1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>patrick@gentoo.org</email>
<name>Patrick Lauer</name>
</maintainer>
<maintainer type="project">
<email>netmon@gentoo.org</email>
<name>Gentoo network monitoring and analysis project</name>
</maintainer>
<longdescription>
Snort is an open source network intrusion prevention and detection
system (IDS/IPS) developed by Sourcefire. Combining the benefits of
signature, protocol, and anomaly-based inspection, Snort is the most
widely deployed IDS/IPS technology worldwide. With millions of downloads
and approximately 300,000 registered users, Snort has become the de facto
standard for IPS.
</longdescription>
<upstream>
<maintainer>
<email>snort-team@sourcefire.com</email>
<name>Snort Team</name>
</maintainer>
<changelog>http://www.snort.org/snort-downloads</changelog>
<doc>http://www.snort.org/docs</doc>
<bugs-to>http://www.snort.org/snort-downloads/submit-a-bug/</bugs-to>
</upstream>
<use>
<flag name="control-socket">
Enables Snort's control socket.
</flag>
<flag name="file-inspect">
Enables extended file inspection capabilities.
</flag>
<flag name="gre">
Enable support for inspecting and processing Generic Routing
Encapsulation (GRE) packet headders. Only needed if you are
monitoring GRE tunnels.
</flag>
<flag name="high-availability">
Enables high-availability state sharing.
</flag>
<flag name="inline-init-failopen">
Enables support to allow traffic to pass (fail-open) through
inline deployments while snort is starting and not ready to begin
inspecting traffic. If this option is not enabled, network
traffic will not pass (fail-closed) until snort has fully started
and is ready to perform packet inspection.
</flag>
<flag name="linux-smp-stats">
Enable accurate statistics reporting through /proc on systems with
multipule processors.
</flag>
<flag name="non-ether-decoders">
Enable decoding of non-ethernet protocols such as TokenRing, FDDI,
IPX, etc.
</flag>
<flag name="open-appid">
Enable OpenAppID, an open, application-focused detection language
and processing module for Snort that enables users to create, share,
and implement application detection. Requires <pkg>dev-lang/luajit</pkg>.
</flag>
<flag name="perfprofiling">
Enables support for preprocessor and rule performance profiling
using the perfmonitor preprocessor.
</flag>
<flag name="ppm">
Enables support for setting per rule or per packet latency limits.
Helps protect against introducing network latency with inline
deployments.
</flag>
<flag name="react">
Enables support for the react rule keyword. Supports interception,
termination, and redirection of HTTP connections.
</flag>
<flag name="shared-rep">
Enables the use of shared memory for the Reputation Preprocessor
(Only available on Linux systems)
</flag>
<flag name="side-channel">
Enables Snort's the side channel.
</flag>
<flag name="sourcefire">
Enables Sourcefire specific build options, which include
--enable-perfprofiling and --enable-ppm.
</flag>
<flag name="reload-error-restart">
Enables support for completely restarting snort if an error is
detected durring a reload.
</flag>
<flag name="active-response">
Enables support for automatically sending TCP resets and ICMP
unreachable messages to terminate connections. Used with inline
deployments.
</flag>
<flag name="flexresp3">
Enables support for new flexable response preprocessor for enabling
connection tearing for inline deployments. Replaces flexresp and
flexresp2.
</flag>
<flag name="large-pcap-64bit">
Allows Snort to read pcap files that are larger than 2 GB. ONLY
VALID FOR 64bit SYSTEMS!
</flag>
<flag name="libtirpc">
Build against <pkg>net-libs/libtirpc</pkg> for RPC support
</flag>
</use>
</pkgmetadata>
|