* Add an rc.d script.
* In snort.conf, provide the URL to the official Snort rules so that
users know where to get them.
* In snort.conf, provide the URL to the Emerging Threats rules along
with a commented include line to allow users to easily load the
Emerging Threats rules if they wish.
* Revise pkg/README with details on where to obtain Snort rules, the
differences between the official Snort rules and Emerging Threats
rules, how to download them, and provide some guidance on setting up
Snort.
snort.conf and README changes OK Markus Lude (maintainer), sthen@
rc.d script OK sthen@
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc),
and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you
to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for
comments on an earlier version.
From Markus Lude (maintainer), and includes changes done based on
feedback from sthen@ and myself.
OK abieber@ sthen@
- enable dynamicplugin / dynamic preprocessors.
- install documentation.
- fix instructions.
- USE_LIBTOOL.
update from nikns <nikns@secure.lv> with a few changes;
feedback and ok msf@
--
This update contains a ton of fixes and features. Included is a small bit
from the ChangeLog:
* corrected big endian rpc decoding
* stop stream4 from clobbering itself
* fixed file rotation bug in spo_unified
* massive speed patch for multiple CIDR blocks
* corrected ICMP printing
* added a ton of new signatures
From ChangeLog:
- Fixed crash in frag2 under Linux
- Fixed flexresp code, session sniping should work again and be
faster to boot
- Fixed ICMP decoder and printout routines for new ICMP header
data structs in decode.h
- Added -B command line switch to translate IP addresses in pcap
files from one subnet to another (see the man page).
- Added spo_log_null to give users an option to deactivate logging
output from the snort.conf file.
From Changelog:
* added new IP defragmenter, spp_frag2
* added new stateful inspection/tcp stream reassembly plugin, spp_stream4
* Snort can now statefully detect ECN traffic (less false alarms)
* stream4 can now keep session statistics in a "session.log" file
* added new high-speed unified binary output system, spo_unified
* added new data structs/management for tag code
* added -k switch to tune checksum verification behavior
* added -z switch to provide stateful verification of alerts
* modified bahavior of http_decode, now only alerts once per packet
* added unique Snort ID's to every Snort rule, plus generator, revision
and event ID info to each alert
* detection engine only alerts once per packet now, tcp stream code doesn't
generate another alert packet if a previous one already alerted for that
stream
* fixed signal handling on svr4 systems
* added enhanced cross reference printout to full/fast/syslog alert modes
* added new high speed checksum verification (on x86) routines
* added new ARP spoof detection preprocessor from Jeff
Nathan <jeff@wwti.com>
changes by me:
- add HOMEPAGE to DESCR
- remove license type
- add SEPARATE_BUILD option
- remove unnecessary re-installation of man page durring post-install
- move message from post-install to pkg/MESSAGE
