summaryrefslogtreecommitdiff
blob: 9e977f34dd2125811a5655a037febdce03487fab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
	<herd>netmon</herd>
	<maintainer>
		<email>patrick@gentoo.org</email>
		<name>Patrick Lauer</name>
		<description>Maintainer</description>
	</maintainer>
	<maintainer>
		<email>jason.r.wallace@gmail.com</email>
		<name>Jason Wallace</name>
		<description>Proxy maintainer. CC him on bugs</description>
	</maintainer>
	<longdescription>
		Snort is an open source network intrusion prevention and detection
		system (IDS/IPS) developed by Sourcefire. Combining the benefits of
		signature, protocol, and anomaly-based inspection, Snort is the most
		widely deployed IDS/IPS technology worldwide. With millions of downloads
		and approximately 300,000 registered users, Snort has become the de facto 
		standard for IPS.
	</longdescription>
	<upstream>
		<maintainer>
			<email>snort-team@sourcefire.com</email>
			<name>Snort Team</name>
		</maintainer>
		<changelog>http://www.snort.org/snort-downloads</changelog>
		<doc>http://www.snort.org/docs</doc>
		<bugs-to>http://www.snort.org/snort-downloads/submit-a-bug/</bugs-to>
	</upstream>
	<use>
		<flag name='aruba'>
			Adds support for monitoring wireless traffic using a Aruba Mobility
			Controler.
		</flag>
		<flag name='decoder-preprocessor-rules'>
			Added support to provide action control (alert, drop, pass, etc)
			over preprocessor and decoder generated events.
		</flag>
		<flag name='dynamicplugin'>
			Enable ability to dynamically load preprocessors, detection engine,
			and rules library. This is required if you want to use shared 
			object (SO) snort rules.
		</flag>
		<flag name='flexresp'>
			(DEPRECIATED) Original method for enabling connection tearing for 
			inline deployments. Replaced with flexresp3 in Snort-2.9.0.
		</flag>
		<flag name='flexresp2'>
			(DEPRECIATED) Replaced flexresp for enabling connection tearing for
			inline deployments. Replaced with flexresp3 in Snort-2.9.0.
		</flag>
		<flag name='gre'>
			Enable support for inspecting and processing Generic Routing 
			Encapsulation (GRE) packet headders. Only needed if you are
			monitoring GRE tunnels.
		</flag>
		<flag name='inline'>
			(DEPRECIATED) Enables support for deploying snort inline. Uses
			<pkg>net-firewall/iptables</pkg>, via libipq, rather than
			<pkg>net-libs/libpcap</pkg>. Replaced by DAQ in Snort-2.9.0
		</flag>
		<flag name='inline-init-failopen'>
			Enables support to allow traffic to pass (fail-open) through
			inline deployments while snort is starting and not ready to begin
			inspecting traffic. If this option is not enabled, network
			traffic will not pass (fail-closed) until snort has fully started
			and is ready to perform packet inspection.
		</flag>
		<flag name='linux-smp-stats'>
			Enable accurate statistics reporting through /proc on systems with
			multipule processors.
		</flag>
		<flag name='mpls'>
			Enables support for processing and inspecting Multiprotocol Label 
			Switching MPLS network network traffic. Only needed if you are
			monitoring an MPLS network.
		</flag>
		<flag name='perfprofiling'>
			Enables support for preprocessor and rule performance profiling 
			using the perfmonitor preprocessor.
		</flag>
		<flag name='ppm'>
			Enables support for setting per rule or per packet latency limits.
			Helps protect against introducing network latency with inline 
			deployments.
		</flag>
		<flag name='react'>
			Enables support for the react rule keyword. Supports interception,
			termination, and redirection of HTTP connections.
		</flag>
		<flag name='targetbased'>
			Enables support in snort for using a host attibute XML file 
			(attribute_table.dtd). This file needs to be created by the user
			and should define the IP address, operating system, and services
			for all hosts on the monitored network. This is cumbersome, but
			can improve intrusion detection accuracy.
		</flag>
		<flag name='timestats'>
			(DEPRECIATED) Enables support for printing packet stats on a per
			hour and per protocol breakdown. Depreciated in Snort-2.9.0.
		</flag>
		<flag name='reload'>
			Enables support for reloading a configuration without restarting
			snort.
		</flag>
		<flag name='reload-error-restart'>
			Enables support for completely restarting snort if an error is 
			detected durring a reload.
		</flag>
		<flag name='zlib'>
			Enables HTTP inspection of compressed web traffic. Requires 
			dynamicplugin be enabled.
		</flag>
		<flag name='active-response'>
			Enables support for automatically sending TCP resets and ICMP 
			unreachable messages to terminate connections. Used with inline
			deployments.
		</flag>
		<flag name='normalizer'>
			Enables support for normalizing packets in inline deployments to
			help minimize the chances of detection evasion.
		</flag>
		<flag name='flexresp3'>
			Enables support for new flexable response preprocessor for enabling
			connection tearing for inline deployments. Replaces flexresp and 
			flexresp2.
		</flag>
		<flag name='paf'>
			Enables support for Protocol Aware Flushing. This allows Snort to
			statefully scan a stream and reassemble a complete protocol data
			unit regardless of segmentation.
		</flag>
		<flag name='large-pcap-64bit'>
			Allows Snort to read pcap files that are larger than 2 GB. ONLY
			VALID FOR 64bit SYSTEMS!
		</flag>
	</use>
</pkgmetadata>