1 |
As (hopefully) many of you are aware I am the current |
2 |
code-monkey/ebuild-hacker for Prelude IDS. But as I am interested in |
3 |
many (well, more or less all [free]) IDS systems I just want to do a |
4 |
quick poll. |
5 |
|
6 |
Those who are following the snort mailing lists (-user in particular) |
7 |
might be aware that there is a new console called sguil |
8 |
(pronounced "sgweel") that offers real-time (well, as close to real-time |
9 |
as possible) and it has a quite nice GUI (for those interested go to |
10 |
http://sguil.sf.net and check it out). |
11 |
|
12 |
What I am proposing to do is to modify the net-analyzer/snort ebuild to |
13 |
support sguil, as well as creating ebuilds for the other needed |
14 |
components to get this working nicely under Gentoo (it would need a |
15 |
local +sguil USE flag). |
16 |
|
17 |
What I am polling about is "should I do it?" ;) |
18 |
|
19 |
BTW: Snort 2.0.1 is released, and it seems like 2.0.2 is not far away as |
20 |
a few post-release bugs was found (mainly in win32 port, according to |
21 |
the CVS logs..) |
22 |
|
23 |
Final note: I have added some instructions on the Gentoo wiki/Prelude |
24 |
(http://gentoo.zhware.net/cgi-bin/moin.cgi/PreludeIntrusionDetectionSystem) that explains how to use snort as a prelude sensor. Will soon (in the next few hours) update the bug #19672 (http://bugs.gentoo.org/show_bug.cgi?id=19672) with updated patches to do this. In my lab enviroment the patch has been working fine (well, the alerts could be more descriptive, but it does alert). |
25 |
|
26 |
Best regards |
27 |
Michael Boman |
28 |
|
29 |
-- |
30 |
Michael Boman |
31 |
Security Architect, SecureCiRT Pte Ltd |
32 |
http://www.securecirt.com |