Snort mailing list archives
Release of Shadow/Snort IDS version 4.4
From: Guy Bruneau <seeker () whitehats ca>
Date: Mon, 23 Aug 2004 20:44:00 -0400
This is to announce the release of Shadow/Snort IDS version 4.4. This package is released under the GNU software. Here are some of the features of Shadow/Snort IDS 4.4: - Hardened OS based on Slackware 9.1.0 - Linux kernel 2.4.26 - Trimmed down OS (~150 MB) and automatically runs the Shadow and Snort sensors after installation - Minimal user installation and configuration - Open SSH is the only remote access service. If ACID is installed, HTTPS is restricted by iptables firewall - Can only be access via Open SSH (deny all access by default) - Can search the Shadow sensor logs with a multi-day Perl script without the aid of an Analyzer. More information on how to use this feature is available on the installation sheet. - Can search the Shadow sensor logs with a multi-day Perl script using Ngrep with a combination of strings and BPF filters. Additional information on how to use this feature is available on the installation sheet. - See the release note directory for the installion sheet (install.pdf). - Built with NSWC's Shadow version 1.8 - Built with Snort IDS version 2.2.0 with mysql and Jeff Nathan's new flexible response version 2 - A ready to use package with Apache/ACID/MySQL prebuilt to use ACID to correlate events - Contains current Bleeding Edge Malware rules - Built with Ngrep 1.41.0 - Snort can monitor multiple interfaces with the use of the Snort configuration scripts. - Snorts now saves the data in BPF format and cut a new log every day at 12 am through a cronjob. - Included slackupdate.sh script to maintain Slackware patches - Included Snort's oinkmaster.pl script to update Snort signatures. - A FAQ is located on the CD in the release note directory The complete installation process is located at: http://www.whitehats.ca/main/members/Seeker/seeker_shadow_IDS/seeker_shadow_ids.html The ISO can be dowloaded at: http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.iso The MD5 signature for the Shadow ISO image is located at: http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.md5 References: More on Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/ More on Snort at: http://www.snort.org ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Release of Shadow/Snort IDS version 4.4 Guy Bruneau (Aug 23)