[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] templates://snort/{snort.templates,snort-mysql.templates,snort-pgsql .templates,snort-common.templates}

Christian Perrier wrote:
> Your review should be sent as an answer to this mail.

Episode two: the control file.

(By the way, what is Snort comparing itself to when it claims to be
"lightweight"?  I used to install ippl as a trivial network
connection-logger for debugging misconfigured FTP-servers and the
like; then when ippl started advertising itself as buggy I switched
to jail, but now that's died too.  The ippl package description
advises switching to snort, but I've never been able to strip it
down to do as little as I'm after.) 

 Package: snort
[...]
-Description: Flexible Network Intrusion Detection System
+Description: flexible Network Intrusion Detection System

Throughout; capitalising "IDS" or "NIDS" makes sense, but not
"FNIDS".

  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such

Simplifying this to avoid the misreading of "being used to" (as in
"being used to ippl, I find Snort a heavyweight").

  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
  via Samba.
  .
- This package provides the plain-vanilla snort distribution and does not
- provide database (available in snort-pgsql and snort-mysql) support.
+ This package provides the plain-vanilla version of Snort and does not
+ provide database support (available in snort-pgsql and snort-mysql).

Let's not call individual .deb files "distributions".
 
 Package: snort-common
[...]
-Description: Flexible Network Intrusion Detection System [common files]
+Description: flexible Network Intrusion Detection System - common files

And then it would be good to have a _shorter_ version of the snort-*
boilerplate, but I haven't managed that.

 Package: snort-doc
[...]
-Description: Documentation for the Snort IDS [documentation]
+Description: flexible Network Intrusion Detection System - documentation

This long description contains only boilerplate - it needs an extra
paragraph: 

+ This package provides documentation for Snort.
 
 Package: snort-mysql
[...]
-Description: Flexible Network Intrusion Detection System [MySQL]
+Description: flexible Network Intrusion Detection System - MySQL

As usual.

- Distribution of Snort with support for logging to a MySQL database.

Turn this into a distinguishing paragraph below the boilerplate:

+ This package provides a version with support for logging to a MySQL
+ database.
 
 Package: snort-pgsql
[...]
-Description: Flexible Network Intrusion Detection System [PostgreSQL]
+Description: flexible Network Intrusion Detection System - PostgreSQL

and then:

- Distribution of Snort with support for logging to a PostgreSQL dbase.

(A "dbase"?)  Again turn it into a trailing:

+ This package provides a version with support for logging to a PostgreSQL
+ database.
 
 Package: snort-rules-default
[...]
-Description: Flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - ruleset

(I suppose)

- Snort default ruleset which provides a common set of accepted and test
- network intrusion detection rules developed by the Snort community.
  .
- These rules can be used as a basis for development of additional rules.

That first paragraph doesn't contain a full sentence, and I'm not
sure I follow it (does "accepted and test" mean "standard and
experimental"?).  This should also have some Snort boilerplate
(here's another case where a short version would be useful).

+ This package provides a default Snort ruleset containing a set of
+ network intrusion detection rules developed by the Snort community.
+ These rules can be used as a basis for further ruleset development.

 Package: snort-common-libraries
[...]
-Description: Flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - libraries

That one was just wrong.  Boilerplate as usual, then:

- This package provides libraries used by all the Snort binary packages.
-
+ This package provides libraries used by all versions of Snort.

If it means binary as opposed to source packages, it's not true:
snort-doc doesn't use any libraries! 
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Source: snort
Section: net
Priority: optional
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Uploaders: Pascal Hakim <pasc@debian.org>
Build-Depends: libnet1-dev, libpcap0.8-dev, libpcre3-dev, debhelper (>= 4.1.13), libmysqlclient15-dev | libmysqlclient-dev, libpq-dev, po-debconf (>= 0.5.0), libprelude-dev, iptables-dev
Build-Depends-Indep: texlive, texlive-latex-base, gs-common
Standards-Version: 3.5.6

Package: snort
Architecture: any
Pre-Depends: adduser (>= 3.11)
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort-mysql, snort-pgsql
Replaces: snort-common (<< 2.0.2-3)
Recommends: snort-doc
Homepage: http://www.snort.org/
Description: flexible Network Intrusion Detection System
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides the plain-vanilla version of Snort and does not
 provide database support (available in snort-pgsql and snort-mysql).

Package: snort-common
Architecture: all
Pre-Depends: adduser (>= 3.11)
Depends: perl-modules, debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, lsb-base
Conflicts: snort (<< ${binary:Version})
Replaces: snort (<< 1.8.4beta1-1)
Suggests: snort-doc
Homepage: http://www.snort.org/
Description: flexible Network Intrusion Detection System - common files
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This is a common package which holds cron jobs, tools and config files used
 by all Snort-based packages.

Package: snort-doc
Architecture: all
Priority: optional
Section: doc
Homepage: http://www.snort.org/
Description: flexible Network Intrusion Detection System - documentation
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides documentation for Snort.

Package: snort-mysql
Provides: snort
Architecture: any
Priority: extra
Pre-Depends: adduser (>= 3.11)
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort, snort-pgsql
Homepage: http://www.snort.org/
Description: flexible Network Intrusion Detection System - MySQL
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides a version with support for logging to a MySQL
 database.

Package: snort-pgsql
Provides: snort
Architecture: any
Priority: optional
Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
Conflicts: snort, snort-mysql
Homepage: http://www.snort.org/
Description: flexible Network Intrusion Detection System - PostgreSQL
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides a version with support for logging to a PostgreSQL
 database.

Package: snort-rules-default
Provides: snort-rules
Architecture: all
Depends: debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}
Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
Recommends: oinkmaster
Homepage: http://www.snort.org/rules/
Description: flexible Network Intrusion Detection System ruleset
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides a default Snort ruleset containing a set of
 network intrusion detection rules developed by the Snort community.
 These rules can be used as a basis for further ruleset development.

Package: snort-common-libraries
Architecture: any
Depends: ${shlibs:Depends}
Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
Conflicts: snort-common (<< 2.7.0-6)
Homepage: http://www.snort.org/
Description: flexible Network Intrusion Detection System - libraries
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to detecting a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides libraries used by all versions of Snort.

--- ../snort.old/debian/control	2008-02-14 13:13:49.000000000 +0000
+++ debian/control	2008-02-19 21:48:57.000000000 +0000
@@ -15,18 +15,18 @@
 Replaces: snort-common (<< 2.0.2-3)
 Recommends: snort-doc
 Homepage: http://www.snort.org/
-Description: Flexible Network Intrusion Detection System
+Description: flexible Network Intrusion Detection System
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such
  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
  via Samba.
  .
- This package provides the plain-vanilla snort distribution and does not
- provide database (available in snort-pgsql and snort-mysql) support.
+ This package provides the plain-vanilla version of Snort and does not
+ provide database support (available in snort-pgsql and snort-mysql).
 
 Package: snort-common
 Architecture: all
@@ -36,11 +36,11 @@
 Replaces: snort (<< 1.8.4beta1-1)
 Suggests: snort-doc
 Homepage: http://www.snort.org/
-Description: Flexible Network Intrusion Detection System [common files]
+Description: flexible Network Intrusion Detection System - common files
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such
  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
@@ -54,15 +54,17 @@
 Priority: optional
 Section: doc
 Homepage: http://www.snort.org/
-Description: Documentation for the Snort IDS [documentation]
+Description: flexible Network Intrusion Detection System - documentation
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such
  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
  via Samba.
+ .
+ This package provides documentation for Snort.
 
 Package: snort-mysql
 Provides: snort
@@ -72,17 +74,18 @@
 Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
 Conflicts: snort, snort-pgsql
 Homepage: http://www.snort.org/
-Description: Flexible Network Intrusion Detection System [MySQL]
- Distribution of Snort with support for logging to a MySQL database.
- .
+Description: flexible Network Intrusion Detection System - MySQL
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such
  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
  via Samba.
+ .
+ This package provides a version with support for logging to a MySQL
+ database.
 
 Package: snort-pgsql
 Provides: snort
@@ -91,17 +94,18 @@
 Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
 Conflicts: snort, snort-mysql
 Homepage: http://www.snort.org/
-Description: Flexible Network Intrusion Detection System [PostgreSQL]
- Distribution of Snort with support for logging to a PostgreSQL dbase.
- .
+Description: flexible Network Intrusion Detection System - PostgreSQL
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such
  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
  via Samba.
+ .
+ This package provides a version with support for logging to a PostgreSQL
+ database.
 
 Package: snort-rules-default
 Provides: snort-rules
@@ -110,11 +114,19 @@
 Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
 Recommends: oinkmaster
 Homepage: http://www.snort.org/rules/
-Description: Flexible Network Intrusion Detection System ruleset
- Snort default ruleset which provides a common set of accepted and test
- network intrusion detection rules developed by the Snort community.
+Description: flexible Network Intrusion Detection System ruleset
+ Snort is a libpcap-based packet sniffer/logger which can be used as a
+ lightweight network intrusion detection system. It features rules
+ based logging and can perform content searching/matching in addition
+ to detecting a variety of other attacks and probes, such
+ as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
+ much more. Snort has a real-time alerting capability, with alerts being
+ sent to syslog, a separate "alert" file, or even to a Windows computer
+ via Samba.
  .
- These rules can be used as a basis for development of additional rules.
+ This package provides a default Snort ruleset containing a set of
+ network intrusion detection rules developed by the Snort community.
+ These rules can be used as a basis for further ruleset development.
 
 Package: snort-common-libraries
 Architecture: any
@@ -122,15 +134,14 @@
 Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
 Conflicts: snort-common (<< 2.7.0-6)
 Homepage: http://www.snort.org/
-Description: Flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - libraries
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
- to being used to detect a variety of other attacks and probes, such
+ to detecting a variety of other attacks and probes, such
  as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
  much more. Snort has a real-time alerting capability, with alerts being
  sent to syslog, a separate "alert" file, or even to a Windows computer
  via Samba.
  .
- This package provides libraries used by all the Snort binary packages.
-
+ This package provides libraries used by all versions of Snort.
Reply to: