1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer>
<email>patrick@gentoo.org</email>
<name>Patrick Lauer</name>
<description>Maintainer</description>
</maintainer>
<maintainer>
<email>jason.r.wallace@gmail.com</email>
<name>Jason Wallace</name>
<description>Proxy maintainer. CC him on bugs</description>
</maintainer>
<maintainer>
<email>netmon@gentoo.org</email>
<name>Gentoo network monitoring and analysis project</name>
</maintainer>
<maintainer>
<email>proxy-maint@gentoo.org</email>
<name>Proxy Maintainers</name>
</maintainer>
<longdescription>
Snort is an open source network intrusion prevention and detection
system (IDS/IPS) developed by Sourcefire. Combining the benefits of
signature, protocol, and anomaly-based inspection, Snort is the most
widely deployed IDS/IPS technology worldwide. With millions of downloads
and approximately 300,000 registered users, Snort has become the de facto
standard for IPS.
</longdescription>
<upstream>
<maintainer>
<email>snort-team@sourcefire.com</email>
<name>Snort Team</name>
</maintainer>
<changelog>http://www.snort.org/snort-downloads</changelog>
<doc>http://www.snort.org/docs</doc>
<bugs-to>http://www.snort.org/snort-downloads/submit-a-bug/</bugs-to>
</upstream>
<use>
<flag name="control-socket">
Enables Snort's control socket.
</flag>
<flag name="dynamicplugin">
Enable ability to dynamically load preprocessors, detection engine,
and rules library. This is required if you want to use shared
object (SO) snort rules.
</flag>
<flag name="file-inspect">
Enables extended file inspection capabilities.
</flag>
<flag name="gre">
Enable support for inspecting and processing Generic Routing
Encapsulation (GRE) packet headders. Only needed if you are
monitoring GRE tunnels.
</flag>
<flag name="high-availability">
Enables high-availability state sharing.
</flag>
<flag name="inline-init-failopen">
Enables support to allow traffic to pass (fail-open) through
inline deployments while snort is starting and not ready to begin
inspecting traffic. If this option is not enabled, network
traffic will not pass (fail-closed) until snort has fully started
and is ready to perform packet inspection.
</flag>
<flag name="linux-smp-stats">
Enable accurate statistics reporting through /proc on systems with
multipule processors.
</flag>
<flag name="mpls">
Enables support for processing and inspecting Multiprotocol Label
Switching MPLS network network traffic. Only needed if you are
monitoring an MPLS network.
</flag>
<flag name="non-ether-decoders">
Enable decoding of non-ethernet protocols such as TokenRing, FDDI,
IPX, etc.
</flag>
<flag name="perfprofiling">
Enables support for preprocessor and rule performance profiling
using the perfmonitor preprocessor.
</flag>
<flag name="ppm">
Enables support for setting per rule or per packet latency limits.
Helps protect against introducing network latency with inline
deployments.
</flag>
<flag name="react">
Enables support for the react rule keyword. Supports interception,
termination, and redirection of HTTP connections.
</flag>
<flag name="shared-rep">
Enables the use of shared memory for the Reputation Preprocessor
(Only available on Linux systems)
</flag>
<flag name="side-channel">
Enables Snort's the side channel.
</flag>
<flag name="sourcefire">
Enables Sourcefire specific build options, which include
--enable-perfprofiling and --enable-ppm.
</flag>
<flag name="targetbased">
Enables support in snort for using a host attibute XML file
(attribute_table.dtd). This file needs to be created by the user
and should define the IP address, operating system, and services
for all hosts on the monitored network. This is cumbersome, but
can improve intrusion detection accuracy.
</flag>
<flag name="reload-error-restart">
Enables support for completely restarting snort if an error is
detected durring a reload.
</flag>
<flag name="zlib">
Enables HTTP inspection of compressed web traffic. Requires
dynamicplugin be enabled.
</flag>
<flag name="active-response">
Enables support for automatically sending TCP resets and ICMP
unreachable messages to terminate connections. Used with inline
deployments.
</flag>
<flag name="normalizer">
Enables support for normalizing packets in inline deployments to
help minimize the chances of detection evasion.
</flag>
<flag name="flexresp3">
Enables support for new flexable response preprocessor for enabling
connection tearing for inline deployments. Replaces flexresp and
flexresp2.
</flag>
<flag name="paf">
Enables support for Protocol Aware Flushing. This allows Snort to
statefully scan a stream and reassemble a complete protocol data
unit regardless of segmentation.
</flag>
<flag name="large-pcap-64bit">
Allows Snort to read pcap files that are larger than 2 GB. ONLY
VALID FOR 64bit SYSTEMS!
</flag>
</use>
</pkgmetadata>
|