This is the last call for comments for the review of debconf templates for snort. The reviewed templates will be sent on Thursday, March 06, 2008 to the package maintainer as a bug report and a mail will be sent to this list with "[BTS]" as a subject tag. PS: please note that this is the last formal review of the etch-lenny round of Smith reviews. After it, we will have no pending review. For the last one, this is a good one. ;:-) --
Template: snort/startup Type: select __Choices: boot, dialup, manual Default: boot _Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or only manually with the /usr/sbin/snort command. Template: snort/interface Type: string Default: eth0 _Description: Interface(s) which Snort should listen on: This value is usually 'eth0', but this may be inappropriate in some network environments; for a dialup connection 'ppp0' might be more appropriate (see the output of '/sbin/ifconfig'). . Typically, this is the same interface as the 'default route' is on. You can determine which interface is used for this by running '/sbin/route -n' (look for '0.0.0.0'). . It is also not uncommon to use an interface with no IP address configured in promiscuous mode. For such cases, select the interface in this system that is physically connected to the network that should be inspected, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its specific configuration. Template: snort/address_range Type: string Default: 192.168.0.0/16 _Description: Address range that Snort will listen on: Please use the CIDR form - for example, 192.168.1.0/24 for a block of 256 addresses or 192.168.1.42/32 for just one. Multiple values should be comma-separated (without spaces). . If you specify 'any', Snort will listen on all available networks. . Please note that if Snort is configured to use multiple interfaces, it will use this value as the HOME_NET definition for all of them. Template: snort/disable_promiscuous Type: boolean Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets addressed to the interface it is monitoring. Enabling it allows Snort to check every packet that passes the Ethernet segment even if it's a connection between two other computers. Template: snort/invalid_interface Type: error _Description: Invalid interface Snort is trying to use an interface which does not exist or is down. Either it is defaulting inappropriately to 'eth0', or you specified one which is invalid. Template: snort/reverse_order Type: boolean Default: false _Description: Should Snort's testing order be changed to Pass|Alert|Log? Snort's default testing order is Alert|Pass|Log; if you accept this option, the order will be changed to Pass|Alert|Log, which can make it simpler to use Snort with some packet-filtering tools. Template: snort/send_stats Type: boolean Default: true _Description: Should daily summaries be sent by e-mail? A cron job can be set up to send daily summaries of Snort logs to a selected e-mail address. . Please choose whether you want to activate this feature. Template: snort/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: Please specify the e-mail address that should receive daily summaries of Snort logs. Template: snort/options Type: string _Description: Additional custom options: Please specify any additional options Snort should use. Template: snort/stats_treshold Type: string Default: 1 _Description: Minimum occurrences before alerts are reported: Please enter the minimum number of alert occurrences before a given alert is included in the daily statistics. Template: snort/please_restart_manually Type: note _Description: Snort restart required As Snort is manually launched, you need to run '/etc/init.d/snort' for the changes to take place. Template: snort/config_error Type: error _Description: Configuration error The current Snort configuration is invalid and will prevent Snort starting up normally. Please review and correct it. . To diagnose an error in a Snort configuration file, use '/usr/sbin/snort -T -c <file>'. Template: snort/config_parameters Type: error _Description: Obsolete configuration file This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration file format (at /etc/default/snort). . Please review the new configuration and remove the obsolete one. Until you do this, the initialization script will not use the new configuration and you will not take advantage of the benefits introduced in newer releases.
Template: snort-mysql/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort-mysql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value is usually 'eth0', but this may be inappropriate in some
network environments; for a dialup connection 'ppp0' might be more
appropriate (see the output of '/sbin/ifconfig').
.
Typically, this is the same interface as the 'default route' is on. You can
determine which interface is used for this by running '/sbin/route -n'
(look for '0.0.0.0').
.
It is also not uncommon to use an interface with no IP address
configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort-mysql/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form - for example, 192.168.1.0/24 for a block of
256 addresses or 192.168.1.42/32 for just one. Multiple values should
be comma-separated (without spaces).
.
If you specify 'any', Snort will listen on all available networks.
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
Template: snort-mysql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to the interface it is monitoring. Enabling it allows Snort to
check every packet that passes the Ethernet segment even if it's a
connection between two other computers.
Template: snort-mysql/invalid_interface
Type: error
_Description: Invalid interface
Snort is trying to use an interface which does not exist or is down.
Either it is defaulting inappropriately to 'eth0', or you specified
one which is invalid.
Template: snort-mysql/reverse_order
Type: boolean
Default: false
_Description: Should Snort's testing order be changed to Pass|Alert|Log?
Snort's default testing order is Alert|Pass|Log; if you accept this
option, the order will be changed to Pass|Alert|Log, which can make it
simpler to use Snort with some packet-filtering tools.
Template: snort-mysql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
A cron job can be set up to send daily summaries of Snort logs to a
selected e-mail address.
.
Please choose whether you want to activate this feature.
Template: snort-mysql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that should receive daily summaries
of Snort logs.
Template: snort-mysql/options
Type: string
_Description: Additional custom options:
Please specify any additional options Snort should use.
Template: snort-mysql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurrences before alerts are reported:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort-mysql/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort-mysql/config_error
Type: error
_Description: Configuration error
The current Snort configuration is invalid and will prevent Snort
starting up normally. Please review and correct it.
.
To diagnose an error in a Snort configuration file, use
'/usr/sbin/snort -T -c <file>'.
Template: snort-mysql/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-mysql/configure_db
Type: boolean
Default: true
_Description: Set up a database for snort-mysql to log to?
No database has been set up for Snort to log to. Before continuing,
you should make sure you have:
.
- the server host name (that server must allow TCP connections
from this machine);
- a database on that server;
- a username and password to access the database.
.
If some of these requirements are missing, reject this option and
run with regular file logging support.
.
Database logging can be reconfigured later by running
'dpkg-reconfigure -plow snort-mysql'.
Template: snort-mysql/db_host
Type: string
_Description: Database server hostname:
Please specify the host name of a database server that allows
incoming connections from this host.
Template: snort-mysql/db_database
Type: string
_Description: Database name:
Please specify the name of an existing database to which the
database user has write access.
Template: snort-mysql/db_user
Type: string
_Description: Username for database access:
Please specify a database server username with write access to the database.
Template: snort-mysql/db_pass
Type: password
_Description: Password for the database connection:
Please enter the password to use to connect to the Snort Alert database.
Template: snort-mysql/needs_db_config
Type: note
_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
.
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>
.
Fill in the correct values for the user, host, and database names.
MySQL will prompt you for the password.
.
After you have created the database structure, you will need to start Snort
manually.
Template: snort-pgsql/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
Snort can be started during boot, when connecting to the net with pppd or
only manually with the /usr/sbin/snort command.
Template: snort-pgsql/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
This value is usually 'eth0', but this may be inappropriate in some
network environments; for a dialup connection 'ppp0' might be more
appropriate (see the output of '/sbin/ifconfig').
.
Typically, this is the same interface as the 'default route' is on. You can
determine which interface is used for this by running '/sbin/route -n'
(look for '0.0.0.0').
.
It is also not uncommon to use an interface with no IP address
configured in promiscuous mode. For such cases, select the
interface in this system that is physically connected to the network
that should be inspected, enable promiscuous mode later on and make sure
that the network traffic is sent to this interface (either connected
to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
.
You can configure multiple interfaces, just by adding more than
one interface name separated by spaces. Each interface can have its
specific configuration.
Template: snort-pgsql/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form - for example, 192.168.1.0/24 for a block of
256 addresses or 192.168.1.42/32 for just one. Multiple values should
be comma-separated (without spaces).
.
If you specify 'any', Snort will listen on all available networks.
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
Template: snort-pgsql/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
Disabling promiscuous mode means that Snort will only see packets
addressed to the interface it is monitoring. Enabling it allows Snort to
check every packet that passes the Ethernet segment even if it's a
connection between two other computers.
Template: snort-pgsql/invalid_interface
Type: error
_Description: Invalid interface
Snort is trying to use an interface which does not exist or is down.
Either it is defaulting inappropriately to 'eth0', or you specified
one which is invalid.
Template: snort-pgsql/reverse_order
Type: boolean
Default: false
_Description: Should Snort's testing order be changed to Pass|Alert|Log?
Snort's default testing order is Alert|Pass|Log; if you accept this
option, the order will be changed to Pass|Alert|Log, which can make it
simpler to use Snort with some packet-filtering tools.
Template: snort-pgsql/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
A cron job can be set up to send daily summaries of Snort logs to a
selected e-mail address.
.
Please choose whether you want to activate this feature.
Template: snort-pgsql/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
Please specify the e-mail address that should receive daily summaries
of Snort logs.
Template: snort-pgsql/options
Type: string
_Description: Additional custom options:
Please specify any additional options Snort should use.
Template: snort-pgsql/stats_treshold
Type: string
Default: 1
_Description: Minimum occurrences before alerts are reported:
Please enter the minimum number of alert occurrences before a given alert is
included in the daily statistics.
Template: snort-pgsql/please_restart_manually
Type: note
_Description: Snort restart required
As Snort is manually launched, you need to run '/etc/init.d/snort' for
the changes to take place.
Template: snort-pgsql/config_error
Type: error
_Description: Configuration error
The current Snort configuration is invalid and will prevent Snort
starting up normally. Please review and correct it.
.
To diagnose an error in a Snort configuration file, use
'/usr/sbin/snort -T -c <file>'.
Template: snort-pgsql/config_parameters
Type: error
_Description: Obsolete configuration file
This system uses an obsolete configuration file
(/etc/snort/snort.common.parameters)
which has been automatically converted into the new configuration
file format (at /etc/default/snort).
.
Please review the new configuration and remove the obsolete
one. Until you do this, the initialization script will not use the new
configuration and you will not take advantage of the benefits
introduced in newer releases.
Template: snort-pgsql/configure_db
Type: boolean
Default: true
_Description: Set up a database for snort-pgsql to log to?
No database has been set up for Snort to log to. Before continuing,
you should make sure you have:
.
- the server host name (that server must allow TCP connections
from this machine);
- a database on that server;
- a username and password to access the database.
.
If some of these requirements are missing, reject this option and
run with regular file logging support.
.
Database logging can be reconfigured later by running
'dpkg-reconfigure -plow snort-pgsql'.
Template: snort-pgsql/db_host
Type: string
_Description: Database server hostname:
Please specify the host name of a database server that allows
incoming connections from this host.
Template: snort-pgsql/db_database
Type: string
_Description: Database name:
Please specify the name of an existing database to which the
database user has write access.
Template: snort-pgsql/db_user
Type: string
_Description: Username for database access:
Please specify a database server username with write access to the database.
Template: snort-pgsql/db_pass
Type: password
_Description: Password for the database connection:
Please enter the password to use to connect to the Snort Alert database.
Template: snort-pgsql/needs_db_config
Type: note
_Description: Configured database mandatory for Snort
Snort needs a configured database before it can successfully start up.
In order to create the structure you need to run the following commands
AFTER the package is installed:
.
cd /usr/share/doc/snort-pgsql/
zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename>
.
Fill in the correct values for the user, host, and database names.
PostgreSQL will prompt you for the password.
.
After you have created the database structure, you will need to start Snort
manually.
Template: snort/deprecated_config
Type: note
_Description: Deprecated configuration file
The Snort configuration file (/etc/snort/snort.conf) uses deprecated
options no longer available for this Snort release.
Snort will not be able to start unless you provide a correct configuration
file. Either allow the configuration file to be replaced with the one
provided in this package or fix it manually by removing deprecated options.
.
The following deprecated options were found in the configuration file:
${DEP_CONFIG}.
Source: snort
Section: net
Priority: optional
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Uploaders: Pascal Hakim <pasc@debian.org>
Build-Depends: libnet1-dev, libpcap0.8-dev, libpcre3-dev, debhelper (>= 4.1.13), libmysqlclient15-dev | libmysqlclient-dev, libpq-dev, po-debconf (>= 0.5.0), libprelude-dev, iptables-dev
Build-Depends-Indep: texlive, texlive-latex-base, gs-common
Standards-Version: 3.5.6
Package: snort
Architecture: any
Pre-Depends: adduser (>= 3.11)
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort-mysql, snort-pgsql
Replaces: snort-common (<< 2.0.2-3)
Recommends: snort-doc
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
.
This package provides the plain-vanilla snort distribution and does not
provide database (available in snort-pgsql and snort-mysql) support.
Package: snort-common
Architecture: all
Pre-Depends: adduser (>= 3.11)
Depends: perl-modules, debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, lsb-base
Conflicts: snort (<< ${binary:Version})
Replaces: snort (<< 1.8.4beta1-1)
Suggests: snort-doc
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System [common files]
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
.
This is a common package which holds cron jobs, tools and config files used
by all Snort-based packages.
Package: snort-doc
Architecture: all
Priority: optional
Section: doc
Homepage: http://www.snort.org/
Description: Documentation for the Snort IDS [documentation]
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Package: snort-mysql
Provides: snort
Architecture: any
Priority: extra
Pre-Depends: adduser (>= 3.11)
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort, snort-pgsql
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System [MySQL]
Distribution of Snort with support for logging to a MySQL database.
.
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Package: snort-pgsql
Provides: snort
Architecture: any
Priority: optional
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort, snort-mysql
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System [PostgreSQL]
Distribution of Snort with support for logging to a PostgreSQL dbase.
.
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Package: snort-rules-default
Provides: snort-rules
Architecture: all
Depends: debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}
Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
Recommends: oinkmaster
Homepage: http://www.snort.org/rules/
Description: Flexible Network Intrusion Detection System ruleset
Snort default ruleset which provides a common set of accepted and test
network intrusion detection rules developed by the Snort community.
.
These rules can be used as a basis for development of additional rules.
Package: snort-common-libraries
Architecture: any
Depends: ${shlibs:Depends}
Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
Conflicts: snort-common (<< 2.7.0-6)
Homepage: http://www.snort.org/
Description: Flexible Network Intrusion Detection System ruleset
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
.
This package provides libraries used by all the Snort binary packages.
Attachment:
signature.asc
Description: Digital signature