Release of Shadow/Snort IDS version 4.4

[Guy Bruneau <seeker () whitehats ca>]

This is to announce the release of Shadow/Snort IDS version 4.4.

This package is released under the GNU software.

Here are some of the features of Shadow/Snort IDS 4.4:

- Hardened OS based on Slackware 9.1.0
- Linux kernel 2.4.26
- Trimmed down OS (~150 MB) and automatically runs the Shadow and Snort
sensors after installation
- Minimal user installation and configuration
- Open SSH is the only remote access service. If ACID is installed,
HTTPS is restricted by iptables firewall
- Can only be access via Open SSH (deny all access by default)
- Can search the Shadow sensor logs with a multi-day Perl script without
the aid of an Analyzer. More information on how to use this feature is
available on the installation sheet.
- Can search the Shadow sensor logs with a multi-day Perl script using
Ngrep with a combination of strings and BPF filters. Additional
information on how to use this feature is available on the installation
sheet.
- See the release note directory for the installion sheet (install.pdf).

- Built with NSWC's Shadow version 1.8
- Built with Snort IDS version 2.2.0 with mysql and Jeff Nathan's  new
flexible response version 2
- A ready to use package with Apache/ACID/MySQL prebuilt to use ACID to
correlate events
- Contains current Bleeding Edge Malware rules
- Built with Ngrep 1.41.0
- Snort can monitor multiple interfaces with the use of the Snort
configuration scripts.
- Snorts now saves the data in BPF format and cut a new log every day at
12 am through a cronjob.
- Included slackupdate.sh script to maintain Slackware patches
- Included Snort's oinkmaster.pl script to update Snort signatures.
- A FAQ is located on the CD in the release note directory

The complete installation process is located at:
http://www.whitehats.ca/main/members/Seeker/seeker_shadow_IDS/seeker_shadow_ids.html

The ISO can be dowloaded at:
http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.iso

The MD5 signature for the Shadow ISO image is located at:
http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.md5

References:

More on Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/
More on Snort at: http://www.snort.org




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users