Please find, for review, the debconf templates and packages descriptions for the snort source package.
This review will last from Tuesday, February 19, 2008 to Friday, February 29, 2008.
Please send reviews as unified diffs (diff -u) against the original
files. Comments about your proposed changes will be appreciated.
Your review should be sent as an answer to this mail.
When appropriate, I will send intermediate requests for review, with
"[RFRn]" (n>=2) as a subject tag.
When we will reach a consensus, I send a "Last Chance For
Comments" mail with "[LCFC]" as a subject tag.
Finally, the reviewed templates will be sent to the package maintainer
as a bug report, and a mail will be sent to this list with "[BTS]" as
a subject tag.
Rationale:
--- ../snort.old/debian/snort.templates 2008-01-25 06:17:03.829193343 +0100
+++ debian/snort.templates 2008-02-13 18:41:57.654679252 +0100
@@ -1,10 +1,10 @@
Template: snort/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Split out choices.
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Avoid interrogative form
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Unpersonnalize
Template: snort/interface
Type: string
@@ -14,18 +14,18 @@
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
- Typically this is the same interface than the 'default route' is on. You can
+ Typically, this is the same interface than the 'default route' is on. You can
The comma seems mandatory, here
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ and configured in promiscuous mode. If this is your case, select the
Splitting in two sentences seems more logical
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
Missing final dot
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
Avoid making reference to the interface ("here"). As this is not
really entirely useful, this can be done by just dropping "here"
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,13 +33,13 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
More common way to mage suggestions to users
192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ separated by ',' (comma characters). Do not use spaces.
Avoid exclamation mark (more neutral language)
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', no side of the network will be trusted.
Simplify the wording
.
- Notice that if you are using multiple interfaces this definition will
+ Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
More common wording ("Please note")
Template: snort/disable_promiscuous
@@ -47,18 +47,18 @@
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
+ addressed to its own interface. Enabling it allows Snort to check
+ every packet that passes Ethernet segment even if it's a connection
between two other computers.
s/it's/its
Capitalize Ethernet
Template: snort/invalid_interface
-Type: note
+Type: error
Use the error type for this
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
+ system or be down). Please specify a valid interface when prompted for
+ which interface(s) should Snort listen on.
More common wording.
Avoid "answering the question" and use "prompted for"
.
- If you did not configure an interface then the package is trying to use the
+ If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
See above rationale
Template: snort/reverse_order
@@ -76,55 +76,53 @@
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ .
+ Please choose whether you want to activate this feature.
Do not make reference to users' actions. That one is mandatory.
Template: snort/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that will receive the logs analysis
+ information from daily Snort runs.
That verbosity seems pretty redundant.
Template: snort/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additionnal option you want to use with Snort.
Standardized wording
Template: snort/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Again.
Template: snort/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
Do not use a full sentence as note "title".
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
And more neutral wording
Template: snort/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
+Type: error
+_Description: Configuration error
Same than above
+ The Snort configuration is invalid and Snort will not be able to start
Unpersonnalize
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
- files for different interfaces)
+ files for different interfaces).
Final dot
Template: snort/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
Essentially the same proposed changes
--- ../snort.old/debian/snort-mysql.templates 2008-01-25 06:17:03.837193938 +0100
+++ debian/snort-mysql.templates 2008-02-13 18:55:06.918679131 +0100
Changes are repeated for many templates files.
Specific to that file:
Template: snort-mysql/configure_db
Type: boolean
Default: true
-_Description: Do you want to set up a database for snort-mysql to log to?
- You only need to do this the first time you install snort-mysql. Before
- you go on, make sure you have (1) the hostname of a machine running a
- mysql server set up to allow tcp connections from this host, (2) a
- database on that server, (3) a username and password to access the
- database. If you don't have _all_ of these, either select 'no' and run
- with regular file logging support, or fix this first. You can always
- configure database logging later, by reconfiguring the snort-mysql
- package with 'dpkg-reconfigure -plow snort-mysql'
+_Description: Set up a database for snort-mysql to log to?
+ Database setup is only required the first time snort-mysql is installed
+ on a system. Before continuing, you should
+ make sure you have:
+ .
+ - the server host name (that server must allow TCP connections
+ from this machine);
+ - a database on that server
+ - a username and password to access the database.
+ .
+ In case some of these requirements are missing, do not choose to set
+ up the database and run
+ with regular file logging support.
+ .
+ You can configure database logging later, by reconfiguring the snort-mysql
+ package with 'dpkg-reconfigure -plow snort-mysql'.
More neutral wording again.
Template: snort-mysql/db_host
Type: string
_Description: Database server hostname:
- Make sure it has been set up correctly to allow incoming connections from
- this host!
+ Please mention the host name of a PostgreSQL database server that allows
+ incoming connection from this host.
Avoid exclam. mark
Template: snort-mysql/db_database
Type: string
-_Description: Database to use:
- Make sure this database has been created and your database user has write
- access to this database.
+_Description: Database name:
+ Please mention the name of an existing database which you have write
+ access to.
What we're asking is the name of the database...
Template: snort-mysql/db_user
Type: string
_Description: Username for database access:
- Make sure this user has been created and has write access.
+ Please mention a database server user name with write access to the database.
More standard wording
Template: snort-mysql/db_pass
Type: password
_Description: Password for the database connection:
- Please enter a password to connect to the Snort Alert database.
-
+ Please enter the password to use to connect to the Snort Alert database.
...again
Template: snort-mysql/needs_db_config
Type: note
-_Description: Snort needs a configured database to log to before it starts
+_Description: Configured database mandatory for Snort
No full sentence
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
+ .
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
+ .
Fill in the correct values for the user, host, and database names.
MySQL will prompt you for the password.
.
After you created the database structure, you will need to start Snort
manually.
.../...
Many other *.templates files are changed as well, but all changes are
repetitions of these ones (templates files are very complicated in
that package....I hope I didn't mess up with all these repetitions).
Template: snort/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value usually is 'eth0', but you might want to vary this depending
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
Typically, this is the same interface than the 'default route' is on. You can
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
and configured in promiscuous mode. If this is your case, select the
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
192.168.1.42/32 for just one. Specify multiple addresses on a single line
separated by ',' (comma characters). Do not use spaces.
.
If you specify 'any', no side of the network will be trusted.
.
Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
Template: snort/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to its own interface. Enabling it allows Snort to check
every packet that passes Ethernet segment even if it's a connection
between two other computers.
Template: snort/invalid_interface
Type: error
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
system or be down). Please specify a valid interface when prompted for
which interface(s) should Snort listen on.
.
If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
Template: snort/reverse_order
Type: boolean
Default: false
_Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
If you change Snort's rules testing order to Pass|Alert|Log, they will be
applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
This will prevent people from having to make huge Berky Packet Filter
command line arguments to filter their alert rules.
Template: snort/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
.
Please choose whether you want to activate this feature.
Template: snort/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that will receive the logs analysis
information from daily Snort runs.
Template: snort/options
Type: string
_Description: Additional custom options:
Please specify any additionnal option you want to use with Snort.
Template: snort/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort/config_error
Type: error
_Description: Configuration error
The Snort configuration is invalid and Snort will not be able to start
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
files for different interfaces).
Template: snort/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-mysql/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort-mysql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value usually is 'eth0', but you might want to vary this depending
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
Typically, this is the same interface than the 'default route' is on. You can
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
and configured in promiscuous mode. If this is your case, select the
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort-mysql/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
192.168.1.42/32 for just one. Specify multiple addresses on a single line
separated by ',' (comma characters). Do not use spaces.
.
If you specify 'any', no side of the network will be trusted.
.
Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
Template: snort-mysql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to its own interface. Enabling it allows Snort to check
every packet that passes Ethernet segment even if it's a connection
between two other computers.
Template: snort-mysql/invalid_interface
Type: error
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
system or be down). Please specify a valid interface when prompted for
which interface(s) should Snort listen on.
.
If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
Template: snort-mysql/reverse_order
Type: boolean
Default: false
_Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
If you change Snort's rules testing order to Pass|Alert|Log, they will be
applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
This will prevent people from having to make huge Berky Packet Filter
command line arguments to filter their alert rules.
Template: snort-mysql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
.
Please choose whether you want to activate this feature.
Template: snort-mysql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that will receive the logs analysis
information from daily Snort runs.
Template: snort-mysql/options
Type: string
_Description: Additional custom options:
Please specify any additionnal option you want to use with Snort.
Template: snort-mysql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort-mysql/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort-mysql/config_error
Type: error
_Description: Configuration error
The Snort configuration is invalid and Snort will not be able to start
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
files for different interfaces).
Template: snort-mysql/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-mysql/configure_db
Type: boolean
Default: true
_Description: Set up a database for snort-mysql to log to?
Database setup is only required the first time snort-mysql is installed
on a system. Before continuing, you should
make sure you have:
.
- the server host name (that server must allow TCP connections
from this machine);
- a database on that server
- a username and password to access the database.
.
In case some of these requirements are missing, do not choose to set
up the database and run
with regular file logging support.
.
You can configure database logging later, by reconfiguring the snort-mysql
package with 'dpkg-reconfigure -plow snort-mysql'.
Template: snort-mysql/db_host
Type: string
_Description: Database server hostname:
Please mention the host name of a MySQL database server that allows
incoming connection from this host.
Template: snort-mysql/db_database
Type: string
_Description: Database name:
Please mention the name of an existing database which you have write
access to.
Template: snort-mysql/db_user
Type: string
_Description: Username for database access:
Please mention a database server user name with write access to the database.
Template: snort-mysql/db_pass
Type: password
_Description: Password for the database connection:
Please enter the password to use to connect to the Snort Alert database.
Template: snort-mysql/needs_db_config
Type: note
_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
.
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
.
Fill in the correct values for the user, host, and database names.
MySQL will prompt you for the password.
.
After you created the database structure, you will need to start Snort
manually.
Template: snort-pgsql/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort-pgsql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value usually is 'eth0', but you might want to vary this depending
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
Typically, this is the same interface than the 'default route' is on. You can
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
and configured in promiscuous mode. If this is your case, select the
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort-pgsql/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
192.168.1.42/32 for just one. Specify multiple addresses on a single line
separated by ',' (comma characters). Do not use spaces.
.
If you specify 'any', no side of the network will be trusted.
.
Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
Template: snort-pgsql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to its own interface. Enabling it allows Snort to check
every packet that passes Ethernet segment even if it's a connection
between two other computers.
Template: snort-pgsql/invalid_interface
Type: error
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
system or be down). Please specify a valid interface when prompted for
which interface(s) should Snort listen on.
.
If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
Template: snort-pgsql/reverse_order
Type: boolean
Default: false
_Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
If you change Snort's rules testing order to Pass|Alert|Log, they will be
applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
This will prevent people from having to make huge Berky Packet Filter
command line arguments to filter their alert rules.
Template: snort-pgsql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
.
Please choose whether you want to activate this feature.
Template: snort-pgsql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that will receive the logs analysis
information from daily Snort runs.
Template: snort-pgsql/options
Type: string
_Description: Additional custom options:
Please specify any additionnal option you want to use with Snort.
Template: snort-pgsql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort-pgsql/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort-pgsql/config_error
Type: error
_Description: Configuration error
The Snort configuration is invalid and Snort will not be able to start
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
files for different interfaces).
Template: snort-pgsql/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-pgsql/configure_db
Type: boolean
Default: true
_Description: Set up a database for snort-pgsql to log to?
Database setup is only required the first time snort-pgsql is installed
on a system. Before continuing, you should
make sure you have:
.
- the PostgreSQL server host name (that server must allow connections
from this machine);
- a database on that server
- a username and password to access the database.
.
In case some of these requirements are missing, do not choose to set
up the database and run
with regular file logging support.
.
You can configure database logging later, by reconfiguring the snort-pgsql
package with 'dpkg-reconfigure -plow snort-pgsql'.
Template: snort-pgsql/db_host
Type: string
_Description: Database server hostname:
Please mention the host name of a database server that allows
incoming connection from this host.
Template: snort-pgsql/db_database
Type: string
_Description: Database name:
Please mention the name of an existing database which you have write
access to.
Template: snort-pgsql/db_user
Type: string
_Description: Username for database access:
Please mention a database server user name with write access to the database.
Template: snort-pgsql/db_pass
Type: password
_Description: Password for the database connection:
Please enter the password to use to connect to the Snort Alert database.
Template: snort-pgsql/needs_db_config
Type: note
_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
.
cd /usr/share/doc/snort-pgsql/
zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename>
.
Fill in the correct values for the user, host, and database names.
PostgreSQL will prompt you for the password.
.
After you created the database structure, you will need to start Snort
manually.
Template: snort/deprecated_config
Type: note
_Description: Deprecated configuration file
The Snort configuration file (/etc/snort/snort.conf) uses deprecated
options no longer available for this Snort release.
Snort will not be able to start unless you provide a correct configuration
file. You can substitute the configuration file with the one provided
in this package or fix it manually by removing deprecated options.
.
The following deprecated options were found in the configuration file:
${DEP_CONFIG}.
--- snort.old/debian/snort.templates 2008-01-25 06:17:03.829193343 +0100
+++ snort/debian/snort.templates 2008-02-13 18:41:57.654679252 +0100
@@ -1,10 +1,10 @@
Template: snort/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Template: snort/interface
Type: string
@@ -14,18 +14,18 @@
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
- Typically this is the same interface than the 'default route' is on. You can
+ Typically, this is the same interface than the 'default route' is on. You can
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ and configured in promiscuous mode. If this is your case, select the
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,13 +33,13 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ separated by ',' (comma characters). Do not use spaces.
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', no side of the network will be trusted.
.
- Notice that if you are using multiple interfaces this definition will
+ Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
Template: snort/disable_promiscuous
@@ -47,18 +47,18 @@
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
+ addressed to its own interface. Enabling it allows Snort to check
+ every packet that passes Ethernet segment even if it's a connection
between two other computers.
Template: snort/invalid_interface
-Type: note
+Type: error
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
+ system or be down). Please specify a valid interface when prompted for
+ which interface(s) should Snort listen on.
.
- If you did not configure an interface then the package is trying to use the
+ If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
Template: snort/reverse_order
@@ -76,55 +76,53 @@
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ .
+ Please choose whether you want to activate this feature.
Template: snort/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that will receive the logs analysis
+ information from daily Snort runs.
Template: snort/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additionnal option you want to use with Snort.
Template: snort/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Template: snort/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
Template: snort/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
+Type: error
+_Description: Configuration error
+ The Snort configuration is invalid and Snort will not be able to start
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
- files for different interfaces)
+ files for different interfaces).
Template: snort/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
--- snort.old/debian/snort-mysql.templates 2008-01-25 06:17:03.837193938 +0100
+++ snort/debian/snort-mysql.templates 2008-02-19 07:49:28.997812396 +0100
@@ -1,10 +1,10 @@
Template: snort-mysql/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Template: snort-mysql/interface
Type: string
@@ -14,18 +14,18 @@
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
- Typically this is the same interface than the 'default route' is on. You can
+ Typically, this is the same interface than the 'default route' is on. You can
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ and configured in promiscuous mode. If this is your case, select the
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,13 +33,13 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ separated by ',' (comma characters). Do not use spaces.
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', no side of the network will be trusted.
.
- Notice that if you are using multiple interfaces this definition will
+ Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
Template: snort-mysql/disable_promiscuous
@@ -47,18 +47,18 @@
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
+ addressed to its own interface. Enabling it allows Snort to check
+ every packet that passes Ethernet segment even if it's a connection
between two other computers.
Template: snort-mysql/invalid_interface
-Type: note
+Type: error
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
+ system or be down). Please specify a valid interface when prompted for
+ which interface(s) should Snort listen on.
.
- If you did not configure an interface then the package is trying to use the
+ If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
Template: snort-mysql/reverse_order
@@ -76,103 +76,109 @@
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ .
+ Please choose whether you want to activate this feature.
Template: snort-mysql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that will receive the logs analysis
+ information from daily Snort runs.
Template: snort-mysql/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additionnal option you want to use with Snort.
Template: snort-mysql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Template: snort-mysql/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
Template: snort-mysql/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
+Type: error
+_Description: Configuration error
+ The Snort configuration is invalid and Snort will not be able to start
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
- files for different interfaces)
+ files for different interfaces).
Template: snort-mysql/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
Template: snort-mysql/configure_db
Type: boolean
Default: true
-_Description: Do you want to set up a database for snort-mysql to log to?
- You only need to do this the first time you install snort-mysql. Before
- you go on, make sure you have (1) the hostname of a machine running a
- mysql server set up to allow tcp connections from this host, (2) a
- database on that server, (3) a username and password to access the
- database. If you don't have _all_ of these, either select 'no' and run
- with regular file logging support, or fix this first. You can always
- configure database logging later, by reconfiguring the snort-mysql
- package with 'dpkg-reconfigure -plow snort-mysql'
+_Description: Set up a database for snort-mysql to log to?
+ Database setup is only required the first time snort-mysql is installed
+ on a system. Before continuing, you should
+ make sure you have:
+ .
+ - the server host name (that server must allow TCP connections
+ from this machine);
+ - a database on that server
+ - a username and password to access the database.
+ .
+ In case some of these requirements are missing, do not choose to set
+ up the database and run
+ with regular file logging support.
+ .
+ You can configure database logging later, by reconfiguring the snort-mysql
+ package with 'dpkg-reconfigure -plow snort-mysql'.
Template: snort-mysql/db_host
Type: string
_Description: Database server hostname:
- Make sure it has been set up correctly to allow incoming connections from
- this host!
+ Please mention the host name of a MySQL database server that allows
+ incoming connection from this host.
Template: snort-mysql/db_database
Type: string
-_Description: Database to use:
- Make sure this database has been created and your database user has write
- access to this database.
+_Description: Database name:
+ Please mention the name of an existing database which you have write
+ access to.
Template: snort-mysql/db_user
Type: string
_Description: Username for database access:
- Make sure this user has been created and has write access.
+ Please mention a database server user name with write access to the database.
Template: snort-mysql/db_pass
Type: password
_Description: Password for the database connection:
- Please enter a password to connect to the Snort Alert database.
-
+ Please enter the password to use to connect to the Snort Alert database.
Template: snort-mysql/needs_db_config
Type: note
-_Description: Snort needs a configured database to log to before it starts
+_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
+ .
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
+ .
Fill in the correct values for the user, host, and database names.
MySQL will prompt you for the password.
.
--- snort.old/debian/snort-pgsql.templates 2008-01-25 06:17:03.897206503 +0100
+++ snort/debian/snort-pgsql.templates 2008-02-13 18:56:12.490678748 +0100
@@ -1,10 +1,10 @@
Template: snort-pgsql/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Template: snort-pgsql/interface
Type: string
@@ -14,18 +14,18 @@
on your environment, if you are using a dialup connection 'ppp0' might
be more appropiate (Hint: use 'ip link show' of 'ifconfig').
.
- Typically this is the same interface than the 'default route' is on. You can
+ Typically, this is the same interface than the 'default route' is on. You can
determine which interface is used for this running either '/sbin/ip ro sh' or
'/sbin/route -n' (look for 'default' or '0.0.0.0').
.
It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ and configured in promiscuous mode. If this is your case, select the
interface in this system that is physically connected to the network
you want to inspect, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,13 +33,13 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ separated by ',' (comma characters). Do not use spaces.
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', no side of the network will be trusted.
.
- Notice that if you are using multiple interfaces this definition will
+ Please note that if you are using multiple interfaces, this definition will
be used as the HOME_NET definition of all of them.
Template: snort-pgsql/disable_promiscuous
@@ -47,18 +47,18 @@
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
+ addressed to its own interface. Enabling it allows Snort to check
+ every packet that passes Ethernet segment even if it's a connection
between two other computers.
Template: snort-pgsql/invalid_interface
-Type: note
+Type: error
_Description: Invalid interface
One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
+ system or be down). Please specify a valid interface when prompted for
+ which interface(s) should Snort listen on.
.
- If you did not configure an interface then the package is trying to use the
+ If you did not specify an interface, then the package is trying to use the
default ('eth0') which does not seem to be valid in your system.
Template: snort-pgsql/reverse_order
@@ -76,103 +76,109 @@
_Description: Should daily summaries be sent by e-mail?
This Snort installation provides a cron job that runs daily and
summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ .
+ Please choose whether you want to activate this feature.
Template: snort-pgsql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that will receive the logs analysis
+ information from daily Snort runs.
Template: snort-pgsql/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additionnal option you want to use with Snort.
Template: snort-pgsql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Template: snort-pgsql/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
Template: snort-pgsql/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
+Type: error
+_Description: Configuration error
+ The Snort configuration is invalid and Snort will not be able to start
up normally. Please review your configuration and fix it. If you do not
do this, Snort package upgrades will probably break. To check which error
is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
(or point to an alternate configuration file if you are using different
- files for different interfaces)
+ files for different interfaces).
Template: snort-pgsql/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
Template: snort-pgsql/configure_db
Type: boolean
Default: true
-_Description: Do you want to set up a database for snort-pgsql to log to?
- You only need to do this the first time you install snort-pgsql. Before
- you go on, make sure you have (1) the hostname of a machine running a
- pgsql server set up to allow tcp connections from this host, (2) a
- database on that server, (3) a username and password to access the
- database. If you don't have _all_ of these, either select 'no' and run
- with regular file logging support, or fix this first. You can always
- configure database logging later, by reconfiguring the snort-pgsql
- package with 'dpkg-reconfigure -plow snort-pgsql'
+_Description: Set up a database for snort-pgsql to log to?
+ Database setup is only required the first time snort-pgsql is installed
+ on a system. Before continuing, you should
+ make sure you have:
+ .
+ - the PostgreSQL server host name (that server must allow connections
+ from this machine);
+ - a database on that server
+ - a username and password to access the database.
+ .
+ In case some of these requirements are missing, do not choose to set
+ up the database and run
+ with regular file logging support.
+ .
+ You can configure database logging later, by reconfiguring the snort-pgsql
+ package with 'dpkg-reconfigure -plow snort-pgsql'.
Template: snort-pgsql/db_host
Type: string
_Description: Database server hostname:
- Make sure it has been set up correctly to allow incoming connections from
- this host!
+ Please mention the host name of a database server that allows
+ incoming connection from this host.
Template: snort-pgsql/db_database
Type: string
-_Description: Database to use:
- Make sure this database has been created and your database user has write
- access to this database.
+_Description: Database name:
+ Please mention the name of an existing database which you have write
+ access to.
Template: snort-pgsql/db_user
Type: string
_Description: Username for database access:
- Make sure this user has been created and has write access.
+ Please mention a database server user name with write access to the database.
Template: snort-pgsql/db_pass
Type: password
_Description: Password for the database connection:
- Please enter a password to connect to the Snort Alert database.
-
+ Please enter the password to use to connect to the Snort Alert database.
Template: snort-pgsql/needs_db_config
Type: note
-_Description: Snort needs a configured database to log to before it starts
+_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
+ .
cd /usr/share/doc/snort-pgsql/
zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename>
+ .
Fill in the correct values for the user, host, and database names.
PostgreSQL will prompt you for the password.
.
--- snort.old/debian/snort-common.templates 2008-01-25 06:17:03.897206503 +0100
+++ snort/debian/snort-common.templates 2008-02-14 07:39:56.994700943 +0100
@@ -1,11 +1,11 @@
Template: snort/deprecated_config
Type: note
-_Description: Your configuration file is deprecated
- Your Snort configuration file (/etc/snort/snort.conf) uses deprecated
+_Description: Deprecated configuration file
+ The Snort configuration file (/etc/snort/snort.conf) uses deprecated
options no longer available for this Snort release.
Snort will not be able to start unless you provide a correct configuration
- file. You can substitute your configuration file with the one provided
+ file. You can substitute the configuration file with the one provided
in this package or fix it manually by removing deprecated options.
.
- The following deprecated options were found in your configuration file:
- ${DEP_CONFIG}
+ The following deprecated options were found in the configuration file:
+ ${DEP_CONFIG}.
Source: snort
Section: net
Priority: optional
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Uploaders: Pascal Hakim <pasc@debian.org>
Build-Depends: libnet1-dev, libpcap0.8-dev, libpcre3-dev, debhelper (>= 4.1.13), libmysqlclient15-dev | libmysqlclient-dev, libpq-dev, po-debconf (>= 0.5.0), libprelude-dev, iptables-dev
Build-Depends-Indep: texlive, texlive-latex-base, gs-common
Standards-Version: 3.5.6
Package: snort
Architecture: any
Pre-Depends: adduser (>= 3.11)
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort-mysql, snort-pgsql
Replaces: snort-common (<< 2.0.2-3)
Recommends: snort-doc
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
.
This package provides the plain-vanilla snort distribution and does not
provide database (available in snort-pgsql and snort-mysql) support.
Package: snort-common
Architecture: all
Pre-Depends: adduser (>= 3.11)
Depends: perl-modules, debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, lsb-base
Conflicts: snort (<< ${binary:Version})
Replaces: snort (<< 1.8.4beta1-1)
Suggests: snort-doc
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System [common files]
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
.
This is a common package which holds cron jobs, tools and config files used
by all Snort-based packages.
Package: snort-doc
Architecture: all
Priority: optional
Section: doc
Homepage: http://www.snort.org/
Description: Documentation for the Snort IDS [documentation]
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Package: snort-mysql
Provides: snort
Architecture: any
Priority: extra
Pre-Depends: adduser (>= 3.11)
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort, snort-pgsql
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System [MySQL]
Distribution of Snort with support for logging to a MySQL database.
.
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Package: snort-pgsql
Provides: snort
Architecture: any
Priority: optional
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort, snort-mysql
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System [PostgreSQL]
Distribution of Snort with support for logging to a PostgreSQL dbase.
.
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Package: snort-rules-default
Provides: snort-rules
Architecture: all
Depends: debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}
Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
Recommends: oinkmaster
Homepage: http://www.snort.org/rules/
Description: Flexible Network Intrusion Detection System ruleset
Snort default ruleset which provides a common set of accepted and test
network intrusion detection rules developed by the Snort community.
.
These rules can be used as a basis for development of additional rules.
Package: snort-common-libraries
Architecture: any
Depends: ${shlibs:Depends}
Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
Conflicts: snort-common (<< 2.7.0-6)
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System ruleset
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
.
This package provides libraries used by all the Snort binary packages.
Attachment:
signature.asc
Description: Digital signature