Re: [RFR] templates://snort/{snort.templates,snort-mysql.templates,snort-pgsql .templates,snort-common.templates}
Christian Perrier wrote:
> Your review should be sent as an answer to this mail.
> Template: snort/interface
[...]
> This value usually is 'eth0', but you might want to vary this depending
> on your environment, if you are using a dialup connection 'ppp0' might
> be more appropiate (Hint: use 'ip link show' of 'ifconfig').
Run-on sentence, and assumption that everything depends on my whims.
What's the advantage of "ip link show" (which may not be available)
over "/sbin/ifconfig" (note path) - if not that you can call it as
simply "ip l"?
This value is usually 'eth0', but this may be inappropriate in some
network environments; for a dialup connection 'ppp0' might be more
appropiate (see the output of '/sbin/ifconfig').
> + Typically, this is the same interface than the 'default route' is on. You can
>
> The comma seems mandatory, here
More importantly, "same than" -> "same as" (here, the normal spoken
English way of saying it would probably be "the same interface the
'default route' is on").
> determine which interface is used for this running either '/sbin/ip ro sh' or
> '/sbin/route -n' (look for 'default' or '0.0.0.0').
"By running".
Again, if you're going to mention iproute, it's "ip ro(ute)".
My own assumption would be that anybody who has installed iproute as
a preferred networking toolkit is going to know how to use it.
> It is also not uncommon to use an interface with no IP
> + and configured in promiscuous mode. If this is your case, select the
>
> Splitting in two sentences seems more logical
Make it "For such cases"? And an interface with no Internet
Protocol support is rather uncommon these days. I think it means
"no IP address".
> interface in this system that is physically connected to the network
> you want to inspect, enable promiscuous mode later on and make sure
Maybe "interface in this system" -> "local interface"?
"The network that should be inspected"?
> - You can configure multiple interfaces here, just by adding more than
> + You can configure multiple interfaces, just by adding more than
>
> Avoid making reference to the interface ("here"). As this is not
> really entirely useful, this can be done by just dropping "here"
I'm tempted to reorganise the whole template to say "interface or
space-separated list of interfaces" right at the start, but I think
I've already got enough work to do here.
> Template: snort/address_range
[...]
> _Description: Address range that Snort will listen on:
> - You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
> + Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
s/IPs/addresses/. Also, keeping MJ happy, avoid Latin (this is
after all a sort of combined definition and example).
> 192.168.1.42/32 for just one. Specify multiple addresses on a single line
> + separated by ',' (comma characters). Do not use spaces.
Hang on, it doesn't mean multiple _addresses_ (192.168.1.0/24 is
already multiple addresses). Can't we say something like:
Please use the CIDR form - for example, 192.168.1.0/24 for a block of
256 addresses or 192.168.1.42/32 for just one. Multiple values should
be comma-separated (without spaces).
> + If you specify 'any', no side of the network will be trusted.
Where does trust come into it? I'm not necessarily using Snort as
an IDS; how about "if you specify 'any', Snort will listen on all
available networks"?
> + Please note that if you are using multiple interfaces, this definition will
> be used as the HOME_NET definition of all of them.
A misleading "you": the question isn't whether I'm using eth1, it's
whether Snort should.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
> Template: snort/disable_promiscuous
[...]
> Disabling promiscuous mode means that Snort will only see packets
> + addressed to its own interface. Enabling it allows Snort to check
This should really be something like "addressed to the interface it
is monitoring".
> + every packet that passes Ethernet segment even if it's a connection
^the
> between two other computers.
> Template: snort/invalid_interface
[...]
> _Description: Invalid interface
> One of the interfaces you specified is not valid (it might not exist on the
> + system or be down). Please specify a valid interface when prompted for
> + which interface(s) should Snort listen on.
> ,
> + If you did not specify an interface, then the package is trying to use the
> default ('eth0') which does not seem to be valid in your system.
That first sentence isn't necessarily true; "it might not exist or
be down" has confusing negation scope; and this isn't quite
interrogative enough for the verb ("should") to come before its
subject ("Snort"). Rephrasing:
Snort is trying to use an interface which does not exist or is down.
Either it is defaulting inappropriately to 'eth0', or you specified
one which is invalid.
A template you didn't modify:
> Template: snort/reverse_order
[...]
> _Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
> If you change Snort's rules testing order to Pass|Alert|Log, they will be
> applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
> This will prevent people from having to make huge Berky Packet Filter
> command line arguments to filter their alert rules.
Confusing, especially the bit about BPF (s/Berky/Berkley/, but why
mention a BSD-only utility here?) - I'd suggest:
_Description: Should Snort's testing order be changed to Pass|Alert|Log?
Snort's default testing order is Alert|Pass|Log; if you accept this
option, the order will be changed to Pass|Alert|Log, which can make it
simpler to use Snort with some packet-filtering tools.
> Template: snort/send_stats
> _Description: Should daily summaries be sent by e-mail?
> This Snort installation provides a cron job that runs daily and
> summarises the information of Snort logs to a selected email address.
"This" Snort installation? And "e-mail" or "email"?
A cron job can be set up to send daily summaries of Snort logs to a
selected e-mail address.
> Template: snort/stats_rcpt
[...]
> - here the recipient of these mails. The default value is the system
> - administrator. If you keep this value, make sure that the mail of
> - the administrator is redirected to a user that actually reads those
> - mails.
> + Please specify the e-mail address that will receive the logs analysis
> + information from daily Snort runs.
>
> That verbosity seems pretty redundant.
And indeed wrong; if the appropriate redirection hasn't been set up,
mail to root _won't_ reach a system administrator.
I'm not keen on "the logs analysis information"; and it sounds as if
Snort monitors interfaces once a day, rather than producing
summaries once a day. How about:
Please specify the e-mail address that should receive daily summaries
of Snort logs.
> Template: snort/options
[...]
> + Please specify any additionnal option you want to use with Snort.
>
> Standardized wording
I hope not - s/additionnal/additional/, s/option/options/, and who
says I want to?
Please specify any additional options Snort should use.
> Template: snort/stats_treshold
[...]
> _Description: Minimum occurence to report alerts:
^r ^s
Awkward... I keep coming up with ugly piles of nouns... it would be
much easier if I could talk about "repeats", but that has an implied
off-by-one error. How about:
_Description: Minimum occurrences before alerts are reported:
The word "threshold" (as used in the template name) would be useful
here if it was less obscure (note that it's _misspelled_ there).
> Template: snort/config_error
[...]
> + The Snort configuration is invalid and Snort will not be able to start
> up normally. Please review your configuration and fix it. If you do not
> do this, Snort package upgrades will probably break. To check which error
> is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
> (or point to an alternate configuration file if you are using different
> + files for different interfaces).
Could we split this?
The current Snort configuration is invalid and will prevent Snort
starting up normally. Please review and correct it.
.
To diagnose an error in a Snort configuration file, use
'/usr/sbin/snort -T -c <file>'.
Then in snort-common.templates,
> Template: snort/deprecated_config
[...]
> +_Description: Deprecated configuration file
> + The Snort configuration file (/etc/snort/snort.conf) uses deprecated
> options no longer available for this Snort release.
> Snort will not be able to start unless you provide a correct configuration
> + file. You can substitute the configuration file with the one provided
> in this package or fix it manually by removing deprecated options.
The "sobstitute OLD with NEW" construction (rather than "substitute
NEW for OLD") is slightly colloquial in en_US (and entirely unused
in my own dialect). Say "replace" - or "allow... to be replaced",
if dpkg is going to do it for me.
[...]. Either allow the configuration file to be replaced with the one
provided [...]
> Template: snort-mysql/configure_db
[...]
> + Database setup is only required the first time snort-mysql is installed
> + on a system. Before continuing, you should
> + make sure you have:
This isn't true; having installed and then purged it in the past
doesn't help. On the other hand it's true that you don't need to do
it for every "apt-get install" of a newer version. The clearest way
of saying it that I can find is "Database setup is only required on
initial installation of snort-mysql". But since debconf knows
whether this is one of those times when it needs to do the setup
(hence the "dpkg-reconfigure -plow" recipe below), why not just say:
No database has been set up for Snort to log to. Before continuing,
you should make sure you have:
> + - the server host name (that server must allow TCP connections
> + from this machine);
> + - a database on that server
^;
> + - a username and password to access the database.
> + .
> + In case some of these requirements are missing, do not choose to set
> + up the database and run
> + with regular file logging support.
s/In case/If/; and again ambiguously scoped negation.
If some of these requirements are missing, reject this option and
run with regular file logging support.
.
Database logging can be reconfigured later by running
'dpkg-reconfigure -plow snort-mysql'.
Does this work better split or as a single paragraph?
> Template: snort-mysql/db_host
[...]
> - Make sure it has been set up correctly to allow incoming connections from
> - this host!
> + Please mention the host name of a PostgreSQL database server that allows
specify MySQL
> + incoming connection from this host.
^s
("Mention" is a false friend)
> Template: snort-mysql/db_database
[...]
> + Please mention the name of an existing database which you have write
> + access to.
I may have, but has Snort?
Please specify the name of an existing database to which the
database user has write access.
It would help if this question came after db_user...
> Template: snort-mysql/db_user
[...]
> + Please mention a database server user name with write access to the database.
specify username
User names and usernames are different fields in /etc/passwd.
> Snort needs a configured database before it can successfully start up.
> In order to create the structure you need to run the following commands
> AFTER the package is installed:
> + .
> cd /usr/share/doc/snort-mysql/
> zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
Or just "zcat /usr/share/doc/snort-mysql/create_mysql.gz | ...", but
I suppose that's too long.
> After you created the database structure, you will need to start Snort
^have
> manually.
Meanwhile there's also a control file, which needs at least some
synopsis decapitalisation, but I'm running out of coffee so I'll look
at that later and send as much as I've got so far.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
--- ../snort.old/debian/snort.templates 2008-02-14 13:13:49.000000000 +0000
+++ debian/snort.templates 2008-02-19 14:26:03.000000000 +0000
@@ -1,31 +1,31 @@
Template: snort/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Template: snort/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
- This value usually is 'eth0', but you might want to vary this depending
- on your environment; if you are using a dialup connection 'ppp0' might
- be more appropiate (Hint: use 'ip link show' or 'ifconfig').
- .
- Typically this is the same interface than the 'default route' is on. You can
- determine which interface is used for this running either '/sbin/ip ro sh' or
- '/sbin/route -n' (look for 'default' or '0.0.0.0').
+ This value is usually 'eth0', but this may be inappropriate in some
+ network environments; for a dialup connection 'ppp0' might be more
+ appropiate (see the output of '/sbin/ifconfig').
+ .
+ Typically, this is the same interface as the 'default route' is on. You can
+ determine which interface is used for this by running '/sbin/route -n'
+ (look for '0.0.0.0').
.
- It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ It is also not uncommon to use an interface with no IP address
+ configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
- you want to inspect, enable promiscuous mode later on and make sure
+ that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,98 +33,91 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
- 192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 addresses
+ or 192.168.1.42/32 for just one. Multiple values should be comma-separated
+ (without spaces).
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', Snort will listen on all available networks.
.
- Notice that if you are using multiple interfaces this definition will
- be used as the HOME_NET definition of all of them.
+ Please note that if Snort is configured to use multiple interfaces,
+ it will use this value as the HOME_NET definition for all of them.
Template: snort/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
- between two other computers.
+ addressed to the interface it is monitoring. Enabling it allows Snort to
+ check every packet that passes the Ethernet segment even if it's a
+ connection between two other computers.
Template: snort/invalid_interface
-Type: note
+Type: error
_Description: Invalid interface
- One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
- .
- If you did not configure an interface then the package is trying to use the
- default ('eth0') which does not seem to be valid in your system.
+ Snort is trying to use an interface which does not exist or is down.
+ Either it is defaulting inappropriately to 'eth0', or you specified one
+ which is invalid.
Template: snort/reverse_order
Type: boolean
Default: false
-_Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
- If you change Snort's rules testing order to Pass|Alert|Log, they will be
- applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
- This will prevent people from having to make huge Berky Packet Filter
- command line arguments to filter their alert rules.
+_Description: Should Snort's testing order be changed to Pass|Alert|Log?
+ Snort's default testing order is Alert|Pass|Log; if you accept this
+ option, the order will be changed to Pass|Alert|Log, which can make it
+ simpler to use Snort with some packet-filtering tools.
Template: snort/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
- This Snort installation provides a cron job that runs daily and
- summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ A cron job can be set up to send daily summaries of Snort logs to a
+ selected e-mail address.
+ .
+ Please choose whether you want to activate this feature.
Template: snort/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that should receive daily summaries
+ of Snort logs.
Template: snort/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additional options Snort should use.
Template: snort/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Template: snort/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
Template: snort/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
- up normally. Please review your configuration and fix it. If you do not
- do this, Snort package upgrades will probably break. To check which error
- is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
- (or point to an alternate configuration file if you are using different
- files for different interfaces)
+Type: error
+_Description: Configuration error
+ The current Snort configuration is invalid and will prevent Snort
+ starting up normally. Please review and correct it.
+ .
+ To diagnose an error in a Snort configuration file, use
+ '/usr/sbin/snort -T -c <file>'.
Template: snort/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
--- ../snort.old/debian/snort-mysql.templates 2008-02-14 13:13:49.000000000 +0000
+++ debian/snort-mysql.templates 2008-02-19 15:02:45.000000000 +0000
@@ -1,31 +1,31 @@
Template: snort-mysql/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Template: snort-mysql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
- This value usually is 'eth0', but you might want to vary this depending
- on your environment; if you are using a dialup connection 'ppp0' might
- be more appropiate (Hint: use 'ip link show' or 'ifconfig').
- .
- Typically this is the same interface than the 'default route' is on. You can
- determine which interface is used for this running either '/sbin/ip ro sh' or
- '/sbin/route -n' (look for 'default' or '0.0.0.0').
+ This value is usually 'eth0', but this may be inappropriate in some
+ network environments; for a dialup connection 'ppp0' might be more
+ appropiate (see the output of '/sbin/ifconfig').
+ .
+ Typically, this is the same interface as the 'default route' is on. You can
+ determine which interface is used for this by running '/sbin/route -n'
+ (look for '0.0.0.0').
.
- It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ It is also not uncommon to use an interface with no IP address
+ configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
- you want to inspect, enable promiscuous mode later on and make sure
+ that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,149 +33,147 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
- 192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 addresses
+ or 192.168.1.42/32 for just one. Multiple values should be comma-separated
+ (without spaces).
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', Snort will listen on all available networks.
.
- Notice that if you are using multiple interfaces this definition will
- be used as the HOME_NET definition of all of them.
+ Please note that if Snort is configured to use multiple interfaces,
+ it will use this value as the HOME_NET definition for all of them.
Template: snort-mysql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
- between two other computers.
+ addressed to the interface it is monitoring. Enabling it allows Snort to
+ check every packet that passes the Ethernet segment even if it's a
+ connection between two other computers.
Template: snort-mysql/invalid_interface
-Type: note
+Type: error
_Description: Invalid interface
- One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
- .
- If you did not configure an interface then the package is trying to use the
- default ('eth0') which does not seem to be valid in your system.
+ Snort is trying to use an interface which does not exist or is down.
+ Either it is defaulting inappropriately to 'eth0', or you specified one
+ which is invalid.
Template: snort-mysql/reverse_order
Type: boolean
Default: false
-_Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
- If you change Snort's rules testing order to Pass|Alert|Log, they will be
- applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
- This will prevent people from having to make huge Berky Packet Filter
- command line arguments to filter their alert rules.
+_Description: Should Snort's testing order be changed to Pass|Alert|Log?
+ Snort's default testing order is Alert|Pass|Log; if you accept this
+ option, the order will be changed to Pass|Alert|Log, which can make it
+ simpler to use Snort with some packet-filtering tools.
Template: snort-mysql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
- This Snort installation provides a cron job that runs daily and
- summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ A cron job can be set up to send daily summaries of Snort logs to a
+ selected e-mail address.
+ .
+ Please choose whether you want to activate this feature.
Template: snort-mysql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that should receive daily summaries
+ of Snort logs.
Template: snort-mysql/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additional options Snort should use.
Template: snort-mysql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Template: snort-mysql/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
Template: snort-mysql/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
- up normally. Please review your configuration and fix it. If you do not
- do this, Snort package upgrades will probably break. To check which error
- is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
- (or point to an alternate configuration file if you are using different
- files for different interfaces)
+Type: error
+_Description: Configuration error
+ The current Snort configuration is invalid and will prevent Snort
+ starting up normally. Please review and correct it.
+ .
+ To diagnose an error in a Snort configuration file, use
+ '/usr/sbin/snort -T -c <file>'.
Template: snort-mysql/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
Template: snort-mysql/configure_db
Type: boolean
Default: true
-_Description: Do you want to set up a database for snort-mysql to log to?
- You only need to do this the first time you install snort-mysql. Before
- you go on, make sure you have (1) the hostname of a machine running a
- mysql server set up to allow tcp connections from this host, (2) a
- database on that server, (3) a username and password to access the
- database. If you don't have _all_ of these, either select 'no' and run
- with regular file logging support, or fix this first. You can always
- configure database logging later, by reconfiguring the snort-mysql
- package with 'dpkg-reconfigure -plow snort-mysql'
+_Description: Set up a database for snort-mysql to log to?
+ No database has been set up for Snort to log to. Before continuing,
+ you should make sure you have:
+ .
+ - the server host name (that server must allow TCP connections
+ from this machine);
+ - a database on that server;
+ - a username and password to access the database.
+ .
+ If some of these requirements are missing, reject this option and run
+ with regular file logging support.
+ .
+ Database logging can be reconfigured later by running
+ 'dpkg-reconfigure -plow snort-mysql'.
Template: snort-mysql/db_host
Type: string
_Description: Database server hostname:
- Make sure it has been set up correctly to allow incoming connections from
- this host!
+ Please specify the host name of a MySQL database server that allows
+ incoming connections from this host.
Template: snort-mysql/db_database
Type: string
-_Description: Database to use:
- Make sure this database has been created and your database user has write
- access to this database.
+_Description: Database name:
+ Please specify the name of an existing database to which the
+ database user has write access.
Template: snort-mysql/db_user
Type: string
_Description: Username for database access:
- Make sure this user has been created and has write access.
+ Please specify a database server username with write access to the database.
Template: snort-mysql/db_pass
Type: password
_Description: Password for the database connection:
- Please enter a password to connect to the Snort Alert database.
-
+ Please enter the password to use to connect to the Snort Alert database.
Template: snort-mysql/needs_db_config
Type: note
-_Description: Snort needs a configured database to log to before it starts
+_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
+ .
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
+ .
Fill in the correct values for the user, host, and database names.
MySQL will prompt you for the password.
.
- After you created the database structure, you will need to start Snort
+ After you have created the database structure, you will need to start Snort
manually.
-
--- ../snort.old/debian/snort-pgsql.templates 2008-02-14 13:13:49.000000000 +0000
+++ debian/snort-pgsql.templates 2008-02-19 15:03:41.000000000 +0000
@@ -1,31 +1,31 @@
Template: snort-pgsql/startup
Type: select
-_Choices: boot, dialup, manual
+__Choices: boot, dialup, manual
Default: boot
-_Description: When should Snort be started?
+_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
- only when you manually start it via /usr/sbin/snort.
+ only manually with the /usr/sbin/snort command.
Template: snort-pgsql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
- This value usually is 'eth0', but you might want to vary this depending
- on your environment; if you are using a dialup connection 'ppp0' might
- be more appropiate (Hint: use 'ip link show' or 'ifconfig').
- .
- Typically this is the same interface than the 'default route' is on. You can
- determine which interface is used for this running either '/sbin/ip ro sh' or
- '/sbin/route -n' (look for 'default' or '0.0.0.0').
+ This value is usually 'eth0', but this may be inappropriate in some
+ network environments; for a dialup connection 'ppp0' might be more
+ appropiate (see the output of '/sbin/ifconfig').
+ .
+ Typically, this is the same interface as the 'default route' is on. You can
+ determine which interface is used for this by running '/sbin/route -n'
+ (look for '0.0.0.0').
.
- It is also not uncommon to use an interface with no IP
- and configured in promiscuous mode, if this is your case, select the
+ It is also not uncommon to use an interface with no IP address
+ configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
- you want to inspect, enable promiscuous mode later on and make sure
+ that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
- to a 'port mirroring/spanning' port in a switch, to a hub or to a tap)
+ to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
- You can configure multiple interfaces here, just by adding more than
+ You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
@@ -33,149 +33,147 @@
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
- You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or
- 192.168.1.42/32 for just one. Specify multiple addresses on a single line
- separated by ',' (comma characters), no spaces allowed!
+ Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 addresses
+ or 192.168.1.42/32 for just one. Multiple values should be comma-separated
+ (without spaces).
.
- If you want you can specify 'any', to not trust any side of the network.
+ If you specify 'any', Snort will listen on all available networks.
.
- Notice that if you are using multiple interfaces this definition will
- be used as the HOME_NET definition of all of them.
+ Please note that if Snort is configured to use multiple interfaces,
+ it will use this value as the HOME_NET definition for all of them.
Template: snort-pgsql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
- addressed to it's own interface. Enabling it allows Snort to check
- every packet that passes ethernet segment even if it's a connection
- between two other computers.
+ addressed to the interface it is monitoring. Enabling it allows Snort to
+ check every packet that passes the Ethernet segment even if it's a
+ connection between two other computers.
Template: snort-pgsql/invalid_interface
-Type: note
+Type: error
_Description: Invalid interface
- One of the interfaces you specified is not valid (it might not exist on the
- system or be down). Please introduce a valid interface when answering the
- question of which interface(s) should Snort listen on.
- .
- If you did not configure an interface then the package is trying to use the
- default ('eth0') which does not seem to be valid in your system.
+ Snort is trying to use an interface which does not exist or is down.
+ Either it is defaulting inappropriately to 'eth0', or you specified one
+ which is invalid.
Template: snort-pgsql/reverse_order
Type: boolean
Default: false
-_Description: Should Snort's rules testing order be changed to Pass|Alert|Log?
- If you change Snort's rules testing order to Pass|Alert|Log, they will be
- applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log.
- This will prevent people from having to make huge Berky Packet Filter
- command line arguments to filter their alert rules.
+_Description: Should Snort's testing order be changed to Pass|Alert|Log?
+ Snort's default testing order is Alert|Pass|Log; if you accept this
+ option, the order will be changed to Pass|Alert|Log, which can make it
+ simpler to use Snort with some packet-filtering tools.
Template: snort-pgsql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
- This Snort installation provides a cron job that runs daily and
- summarises the information of Snort logs to a selected email address.
- If you want to disable this feature say 'no' here.
+ A cron job can be set up to send daily summaries of Snort logs to a
+ selected e-mail address.
+ .
+ Please choose whether you want to activate this feature.
Template: snort-pgsql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
- A cron job running daily will summarise the information of the logs
- generated by Snort using a script called 'snort-stat'. Introduce
- here the recipient of these mails. The default value is the system
- administrator. If you keep this value, make sure that the mail of
- the administrator is redirected to a user that actually reads those
- mails.
+ Please specify the e-mail address that should receive daily summaries
+ of Snort logs.
Template: snort-pgsql/options
Type: string
_Description: Additional custom options:
- If you want to specify custom options to Snort, please specify them here.
+ Please specify any additional options Snort should use.
Template: snort-pgsql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
- An alert needs to appear more times than this number to be included in the
- daily statistics.
+ Please enter the minimum number of alert occurrences before a given alert is
+ included in the daily statistics.
Template: snort-pgsql/please_restart_manually
Type: note
-_Description: You are running Snort manually
- Please restart Snort using:
- /etc/init.d/snort start
- to let the settings take effect.
+_Description: Snort restart required
+ As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ the changes to take place.
Template: snort-pgsql/config_error
-Type: note
-_Description: There is an error in your configuration
- Your Snort configuration is not correct and Snort will not be able to start
- up normally. Please review your configuration and fix it. If you do not
- do this, Snort package upgrades will probably break. To check which error
- is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf'
- (or point to an alternate configuration file if you are using different
- files for different interfaces)
+Type: error
+_Description: Configuration error
+ The current Snort configuration is invalid and will prevent Snort
+ starting up normally. Please review and correct it.
+ .
+ To diagnose an error in a Snort configuration file, use
+ '/usr/sbin/snort -T -c <file>'.
Template: snort-pgsql/config_parameters
-Type: note
-_Description: This system uses an obsolete configuration file
- Your system has an obsolete configuration file
+Type: error
+_Description: Obsolete configuration file
+ This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
- file format (at /etc/default/snort). Please review the new configuration
- and remove the obsolete one. Until you do this, the init.d script
- will not use the new configuration and you will not take advantage
- of the benefits introduced in newer releases.
+ file format (at /etc/default/snort).
+ .
+ Please review the new configuration and remove the obsolete
+ one. Until you do this, the initialization script will not use the new
+ configuration and you will not take advantage of the benefits
+ introduced in newer releases.
Template: snort-pgsql/configure_db
Type: boolean
Default: true
-_Description: Do you want to set up a database for snort-pgsql to log to?
- You only need to do this the first time you install snort-pgsql. Before
- you go on, make sure you have (1) the hostname of a machine running a
- pgsql server set up to allow tcp connections from this host, (2) a
- database on that server, (3) a username and password to access the
- database. If you don't have _all_ of these, either select 'no' and run
- with regular file logging support, or fix this first. You can always
- configure database logging later, by reconfiguring the snort-pgsql
- package with 'dpkg-reconfigure -plow snort-pgsql'
+_Description: Set up a database for snort-pgsql to log to?
+ No database has been set up for Snort to log to. Before continuing,
+ you should make sure you have:
+ .
+ - the server host name (that server must allow TCP connections
+ from this machine);
+ - a database on that server;
+ - a username and password to access the database.
+ .
+ If some of these requirements are missing, reject this option and run
+ with regular file logging support.
+ .
+ Database logging can be reconfigured later by running
+ 'dpkg-reconfigure -plow snort-pgsql'.
Template: snort-pgsql/db_host
Type: string
_Description: Database server hostname:
- Make sure it has been set up correctly to allow incoming connections from
- this host!
+ Please specify the host name of a PostgreSQL database server that allows
+ incoming connections from this host.
Template: snort-pgsql/db_database
Type: string
-_Description: Database to use:
- Make sure this database has been created and your database user has write
- access to this database.
+_Description: Database name:
+ Please specify the name of an existing database to which the
+ database user has write access.
Template: snort-pgsql/db_user
Type: string
_Description: Username for database access:
- Make sure this user has been created and has write access.
+ Please specify a database server username with write access to the database.
Template: snort-pgsql/db_pass
Type: password
_Description: Password for the database connection:
- Please enter a password to connect to the Snort Alert database.
-
+ Please enter the password to use to connect to the Snort Alert database.
Template: snort-pgsql/needs_db_config
Type: note
-_Description: Snort needs a configured database to log to before it starts
+_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
+ .
cd /usr/share/doc/snort-pgsql/
- zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename>
+ zcat create_postgresql.gz | mysql -u <user> -h <host> -p <databasename>
+ .
Fill in the correct values for the user, host, and database names.
PostgreSQL will prompt you for the password.
.
- After you created the database structure, you will need to start Snort
+ After you have created the database structure, you will need to start Snort
manually.
-
--- ../snort.old/debian/snort-common.templates 2008-02-14 13:13:49.000000000 +0000
+++ debian/snort-common.templates 2008-02-19 14:42:03.000000000 +0000
@@ -1,11 +1,11 @@
Template: snort/deprecated_config
Type: note
-_Description: Your configuration file is deprecated
- Your Snort configuration file (/etc/snort/snort.conf) uses deprecated
+_Description: Deprecated configuration file
+ The Snort configuration file (/etc/snort/snort.conf) uses deprecated
options no longer available for this Snort release.
Snort will not be able to start unless you provide a correct configuration
- file. You can substitute your configuration file with the one provided
- in this package or fix it manually by removing deprecated options.
+ file. Either allow the configuration file to be replaced with the one
+ provided in this package or fix it manually by removing deprecated options.
.
- The following deprecated options were found in your configuration file:
- ${DEP_CONFIG}
+ The following deprecated options were found in the configuration file:
+ ${DEP_CONFIG}.
Template: snort/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value is usually 'eth0', but this may be inappropriate in some
network environments; for a dialup connection 'ppp0' might be more
appropiate (see the output of '/sbin/ifconfig').
.
Typically, this is the same interface as the 'default route' is on. You can
determine which interface is used for this by running '/sbin/route -n'
(look for '0.0.0.0').
.
It is also not uncommon to use an interface with no IP address
configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 addresses
or 192.168.1.42/32 for just one. Multiple values should be comma-separated
(without spaces).
.
If you specify 'any', Snort will listen on all available networks.
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
Template: snort/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to the interface it is monitoring. Enabling it allows Snort to
check every packet that passes the Ethernet segment even if it's a
connection between two other computers.
Template: snort/invalid_interface
Type: error
_Description: Invalid interface
Snort is trying to use an interface which does not exist or is down.
Either it is defaulting inappropriately to 'eth0', or you specified one
which is invalid.
Template: snort/reverse_order
Type: boolean
Default: false
_Description: Should Snort's testing order be changed to Pass|Alert|Log?
Snort's default testing order is Alert|Pass|Log; if you accept this
option, the order will be changed to Pass|Alert|Log, which can make it
simpler to use Snort with some packet-filtering tools.
Template: snort/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
A cron job can be set up to send daily summaries of Snort logs to a
selected e-mail address.
.
Please choose whether you want to activate this feature.
Template: snort/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that should receive daily summaries
of Snort logs.
Template: snort/options
Type: string
_Description: Additional custom options:
Please specify any additional options Snort should use.
Template: snort/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort/config_error
Type: error
_Description: Configuration error
The current Snort configuration is invalid and will prevent Snort
starting up normally. Please review and correct it.
.
To diagnose an error in a Snort configuration file, use
'/usr/sbin/snort -T -c <file>'.
Template: snort/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-mysql/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort-mysql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value is usually 'eth0', but this may be inappropriate in some
network environments; for a dialup connection 'ppp0' might be more
appropiate (see the output of '/sbin/ifconfig').
.
Typically, this is the same interface as the 'default route' is on. You can
determine which interface is used for this by running '/sbin/route -n'
(look for '0.0.0.0').
.
It is also not uncommon to use an interface with no IP address
configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort-mysql/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 addresses
or 192.168.1.42/32 for just one. Multiple values should be comma-separated
(without spaces).
.
If you specify 'any', Snort will listen on all available networks.
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
Template: snort-mysql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to the interface it is monitoring. Enabling it allows Snort to
check every packet that passes the Ethernet segment even if it's a
connection between two other computers.
Template: snort-mysql/invalid_interface
Type: error
_Description: Invalid interface
Snort is trying to use an interface which does not exist or is down.
Either it is defaulting inappropriately to 'eth0', or you specified one
which is invalid.
Template: snort-mysql/reverse_order
Type: boolean
Default: false
_Description: Should Snort's testing order be changed to Pass|Alert|Log?
Snort's default testing order is Alert|Pass|Log; if you accept this
option, the order will be changed to Pass|Alert|Log, which can make it
simpler to use Snort with some packet-filtering tools.
Template: snort-mysql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
A cron job can be set up to send daily summaries of Snort logs to a
selected e-mail address.
.
Please choose whether you want to activate this feature.
Template: snort-mysql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that should receive daily summaries
of Snort logs.
Template: snort-mysql/options
Type: string
_Description: Additional custom options:
Please specify any additional options Snort should use.
Template: snort-mysql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort-mysql/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort-mysql/config_error
Type: error
_Description: Configuration error
The current Snort configuration is invalid and will prevent Snort
starting up normally. Please review and correct it.
.
To diagnose an error in a Snort configuration file, use
'/usr/sbin/snort -T -c <file>'.
Template: snort-mysql/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-mysql/configure_db
Type: boolean
Default: true
_Description: Set up a database for snort-mysql to log to?
No database has been set up for Snort to log to. Before continuing,
you should make sure you have:
.
- the server host name (that server must allow TCP connections
from this machine);
- a database on that server;
- a username and password to access the database.
.
If some of these requirements are missing, reject this option and run
with regular file logging support.
.
Database logging can be reconfigured later by running
'dpkg-reconfigure -plow snort-mysql'.
Template: snort-mysql/db_host
Type: string
_Description: Database server hostname:
Please specify the host name of a MySQL database server that allows
incoming connections from this host.
Template: snort-mysql/db_database
Type: string
_Description: Database name:
Please specify the name of an existing database to which the
database user has write access.
Template: snort-mysql/db_user
Type: string
_Description: Username for database access:
Please specify a database server username with write access to the database.
Template: snort-mysql/db_pass
Type: password
_Description: Password for the database connection:
Please enter the password to use to connect to the Snort Alert database.
Template: snort-mysql/needs_db_config
Type: note
_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
.
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
.
Fill in the correct values for the user, host, and database names.
MySQL will prompt you for the password.
.
After you have created the database structure, you will need to start Snort
manually.
Template: snort-pgsql/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort-pgsql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value is usually 'eth0', but this may be inappropriate in some
network environments; for a dialup connection 'ppp0' might be more
appropiate (see the output of '/sbin/ifconfig').
.
Typically, this is the same interface as the 'default route' is on. You can
determine which interface is used for this by running '/sbin/route -n'
(look for '0.0.0.0').
.
It is also not uncommon to use an interface with no IP address
configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort-pgsql/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form, i.e. 192.168.1.0/24 for a block of 256 addresses
or 192.168.1.42/32 for just one. Multiple values should be comma-separated
(without spaces).
.
If you specify 'any', Snort will listen on all available networks.
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
Template: snort-pgsql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to the interface it is monitoring. Enabling it allows Snort to
check every packet that passes the Ethernet segment even if it's a
connection between two other computers.
Template: snort-pgsql/invalid_interface
Type: error
_Description: Invalid interface
Snort is trying to use an interface which does not exist or is down.
Either it is defaulting inappropriately to 'eth0', or you specified one
which is invalid.
Template: snort-pgsql/reverse_order
Type: boolean
Default: false
_Description: Should Snort's testing order be changed to Pass|Alert|Log?
Snort's default testing order is Alert|Pass|Log; if you accept this
option, the order will be changed to Pass|Alert|Log, which can make it
simpler to use Snort with some packet-filtering tools.
Template: snort-pgsql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
A cron job can be set up to send daily summaries of Snort logs to a
selected e-mail address.
.
Please choose whether you want to activate this feature.
Template: snort-pgsql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that should receive daily summaries
of Snort logs.
Template: snort-pgsql/options
Type: string
_Description: Additional custom options:
Please specify any additional options Snort should use.
Template: snort-pgsql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurence to report alerts:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort-pgsql/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort-pgsql/config_error
Type: error
_Description: Configuration error
The current Snort configuration is invalid and will prevent Snort
starting up normally. Please review and correct it.
.
To diagnose an error in a Snort configuration file, use
'/usr/sbin/snort -T -c <file>'.
Template: snort-pgsql/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-pgsql/configure_db
Type: boolean
Default: true
_Description: Set up a database for snort-pgsql to log to?
No database has been set up for Snort to log to. Before continuing,
you should make sure you have:
.
- the server host name (that server must allow TCP connections
from this machine);
- a database on that server;
- a username and password to access the database.
.
If some of these requirements are missing, reject this option and run
with regular file logging support.
.
Database logging can be reconfigured later by running
'dpkg-reconfigure -plow snort-pgsql'.
Template: snort-pgsql/db_host
Type: string
_Description: Database server hostname:
Please specify the host name of a PostgreSQL database server that allows
incoming connections from this host.
Template: snort-pgsql/db_database
Type: string
_Description: Database name:
Please specify the name of an existing database to which the
database user has write access.
Template: snort-pgsql/db_user
Type: string
_Description: Username for database access:
Please specify a database server username with write access to the database.
Template: snort-pgsql/db_pass
Type: password
_Description: Password for the database connection:
Please enter the password to use to connect to the Snort Alert database.
Template: snort-pgsql/needs_db_config
Type: note
_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
.
cd /usr/share/doc/snort-pgsql/
zcat create_postgresql.gz | mysql -u <user> -h <host> -p <databasename>
.
Fill in the correct values for the user, host, and database names.
PostgreSQL will prompt you for the password.
.
After you have created the database structure, you will need to start Snort
manually.
Template: snort/deprecated_config
Type: note
_Description: Deprecated configuration file
The Snort configuration file (/etc/snort/snort.conf) uses deprecated
options no longer available for this Snort release.
Snort will not be able to start unless you provide a correct configuration
file. Either allow the configuration file to be replaced with the one
provided in this package or fix it manually by removing deprecated options.
.
The following deprecated options were found in the configuration file:
${DEP_CONFIG}.
Reply to: