Autosnort: a way to make your snort installations easier.
Hello fellow Linux users. I'd like to introduce myself. I'm DA, shorthand for Digital Arcanist. I work in information/network security, and have been a cross-platform Linux user and enthusiast for a number of years. I came here to the security forums to announce a new tool/script I have developed called "Autosnort".
As the name implies, the script is related to the open-source snort software. For those who do not know what snort is, snort as a powerful rule-driven Network Intrusion Detection and Prevention System -- to put it simply, it inspects network traffic, and lets you know if it spots anything unusual on the wire with an extensive set of rules provided by the Sourcefire VRT (the creators and maintainers of snort) among other rule writing sources.
The autosnort script simply automates and makes an intense and fairly complicated exercise in updating snort to the latest available version into something as effortless as running a shell script and responding to a few prompts.
Like everything good in the Linux universe, I'm releasing this script for free - entirely open-source and under the MIT license, meaning you can do practically anything you want to with it.
If you are interested, please check out my github repository where I am currently hosting the script, as well as my blog for updates in functionality and distro support.
If you have any questions or run into problems, my contact information is provided in the readme as well.
note to the moderators: Apologies if this announcement landed in the wrong forum, or if I inadvertently violated the rules. Feel free to move or remove this as deemed necessary if I'm breaking the rules.
While Snort as application can be thought of as network / security-related your announcement is not. I'll move it to the News section, no problem. And congrats with the scripts. I see you've been working on them for some time now.
Looking at autosnort-centOS.sh I wonder why you didn't choose to install DAQ and Snort from snort.org? After all it provides RPM packages. Or is enabling performance monitoring for rules and preprocessors *that* important on a sensor?
thanks for both of the replies. the script has definitely come a long way. I'm not much of a programmer and I've had TONS of help with this little project, some of which coming from here, months ago as evidenced by that link :) So let me get to your questions (thanks for your patience by the way!)
Giving users the ability to troubleshoot performance issues (inline or passive deployments) without the need to recompile is a nice benefit to me for what is, on most modern systems maybe an extra few minutes of compile time. If I hear enough complaints about it, or if there is enough of a demand to just install the RPMs for redhat-based derivatives, I will definitely do so -- or if you, or any other users, are so inclined, feel free to write it in and I'll just merge it in and accredit you for your contribution :)
p.s. thank you and the rest of the linuxquestions forum moderation team for allowing me to post here!
|All times are GMT -5. The time now is 10:20 PM.|