the net with pppd or - only when you manually start it via /usr/sbin/snort. + only manually with the /usr/sbin/snort command. Unpersonnalize Template: snort/interface Type: string @@ -14,18 +14,18 @@ on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . - Typically this is the same interface than the 'default route' is on. You can + Typically, this is the same interface than the 'default route' is on. You can The comma seems mandatory, here determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP - and configured in promiscuous mode, if this is your case, select the + and configured in promiscuous mode. If this is your case, select the Splitting in two sentences seems more logical interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected - to a 'port mirroring/spanning' port in a switch, to a hub or to a tap) + to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). Missing final dot . - You can configure multiple interfaces here, just by adding more than + You can configure multiple interfaces, just by adding more than Avoid making reference to the interface ("here"). As this is not really entirely useful, this can be done by just dropping "here" one interface name separated by spaces. Each interface can have its specific configuration. @@ -33,13 +33,13 @@ Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: - You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or + Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or More common way to mage suggestions to users 192.168.1.42/32 for just one. Specify multiple addresses on a single line - separated by ',' (comma characters), no spaces allowed! + separated by ',' (comma characters). Do not use spaces. Avoid exclamation mark (more neutral language) . - If you want you can specify 'any', to not trust any side of the network. + If you specify 'any', no side of the network will be trusted. Simplify the wording . - Notice that if you are using multiple interfaces this definition will + Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. More common wording ("Please note") Template: snort/disable_promiscuous @@ -47,18 +47,18 @@ Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets - addressed to it's own interface. Enabling it allows Snort to check - every packet that passes ethernet segment even if it's a connection + addressed to its own interface. Enabling it allows Snort to check + every packet that passes Ethernet segment even if it's a connection between two other computers. s/it's/its Capitalize Ethernet Template: snort/invalid_interface -Type: note +Type: error Use the error type for this _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the - system or be down). Please introduce a valid interface when answering the - question of which interface(s) should Snort listen on. + system or be down). Please specify a valid interface when prompted for + which interface(s) should Snort listen on. More common wording. Avoid "answering the question" and use "prompted for" . - If you did not configure an interface then the package is trying to use the + If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. See above rationale Template: snort/reverse_order @@ -76,55 +76,53 @@ _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. - If you want to disable this feature say 'no' here. + . + Please choose whether you want to activate this feature. Do not make reference to users' actions. That one is mandatory. Template: snort/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: - A cron job running daily will summarise the information of the logs - generated by Snort using a script called 'snort-stat'. Introduce - here the recipient of these mails. The default value is the system - administrator. If you keep this value, make sure that the mail of - the administrator is redirected to a user that actually reads those - mails. + Please specify the e-mail address that will receive the logs analysis + information from daily Snort runs. That verbosity seems pretty redundant. Template: snort/options Type: string _Description: Additional custom options: - If you want to specify custom options to Snort, please specify them here. + Please specify any additionnal option you want to use with Snort. Standardized wording Template: snort/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: - An alert needs to appear more times than this number to be included in the - daily statistics. + Please enter the minimum number of alert occurrences before a given alert is + included in the daily statistics. Again. Template: snort/please_restart_manually Type: note -_Description: You are running Snort manually - Please restart Snort using: - /etc/init.d/snort start - to let the settings take effect. +_Description: Snort restart required Do not use a full sentence as note "title". + As Snort is manually launched, you need to run '/etc/init.d/snort' for + the changes to take place. And more neutral wording Template: snort/config_error -Type: note -_Description: There is an error in your configuration - Your Snort configuration is not correct and Snort will not be able to start +Type: error +_Description: Configuration error Same than above + The Snort configuration is invalid and Snort will not be able to start Unpersonnalize up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different - files for different interfaces) + files for different interfaces). Final dot Template: snort/config_parameters -Type: note -_Description: This system uses an obsolete configuration file - Your system has an obsolete configuration file +Type: error +_Description: Obsolete configuration file + This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration - file format (at /etc/default/snort). Please review the new configuration - and remove the obsolete one. Until you do this, the init.d script - will not use the new configuration and you will not take advantage - of the benefits introduced in newer releases. + file format (at /etc/default/snort). + . + Please review the new configuration and remove the obsolete + one. Until you do this, the initialization script will not use the new + configuration and you will not take advantage of the benefits + introduced in newer releases. Essentially the same proposed changes --- ../snort.old/debian/snort-mysql.templates 2008-01-25 06:17:03.837193938 +0100 +++ debian/snort-mysql.templates 2008-02-13 18:55:06.918679131 +0100 Changes are repeated for many templates files. Specific to that file: Template: snort-mysql/configure_db Type: boolean Default: true -_Description: Do you want to set up a database for snort-mysql to log to? - You only need to do this the first time you install snort-mysql. Before - you go on, make sure you have (1) the hostname of a machine running a - mysql server set up to allow tcp connections from this host, (2) a - database on that server, (3) a username and password to access the - database. If you don't have _all_ of these, either select 'no' and run - with regular file logging support, or fix this first. You can always - configure database logging later, by reconfiguring the snort-mysql - package with 'dpkg-reconfigure -plow snort-mysql' +_Description: Set up a database for snort-mysql to log to? + Database setup is only required the first time snort-mysql is installed + on a system. Before continuing, you should + make sure you have: + . + - the server host name (that server must allow TCP connections + from this machine); + - a database on that server + - a username and password to access the database. + . + In case some of these requirements are missing, do not choose to set + up the database and run + with regular file logging support. + . + You can configure database logging later, by reconfiguring the snort-mysql + package with 'dpkg-reconfigure -plow snort-mysql'. More neutral wording again. Template: snort-mysql/db_host Type: string _Description: Database server hostname: - Make sure it has been set up correctly to allow incoming connections from - this host! + Please mention the host name of a PostgreSQL database server that allows + incoming connection from this host. Avoid exclam. mark Template: snort-mysql/db_database Type: string -_Description: Database to use: - Make sure this database has been created and your database user has write - access to this database. +_Description: Database name: + Please mention the name of an existing database which you have write + access to. What we're asking is the name of the database... Template: snort-mysql/db_user Type: string _Description: Username for database access: - Make sure this user has been created and has write access. + Please mention a database server user name with write access to the database. More standard wording Template: snort-mysql/db_pass Type: password _Description: Password for the database connection: - Please enter a password to connect to the Snort Alert database. - + Please enter the password to use to connect to the Snort Alert database. ...again Template: snort-mysql/needs_db_config Type: note -_Description: Snort needs a configured database to log to before it starts +_Description: Configured database mandatory for Snort No full sentence Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: + . cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename> + . Fill in the correct values for the user, host, and database names. MySQL will prompt you for the password. . After you created the database structure, you will need to start Snort manually. .../... Many other *.templates files are changed as well, but all changes are repetitions of these ones (templates files are very complicated in that package....I hope I didn't mess up with all these repetitions).
Template: snort/startup Type: select __Choices: boot, dialup, manual Default: boot _Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or only manually with the /usr/sbin/snort command. Template: snort/interface Type: string Default: eth0 _Description: Interface(s) which Snort should listen on: This value usually is 'eth0', but you might want to vary this depending on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . Typically, this is the same interface than the 'default route' is on. You can determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP and configured in promiscuous mode. If this is your case, select the interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. Template: snort/address_range Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or 192.168.1.42/32 for just one. Specify multiple addresses on a single line separated by ',' (comma characters). Do not use spaces. . If you specify 'any', no side of the network will be trusted. . Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. Template: snort/disable_promiscuous Type: boolean Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets addressed to its own interface. Enabling it allows Snort to check every packet that passes Ethernet segment even if it's a connection between two other computers. Template: snort/invalid_interface Type: error _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the system or be down). Please specify a valid interface when prompted for which interface(s) should Snort listen on. . If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. Template: snort/reverse_order Type: boolean Default: false _Description: Should Snort's rules testing order be changed to Pass|Alert|Log? If you change Snort's rules testing order to Pass|Alert|Log, they will be applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log. This will prevent people from having to make huge Berky Packet Filter command line arguments to filter their alert rules. Template: snort/send_stats Type: boolean Default: true _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. . Please choose whether you want to activate this feature. Template: snort/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: Please specify the e-mail address that will receive the logs analysis information from daily Snort runs. Template: snort/options Type: string _Description: Additional custom options: Please specify any additionnal option you want to use with Snort. Template: snort/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: Please enter the minimum number of alert occurrences before a given alert is included in the daily statistics. Template: snort/please_restart_manually Type: note _Description: Snort restart required As Snort is manually launched, you need to run '/etc/init.d/snort' for the changes to take place. Template: snort/config_error Type: error _Description: Configuration error The Snort configuration is invalid and Snort will not be able to start up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different files for different interfaces). Template: snort/config_parameters Type: error _Description: Obsolete configuration file This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration file format (at /etc/default/snort). . Please review the new configuration and remove the obsolete one. Until you do this, the initialization script will not use the new configuration and you will not take advantage of the benefits introduced in newer releases.
Template: snort-mysql/startup Type: select __Choices: boot, dialup, manual Default: boot _Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or only manually with the /usr/sbin/snort command. Template: snort-mysql/interface Type: string Default: eth0 _Description: Interface(s) which Snort should listen on: This value usually is 'eth0', but you might want to vary this depending on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . Typically, this is the same interface than the 'default route' is on. You can determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP and configured in promiscuous mode. If this is your case, select the interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. Template: snort-mysql/address_range Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or 192.168.1.42/32 for just one. Specify multiple addresses on a single line separated by ',' (comma characters). Do not use spaces. . If you specify 'any', no side of the network will be trusted. . Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. Template: snort-mysql/disable_promiscuous Type: boolean Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets addressed to its own interface. Enabling it allows Snort to check every packet that passes Ethernet segment even if it's a connection between two other computers. Template: snort-mysql/invalid_interface Type: error _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the system or be down). Please specify a valid interface when prompted for which interface(s) should Snort listen on. . If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. Template: snort-mysql/reverse_order Type: boolean Default: false _Description: Should Snort's rules testing order be changed to Pass|Alert|Log? If you change Snort's rules testing order to Pass|Alert|Log, they will be applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log. This will prevent people from having to make huge Berky Packet Filter command line arguments to filter their alert rules. Template: snort-mysql/send_stats Type: boolean Default: true _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. . Please choose whether you want to activate this feature. Template: snort-mysql/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: Please specify the e-mail address that will receive the logs analysis information from daily Snort runs. Template: snort-mysql/options Type: string _Description: Additional custom options: Please specify any additionnal option you want to use with Snort. Template: snort-mysql/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: Please enter the minimum number of alert occurrences before a given alert is included in the daily statistics. Template: snort-mysql/please_restart_manually Type: note _Description: Snort restart required As Snort is manually launched, you need to run '/etc/init.d/snort' for the changes to take place. Template: snort-mysql/config_error Type: error _Description: Configuration error The Snort configuration is invalid and Snort will not be able to start up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different files for different interfaces). Template: snort-mysql/config_parameters Type: error _Description: Obsolete configuration file This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration file format (at /etc/default/snort). . Please review the new configuration and remove the obsolete one. Until you do this, the initialization script will not use the new configuration and you will not take advantage of the benefits introduced in newer releases. Template: snort-mysql/configure_db Type: boolean Default: true _Description: Set up a database for snort-mysql to log to? Database setup is only required the first time snort-mysql is installed on a system. Before continuing, you should make sure you have: . - the server host name (that server must allow TCP connections from this machine); - a database on that server - a username and password to access the database. . In case some of these requirements are missing, do not choose to set up the database and run with regular file logging support. . You can configure database logging later, by reconfiguring the snort-mysql package with 'dpkg-reconfigure -plow snort-mysql'. Template: snort-mysql/db_host Type: string _Description: Database server hostname: Please mention the host name of a MySQL database server that allows incoming connection from this host. Template: snort-mysql/db_database Type: string _Description: Database name: Please mention the name of an existing database which you have write access to. Template: snort-mysql/db_user Type: string _Description: Username for database access: Please mention a database server user name with write access to the database. Template: snort-mysql/db_pass Type: password _Description: Password for the database connection: Please enter the password to use to connect to the Snort Alert database. Template: snort-mysql/needs_db_config Type: note _Description: Configured database mandatory for Snort Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: . cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename> . Fill in the correct values for the user, host, and database names. MySQL will prompt you for the password. . After you created the database structure, you will need to start Snort manually.
Template: snort-pgsql/startup Type: select __Choices: boot, dialup, manual Default: boot _Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or only manually with the /usr/sbin/snort command. Template: snort-pgsql/interface Type: string Default: eth0 _Description: Interface(s) which Snort should listen on: This value usually is 'eth0', but you might want to vary this depending on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . Typically, this is the same interface than the 'default route' is on. You can determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP and configured in promiscuous mode. If this is your case, select the interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. Template: snort-pgsql/address_range Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or 192.168.1.42/32 for just one. Specify multiple addresses on a single line separated by ',' (comma characters). Do not use spaces. . If you specify 'any', no side of the network will be trusted. . Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. Template: snort-pgsql/disable_promiscuous Type: boolean Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets addressed to its own interface. Enabling it allows Snort to check every packet that passes Ethernet segment even if it's a connection between two other computers. Template: snort-pgsql/invalid_interface Type: error _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the system or be down). Please specify a valid interface when prompted for which interface(s) should Snort listen on. . If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. Template: snort-pgsql/reverse_order Type: boolean Default: false _Description: Should Snort's rules testing order be changed to Pass|Alert|Log? If you change Snort's rules testing order to Pass|Alert|Log, they will be applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log. This will prevent people from having to make huge Berky Packet Filter command line arguments to filter their alert rules. Template: snort-pgsql/send_stats Type: boolean Default: true _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. . Please choose whether you want to activate this feature. Template: snort-pgsql/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: Please specify the e-mail address that will receive the logs analysis information from daily Snort runs. Template: snort-pgsql/options Type: string _Description: Additional custom options: Please specify any additionnal option you want to use with Snort. Template: snort-pgsql/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: Please enter the minimum number of alert occurrences before a given alert is included in the daily statistics. Template: snort-pgsql/please_restart_manually Type: note _Description: Snort restart required As Snort is manually launched, you need to run '/etc/init.d/snort' for the changes to take place. Template: snort-pgsql/config_error Type: error _Description: Configuration error The Snort configuration is invalid and Snort will not be able to start up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different files for different interfaces). Template: snort-pgsql/config_parameters Type: error _Description: Obsolete configuration file This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration file format (at /etc/default/snort). . Please review the new configuration and remove the obsolete one. Until you do this, the initialization script will not use the new configuration and you will not take advantage of the benefits introduced in newer releases. Template: snort-pgsql/configure_db Type: boolean Default: true _Description: Set up a database for snort-pgsql to log to? Database setup is only required the first time snort-pgsql is installed on a system. Before continuing, you should make sure you have: . - the PostgreSQL server host name (that server must allow connections from this machine); - a database on that server - a username and password to access the database. . In case some of these requirements are missing, do not choose to set up the database and run with regular file logging support. . You can configure database logging later, by reconfiguring the snort-pgsql package with 'dpkg-reconfigure -plow snort-pgsql'. Template: snort-pgsql/db_host Type: string _Description: Database server hostname: Please mention the host name of a database server that allows incoming connection from this host. Template: snort-pgsql/db_database Type: string _Description: Database name: Please mention the name of an existing database which you have write access to. Template: snort-pgsql/db_user Type: string _Description: Username for database access: Please mention a database server user name with write access to the database. Template: snort-pgsql/db_pass Type: password _Description: Password for the database connection: Please enter the password to use to connect to the Snort Alert database. Template: snort-pgsql/needs_db_config Type: note _Description: Configured database mandatory for Snort Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: . cd /usr/share/doc/snort-pgsql/ zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename> . Fill in the correct values for the user, host, and database names. PostgreSQL will prompt you for the password. . After you created the database structure, you will need to start Snort manually.
Template: snort/deprecated_config Type: note _Description: Deprecated configuration file The Snort configuration file (/etc/snort/snort.conf) uses deprecated options no longer available for this Snort release. Snort will not be able to start unless you provide a correct configuration file. You can substitute the configuration file with the one provided in this package or fix it manually by removing deprecated options. . The following deprecated options were found in the configuration file: ${DEP_CONFIG}.
--- snort.old/debian/snort.templates 2008-01-25 06:17:03.829193343 +0100 +++ snort/debian/snort.templates 2008-02-13 18:41:57.654679252 +0100 @@ -1,10 +1,10 @@ Template: snort/startup Type: select -_Choices: boot, dialup, manual +__Choices: boot, dialup, manual Default: boot -_Description: When should Snort be started? +_Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or - only when you manually start it via /usr/sbin/snort. + only manually with the /usr/sbin/snort command. Template: snort/interface Type: string @@ -14,18 +14,18 @@ on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . - Typically this is the same interface than the 'default route' is on. You can + Typically, this is the same interface than the 'default route' is on. You can determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP - and configured in promiscuous mode, if this is your case, select the + and configured in promiscuous mode. If this is your case, select the interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected - to a 'port mirroring/spanning' port in a switch, to a hub or to a tap) + to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . - You can configure multiple interfaces here, just by adding more than + You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. @@ -33,13 +33,13 @@ Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: - You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or + Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or 192.168.1.42/32 for just one. Specify multiple addresses on a single line - separated by ',' (comma characters), no spaces allowed! + separated by ',' (comma characters). Do not use spaces. . - If you want you can specify 'any', to not trust any side of the network. + If you specify 'any', no side of the network will be trusted. . - Notice that if you are using multiple interfaces this definition will + Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. Template: snort/disable_promiscuous @@ -47,18 +47,18 @@ Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets - addressed to it's own interface. Enabling it allows Snort to check - every packet that passes ethernet segment even if it's a connection + addressed to its own interface. Enabling it allows Snort to check + every packet that passes Ethernet segment even if it's a connection between two other computers. Template: snort/invalid_interface -Type: note +Type: error _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the - system or be down). Please introduce a valid interface when answering the - question of which interface(s) should Snort listen on. + system or be down). Please specify a valid interface when prompted for + which interface(s) should Snort listen on. . - If you did not configure an interface then the package is trying to use the + If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. Template: snort/reverse_order @@ -76,55 +76,53 @@ _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. - If you want to disable this feature say 'no' here. + . + Please choose whether you want to activate this feature. Template: snort/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: - A cron job running daily will summarise the information of the logs - generated by Snort using a script called 'snort-stat'. Introduce - here the recipient of these mails. The default value is the system - administrator. If you keep this value, make sure that the mail of - the administrator is redirected to a user that actually reads those - mails. + Please specify the e-mail address that will receive the logs analysis + information from daily Snort runs. Template: snort/options Type: string _Description: Additional custom options: - If you want to specify custom options to Snort, please specify them here. + Please specify any additionnal option you want to use with Snort. Template: snort/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: - An alert needs to appear more times than this number to be included in the - daily statistics. + Please enter the minimum number of alert occurrences before a given alert is + included in the daily statistics. Template: snort/please_restart_manually Type: note -_Description: You are running Snort manually - Please restart Snort using: - /etc/init.d/snort start - to let the settings take effect. +_Description: Snort restart required + As Snort is manually launched, you need to run '/etc/init.d/snort' for + the changes to take place. Template: snort/config_error -Type: note -_Description: There is an error in your configuration - Your Snort configuration is not correct and Snort will not be able to start +Type: error +_Description: Configuration error + The Snort configuration is invalid and Snort will not be able to start up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different - files for different interfaces) + files for different interfaces). Template: snort/config_parameters -Type: note -_Description: This system uses an obsolete configuration file - Your system has an obsolete configuration file +Type: error +_Description: Obsolete configuration file + This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration - file format (at /etc/default/snort). Please review the new configuration - and remove the obsolete one. Until you do this, the init.d script - will not use the new configuration and you will not take advantage - of the benefits introduced in newer releases. + file format (at /etc/default/snort). + . + Please review the new configuration and remove the obsolete + one. Until you do this, the initialization script will not use the new + configuration and you will not take advantage of the benefits + introduced in newer releases. --- snort.old/debian/snort-mysql.templates 2008-01-25 06:17:03.837193938 +0100 +++ snort/debian/snort-mysql.templates 2008-02-19 07:49:28.997812396 +0100 @@ -1,10 +1,10 @@ Template: snort-mysql/startup Type: select -_Choices: boot, dialup, manual +__Choices: boot, dialup, manual Default: boot -_Description: When should Snort be started? +_Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or - only when you manually start it via /usr/sbin/snort. + only manually with the /usr/sbin/snort command. Template: snort-mysql/interface Type: string @@ -14,18 +14,18 @@ on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . - Typically this is the same interface than the 'default route' is on. You can + Typically, this is the same interface than the 'default route' is on. You can determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP - and configured in promiscuous mode, if this is your case, select the + and configured in promiscuous mode. If this is your case, select the interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected - to a 'port mirroring/spanning' port in a switch, to a hub or to a tap) + to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . - You can configure multiple interfaces here, just by adding more than + You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. @@ -33,13 +33,13 @@ Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: - You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or + Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or 192.168.1.42/32 for just one. Specify multiple addresses on a single line - separated by ',' (comma characters), no spaces allowed! + separated by ',' (comma characters). Do not use spaces. . - If you want you can specify 'any', to not trust any side of the network. + If you specify 'any', no side of the network will be trusted. . - Notice that if you are using multiple interfaces this definition will + Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. Template: snort-mysql/disable_promiscuous @@ -47,18 +47,18 @@ Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets - addressed to it's own interface. Enabling it allows Snort to check - every packet that passes ethernet segment even if it's a connection + addressed to its own interface. Enabling it allows Snort to check + every packet that passes Ethernet segment even if it's a connection between two other computers. Template: snort-mysql/invalid_interface -Type: note +Type: error _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the - system or be down). Please introduce a valid interface when answering the - question of which interface(s) should Snort listen on. + system or be down). Please specify a valid interface when prompted for + which interface(s) should Snort listen on. . - If you did not configure an interface then the package is trying to use the + If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. Template: snort-mysql/reverse_order @@ -76,103 +76,109 @@ _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. - If you want to disable this feature say 'no' here. + . + Please choose whether you want to activate this feature. Template: snort-mysql/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: - A cron job running daily will summarise the information of the logs - generated by Snort using a script called 'snort-stat'. Introduce - here the recipient of these mails. The default value is the system - administrator. If you keep this value, make sure that the mail of - the administrator is redirected to a user that actually reads those - mails. + Please specify the e-mail address that will receive the logs analysis + information from daily Snort runs. Template: snort-mysql/options Type: string _Description: Additional custom options: - If you want to specify custom options to Snort, please specify them here. + Please specify any additionnal option you want to use with Snort. Template: snort-mysql/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: - An alert needs to appear more times than this number to be included in the - daily statistics. + Please enter the minimum number of alert occurrences before a given alert is + included in the daily statistics. Template: snort-mysql/please_restart_manually Type: note -_Description: You are running Snort manually - Please restart Snort using: - /etc/init.d/snort start - to let the settings take effect. +_Description: Snort restart required + As Snort is manually launched, you need to run '/etc/init.d/snort' for + the changes to take place. Template: snort-mysql/config_error -Type: note -_Description: There is an error in your configuration - Your Snort configuration is not correct and Snort will not be able to start +Type: error +_Description: Configuration error + The Snort configuration is invalid and Snort will not be able to start up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different - files for different interfaces) + files for different interfaces). Template: snort-mysql/config_parameters -Type: note -_Description: This system uses an obsolete configuration file - Your system has an obsolete configuration file +Type: error +_Description: Obsolete configuration file + This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration - file format (at /etc/default/snort). Please review the new configuration - and remove the obsolete one. Until you do this, the init.d script - will not use the new configuration and you will not take advantage - of the benefits introduced in newer releases. + file format (at /etc/default/snort). + . + Please review the new configuration and remove the obsolete + one. Until you do this, the initialization script will not use the new + configuration and you will not take advantage of the benefits + introduced in newer releases. Template: snort-mysql/configure_db Type: boolean Default: true -_Description: Do you want to set up a database for snort-mysql to log to? - You only need to do this the first time you install snort-mysql. Before - you go on, make sure you have (1) the hostname of a machine running a - mysql server set up to allow tcp connections from this host, (2) a - database on that server, (3) a username and password to access the - database. If you don't have _all_ of these, either select 'no' and run - with regular file logging support, or fix this first. You can always - configure database logging later, by reconfiguring the snort-mysql - package with 'dpkg-reconfigure -plow snort-mysql' +_Description: Set up a database for snort-mysql to log to? + Database setup is only required the first time snort-mysql is installed + on a system. Before continuing, you should + make sure you have: + . + - the server host name (that server must allow TCP connections + from this machine); + - a database on that server + - a username and password to access the database. + . + In case some of these requirements are missing, do not choose to set + up the database and run + with regular file logging support. + . + You can configure database logging later, by reconfiguring the snort-mysql + package with 'dpkg-reconfigure -plow snort-mysql'. Template: snort-mysql/db_host Type: string _Description: Database server hostname: - Make sure it has been set up correctly to allow incoming connections from - this host! + Please mention the host name of a MySQL database server that allows + incoming connection from this host. Template: snort-mysql/db_database Type: string -_Description: Database to use: - Make sure this database has been created and your database user has write - access to this database. +_Description: Database name: + Please mention the name of an existing database which you have write + access to. Template: snort-mysql/db_user Type: string _Description: Username for database access: - Make sure this user has been created and has write access. + Please mention a database server user name with write access to the database. Template: snort-mysql/db_pass Type: password _Description: Password for the database connection: - Please enter a password to connect to the Snort Alert database. - + Please enter the password to use to connect to the Snort Alert database. Template: snort-mysql/needs_db_config Type: note -_Description: Snort needs a configured database to log to before it starts +_Description: Configured database mandatory for Snort Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: + . cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename> + . Fill in the correct values for the user, host, and database names. MySQL will prompt you for the password. . --- snort.old/debian/snort-pgsql.templates 2008-01-25 06:17:03.897206503 +0100 +++ snort/debian/snort-pgsql.templates 2008-02-13 18:56:12.490678748 +0100 @@ -1,10 +1,10 @@ Template: snort-pgsql/startup Type: select -_Choices: boot, dialup, manual +__Choices: boot, dialup, manual Default: boot -_Description: When should Snort be started? +_Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or - only when you manually start it via /usr/sbin/snort. + only manually with the /usr/sbin/snort command. Template: snort-pgsql/interface Type: string @@ -14,18 +14,18 @@ on your environment, if you are using a dialup connection 'ppp0' might be more appropiate (Hint: use 'ip link show' of 'ifconfig'). . - Typically this is the same interface than the 'default route' is on. You can + Typically, this is the same interface than the 'default route' is on. You can determine which interface is used for this running either '/sbin/ip ro sh' or '/sbin/route -n' (look for 'default' or '0.0.0.0'). . It is also not uncommon to use an interface with no IP - and configured in promiscuous mode, if this is your case, select the + and configured in promiscuous mode. If this is your case, select the interface in this system that is physically connected to the network you want to inspect, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected - to a 'port mirroring/spanning' port in a switch, to a hub or to a tap) + to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . - You can configure multiple interfaces here, just by adding more than + You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. @@ -33,13 +33,13 @@ Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: - You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or + Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or 192.168.1.42/32 for just one. Specify multiple addresses on a single line - separated by ',' (comma characters), no spaces allowed! + separated by ',' (comma characters). Do not use spaces. . - If you want you can specify 'any', to not trust any side of the network. + If you specify 'any', no side of the network will be trusted. . - Notice that if you are using multiple interfaces this definition will + Please note that if you are using multiple interfaces, this definition will be used as the HOME_NET definition of all of them. Template: snort-pgsql/disable_promiscuous @@ -47,18 +47,18 @@ Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets - addressed to it's own interface. Enabling it allows Snort to check - every packet that passes ethernet segment even if it's a connection + addressed to its own interface. Enabling it allows Snort to check + every packet that passes Ethernet segment even if it's a connection between two other computers. Template: snort-pgsql/invalid_interface -Type: note +Type: error _Description: Invalid interface One of the interfaces you specified is not valid (it might not exist on the - system or be down). Please introduce a valid interface when answering the - question of which interface(s) should Snort listen on. + system or be down). Please specify a valid interface when prompted for + which interface(s) should Snort listen on. . - If you did not configure an interface then the package is trying to use the + If you did not specify an interface, then the package is trying to use the default ('eth0') which does not seem to be valid in your system. Template: snort-pgsql/reverse_order @@ -76,103 +76,109 @@ _Description: Should daily summaries be sent by e-mail? This Snort installation provides a cron job that runs daily and summarises the information of Snort logs to a selected email address. - If you want to disable this feature say 'no' here. + . + Please choose whether you want to activate this feature. Template: snort-pgsql/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: - A cron job running daily will summarise the information of the logs - generated by Snort using a script called 'snort-stat'. Introduce - here the recipient of these mails. The default value is the system - administrator. If you keep this value, make sure that the mail of - the administrator is redirected to a user that actually reads those - mails. + Please specify the e-mail address that will receive the logs analysis + information from daily Snort runs. Template: snort-pgsql/options Type: string _Description: Additional custom options: - If you want to specify custom options to Snort, please specify them here. + Please specify any additionnal option you want to use with Snort. Template: snort-pgsql/stats_treshold Type: string Default: 1 _Description: Minimum occurence to report alerts: - An alert needs to appear more times than this number to be included in the - daily statistics. + Please enter the minimum number of alert occurrences before a given alert is + included in the daily statistics. Template: snort-pgsql/please_restart_manually Type: note -_Description: You are running Snort manually - Please restart Snort using: - /etc/init.d/snort start - to let the settings take effect. +_Description: Snort restart required + As Snort is manually launched, you need to run '/etc/init.d/snort' for + the changes to take place. Template: snort-pgsql/config_error -Type: note -_Description: There is an error in your configuration - Your Snort configuration is not correct and Snort will not be able to start +Type: error +_Description: Configuration error + The Snort configuration is invalid and Snort will not be able to start up normally. Please review your configuration and fix it. If you do not do this, Snort package upgrades will probably break. To check which error is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' (or point to an alternate configuration file if you are using different - files for different interfaces) + files for different interfaces). Template: snort-pgsql/config_parameters -Type: note -_Description: This system uses an obsolete configuration file - Your system has an obsolete configuration file +Type: error +_Description: Obsolete configuration file + This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration - file format (at /etc/default/snort). Please review the new configuration - and remove the obsolete one. Until you do this, the init.d script - will not use the new configuration and you will not take advantage - of the benefits introduced in newer releases. + file format (at /etc/default/snort). + . + Please review the new configuration and remove the obsolete + one. Until you do this, the initialization script will not use the new + configuration and you will not take advantage of the benefits + introduced in newer releases. Template: snort-pgsql/configure_db Type: boolean Default: true -_Description: Do you want to set up a database for snort-pgsql to log to? - You only need to do this the first time you install snort-pgsql. Before - you go on, make sure you have (1) the hostname of a machine running a - pgsql server set up to allow tcp connections from this host, (2) a - database on that server, (3) a username and password to access the - database. If you don't have _all_ of these, either select 'no' and run - with regular file logging support, or fix this first. You can always - configure database logging later, by reconfiguring the snort-pgsql - package with 'dpkg-reconfigure -plow snort-pgsql' +_Description: Set up a database for snort-pgsql to log to? + Database setup is only required the first time snort-pgsql is installed + on a system. Before continuing, you should + make sure you have: + . + - the PostgreSQL server host name (that server must allow connections + from this machine); + - a database on that server + - a username and password to access the database. + . + In case some of these requirements are missing, do not choose to set + up the database and run + with regular file logging support. + . + You can configure database logging later, by reconfiguring the snort-pgsql + package with 'dpkg-reconfigure -plow snort-pgsql'. Template: snort-pgsql/db_host Type: string _Description: Database server hostname: - Make sure it has been set up correctly to allow incoming connections from - this host! + Please mention the host name of a database server that allows + incoming connection from this host. Template: snort-pgsql/db_database Type: string -_Description: Database to use: - Make sure this database has been created and your database user has write - access to this database. +_Description: Database name: + Please mention the name of an existing database which you have write + access to. Template: snort-pgsql/db_user Type: string _Description: Username for database access: - Make sure this user has been created and has write access. + Please mention a database server user name with write access to the database. Template: snort-pgsql/db_pass Type: password _Description: Password for the database connection: - Please enter a password to connect to the Snort Alert database. - + Please enter the password to use to connect to the Snort Alert database. Template: snort-pgsql/needs_db_config Type: note -_Description: Snort needs a configured database to log to before it starts +_Description: Configured database mandatory for Snort Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: + . cd /usr/share/doc/snort-pgsql/ zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename> + . Fill in the correct values for the user, host, and database names. PostgreSQL will prompt you for the password. . --- snort.old/debian/snort-common.templates 2008-01-25 06:17:03.897206503 +0100 +++ snort/debian/snort-common.templates 2008-02-14 07:39:56.994700943 +0100 @@ -1,11 +1,11 @@ Template: snort/deprecated_config Type: note -_Description: Your configuration file is deprecated - Your Snort configuration file (/etc/snort/snort.conf) uses deprecated +_Description: Deprecated configuration file + The Snort configuration file (/etc/snort/snort.conf) uses deprecated options no longer available for this Snort release. Snort will not be able to start unless you provide a correct configuration - file. You can substitute your configuration file with the one provided + file. You can substitute the configuration file with the one provided in this package or fix it manually by removing deprecated options. . - The following deprecated options were found in your configuration file: - ${DEP_CONFIG} + The following deprecated options were found in the configuration file: + ${DEP_CONFIG}.
Source: snort Section: net Priority: optional Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Uploaders: Pascal Hakim <pasc@debian.org> Build-Depends: libnet1-dev, libpcap0.8-dev, libpcre3-dev, debhelper (>= 4.1.13), libmysqlclient15-dev | libmysqlclient-dev, libpq-dev, po-debconf (>= 0.5.0), libprelude-dev, iptables-dev Build-Depends-Indep: texlive, texlive-latex-base, gs-common Standards-Version: 3.5.6 Package: snort Architecture: any Pre-Depends: adduser (>= 3.11) Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate Conflicts: snort-mysql, snort-pgsql Replaces: snort-common (<< 2.0.2-3) Recommends: snort-doc Homepage: http://www.snort.org/ Description: Flexible Network Intrusion Detection System Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. . This package provides the plain-vanilla snort distribution and does not provide database (available in snort-pgsql and snort-mysql) support. Package: snort-common Architecture: all Pre-Depends: adduser (>= 3.11) Depends: perl-modules, debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, lsb-base Conflicts: snort (<< ${binary:Version}) Replaces: snort (<< 1.8.4beta1-1) Suggests: snort-doc Homepage: http://www.snort.org/ Description: Flexible Network Intrusion Detection System [common files] Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. . This is a common package which holds cron jobs, tools and config files used by all Snort-based packages. Package: snort-doc Architecture: all Priority: optional Section: doc Homepage: http://www.snort.org/ Description: Documentation for the Snort IDS [documentation] Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. Package: snort-mysql Provides: snort Architecture: any Priority: extra Pre-Depends: adduser (>= 3.11) Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate Conflicts: snort, snort-pgsql Homepage: http://www.snort.org/ Description: Flexible Network Intrusion Detection System [MySQL] Distribution of Snort with support for logging to a MySQL database. . Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. Package: snort-pgsql Provides: snort Architecture: any Priority: optional Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate Conflicts: snort, snort-mysql Homepage: http://www.snort.org/ Description: Flexible Network Intrusion Detection System [PostgreSQL] Distribution of Snort with support for logging to a PostgreSQL dbase. . Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. Package: snort-rules-default Provides: snort-rules Architecture: all Depends: debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends} Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0) Recommends: oinkmaster Homepage: http://www.snort.org/rules/ Description: Flexible Network Intrusion Detection System ruleset Snort default ruleset which provides a common set of accepted and test network intrusion detection rules developed by the Snort community. . These rules can be used as a basis for development of additional rules. Package: snort-common-libraries Architecture: any Depends: ${shlibs:Depends} Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0) Conflicts: snort-common (<< 2.7.0-6) Homepage: http://www.snort.org/ Description: Flexible Network Intrusion Detection System ruleset Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. . This package provides libraries used by all the Snort binary packages.
Attachment:
signature.asc
Description: Digital signature