snort-openappid-2.9.9.0-1.el6.i686.rpm


Advertisement

Description

snort-openappid - An open source Network Intrusion Detection System (NIDS) with open AppId support

Property Value
Distribution CentOS 6
Repository CERT Forensics Tools i386
Package filename snort-openappid-2.9.9.0-1.el6.i686.rpm
Package name snort-openappid
Package version 2.9.9.0
Package release 1.el6
Package architecture i686
Package type rpm
Category Applications/Internet
Homepage http://www.snort.org/
License GPL
Maintainer -
Download size 7.45 MB
Installed size 27.55 MB
Snort is an open source network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
and much more.
Snort has three primary uses. It can be used as a straight packet sniffer
like tcpdump(1), a packet logger (useful for network traffic debugging,
etc), or as a full blown network intrusion detection system.
You MUST edit /etc/snort/snort.conf to configure snort before it will work!
Please see the documentation in /usr/share/doc/snort-2.9.9.0 for more
information on snort features and configuration.

Alternatives

Package Version Architecture Repository
snort-openappid-2.9.12-1.el6.i686.rpm 2.9.12 i686 CERT Forensics Tools
snort-openappid-2.9.12-1.el6.x86_64.rpm 2.9.12 x86_64 CERT Forensics Tools
snort-openappid-2.9.11.1-2.el6.x86_64.rpm 2.9.11.1 x86_64 CERT Forensics Tools
snort-openappid-2.9.11.1-1.el6.i686.rpm 2.9.11.1 i686 CERT Forensics Tools
snort-openappid-2.9.11.1-1.el6.x86_64.rpm 2.9.11.1 x86_64 CERT Forensics Tools
snort-openappid-2.9.11-1.el6.i686.rpm 2.9.11 i686 CERT Forensics Tools
snort-openappid-2.9.8.3-1.el6.i686.rpm 2.9.8.3 i686 CERT Forensics Tools
snort-openappid-2.9.8.0-1.el6.i686.rpm 2.9.8.0 i686 CERT Forensics Tools
snort-openappid - - -

Requires

Name Value
/bin/bash -
libc.so.6(GLIBC_2.4) -
libcrypto.so.10 -
libcrypto.so.10(libcrypto.so.10) -
libdl.so.2 -
libdl.so.2(GLIBC_2.0) -
libdl.so.2(GLIBC_2.1) -
libdnet.so.1 -
libluajit-5.1.so.2 -
libm.so.6 -
libm.so.6(GLIBC_2.0) -
libnetfilter_queue.so.1 -
libnfnetlink.so.0 -
libnsl.so.1 -
libpcap.so.1 -
libpcre.so.0 -
libpthread.so.0 -
libpthread.so.0(GLIBC_2.0) -
libpthread.so.0(GLIBC_2.1) -
libsfbpf.so.0 -
libz.so.1 -
rtld(GNU_HASH) -

Provides

Name Value
config(snort-openappid) = 2.9.9.0-1.el6
libsf_appid_preproc.so.0 -
libsf_dce2_preproc.so.0 -
libsf_dnp3_preproc.so.0 -
libsf_dns_preproc.so.0 -
libsf_engine.so.0 -
libsf_ftptelnet_preproc.so.0 -
libsf_gtp_preproc.so.0 -
libsf_imap_preproc.so.0 -
libsf_modbus_preproc.so.0 -
libsf_pop_preproc.so.0 -
libsf_reputation_preproc.so.0 -
libsf_sdf_preproc.so.0 -
libsf_sip_preproc.so.0 -
libsf_smtp_preproc.so.0 -
libsf_ssh_preproc.so.0 -
libsf_ssl_preproc.so.0 -
snort-openappid = 2.9.9.0-1.el6
snort-openappid(x86-32) = 2.9.9.0-1.el6

Conflicts

Name Value
snort -

Download

Type URL
Mirror forensics.cert.org
Binary Package snort-openappid-2.9.9.0-1.el6.i686.rpm
Source Package snort-openappid-2.9.9.0-1.el6.src.rpm

Install Howto

  1. Add EPEL and RPMForge repositories
  2. Download cert-forensics-tools-release-el6 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-el6.rpm
  3. Install cert-forensics-tools-release-el6 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  4. Install snort-openappid rpm package:
    # yum --enablerepo=forensics install snort-openappid

Files

Path
/etc/logrotate.d/snort
/etc/rc.d/init.d/snortd
/etc/snort/classification.config
/etc/snort/gen-msg.map
/etc/snort/reference.config
/etc/snort/snort.conf
/etc/snort/threshold.conf
/etc/snort/unicode.map
/etc/snort/rules/
/etc/sysconfig/snort
/usr/bin/appid_detector_builder.sh
/usr/bin/snort_control
/usr/bin/u2boat
/usr/bin/u2openappid
/usr/bin/u2spewfoo
/usr/lib/snort-2.9.9.0_dynamicengine/libsf_engine.so
/usr/lib/snort-2.9.9.0_dynamicengine/libsf_engine.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_appid_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_appid_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_appid_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dce2_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dce2_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dnp3_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dnp3_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dns_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dns_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ftptelnet_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_gtp_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_gtp_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_imap_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_imap_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_modbus_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_modbus_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_pop_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_pop_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_reputation_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_reputation_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_sdf_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_sdf_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_sip_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_sip_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_smtp_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_smtp_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ssh_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ssh_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ssl_preproc.so
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ssl_preproc.so.0
/usr/lib/snort-2.9.9.0_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
/usr/sbin/snort-openappid
/usr/share/doc/snort-2.9.9.0/AUTHORS
/usr/share/doc/snort-2.9.9.0/BUGS
/usr/share/doc/snort-2.9.9.0/CREDITS
/usr/share/doc/snort-2.9.9.0/INSTALL
/usr/share/doc/snort-2.9.9.0/NEWS
/usr/share/doc/snort-2.9.9.0/OpenDetectorDeveloperGuide.pdf
/usr/share/doc/snort-2.9.9.0/PROBLEMS
/usr/share/doc/snort-2.9.9.0/README
/usr/share/doc/snort-2.9.9.0/README.GTP
/usr/share/doc/snort-2.9.9.0/README.PLUGINS
/usr/share/doc/snort-2.9.9.0/README.PerfProfiling
/usr/share/doc/snort-2.9.9.0/README.SMTP
/usr/share/doc/snort-2.9.9.0/README.UNSOCK
/usr/share/doc/snort-2.9.9.0/README.WIN32
/usr/share/doc/snort-2.9.9.0/README.active
/usr/share/doc/snort-2.9.9.0/README.alert_order
/usr/share/doc/snort-2.9.9.0/README.appid
/usr/share/doc/snort-2.9.9.0/README.asn1
/usr/share/doc/snort-2.9.9.0/README.counts
/usr/share/doc/snort-2.9.9.0/README.csv
/usr/share/doc/snort-2.9.9.0/README.daq
/usr/share/doc/snort-2.9.9.0/README.dcerpc2
/usr/share/doc/snort-2.9.9.0/README.decode
/usr/share/doc/snort-2.9.9.0/README.decoder_preproc_rules
/usr/share/doc/snort-2.9.9.0/README.dnp3
/usr/share/doc/snort-2.9.9.0/README.dns
/usr/share/doc/snort-2.9.9.0/README.event_queue
/usr/share/doc/snort-2.9.9.0/README.file
/usr/share/doc/snort-2.9.9.0/README.file_ips
/usr/share/doc/snort-2.9.9.0/README.filters
/usr/share/doc/snort-2.9.9.0/README.flowbits
/usr/share/doc/snort-2.9.9.0/README.frag3
/usr/share/doc/snort-2.9.9.0/README.ftptelnet
/usr/share/doc/snort-2.9.9.0/README.gre
/usr/share/doc/snort-2.9.9.0/README.ha
/usr/share/doc/snort-2.9.9.0/README.http_inspect
/usr/share/doc/snort-2.9.9.0/README.imap
/usr/share/doc/snort-2.9.9.0/README.ipip
/usr/share/doc/snort-2.9.9.0/README.ipv6
/usr/share/doc/snort-2.9.9.0/README.modbus
/usr/share/doc/snort-2.9.9.0/README.multipleconfigs
/usr/share/doc/snort-2.9.9.0/README.normalize
/usr/share/doc/snort-2.9.9.0/README.pcap_readmode
/usr/share/doc/snort-2.9.9.0/README.pop
/usr/share/doc/snort-2.9.9.0/README.ppm
/usr/share/doc/snort-2.9.9.0/README.reload
/usr/share/doc/snort-2.9.9.0/README.reputation
/usr/share/doc/snort-2.9.9.0/README.sensitive_data
/usr/share/doc/snort-2.9.9.0/README.sfportscan
/usr/share/doc/snort-2.9.9.0/README.sip
/usr/share/doc/snort-2.9.9.0/README.ssh
/usr/share/doc/snort-2.9.9.0/README.ssl
/usr/share/doc/snort-2.9.9.0/README.stream5
/usr/share/doc/snort-2.9.9.0/README.tag
/usr/share/doc/snort-2.9.9.0/README.thresholding
/usr/share/doc/snort-2.9.9.0/README.unified2
/usr/share/doc/snort-2.9.9.0/README.variables
/usr/share/doc/snort-2.9.9.0/TODO
/usr/share/doc/snort-2.9.9.0/USAGE
/usr/share/doc/snort-2.9.9.0/WISHLIST
/usr/share/doc/snort-2.9.9.0/generators
/usr/share/doc/snort-2.9.9.0/snort_manual.pdf
/usr/share/doc/snort-2.9.9.0/snort_manual.tex
/usr/share/man/man8/snort.8.gz
/var/log/snort/

Changelog

2016-12-14 - Lawrence R. Rogers <lrr@cert.org> 2.9.9.0-1
- Release 2.9.9.0-1
New additions
*  New rule option for byte_math. See the Snort manual for details.
*  Added bitmask and from_end operations to byte_test. See the Snort manual for details.
*  Added a Buffer Dump utility to trace all of the buffers used by snort during inspection.
Enable this by --enable-buffer-dump option to configure prior to building. See the Snort manual for details.
*  Added new HTTP preprocessor alerts to detect multiple content encoding and multiple content length.
*  Added support for SMTP Traffic detection over SSL (SMTPS).
Improvements
*  Fixed an issue which reduces extra service discovery to improve performance.
*  Fixed multiple issues in AppID.
- Reconstructed the call to port-service detection.
- Fixed issue where AppId for Facebook over SPDY/HTTP 1.1 was incorrect.
- Preventing third-party application identification for expected connections.
*  Stability improvement for Stream preprocessor. 
- Addressed incorrect flushing of packets whose size is greater than MAXIMUM_PAF_MAX.
- Fixed an issue where incorrect length argument in memcpy caused out of bound memory access.
*  Fixed multiple issues in HttpInspect preprocessor.
- Handling chunk encoding followed by \r\r\r\n and \n\n\n\r\r\n.
- Fixed an issue with LZMA flash decompression.
*  Fixed mime data processing issue in SMTP stateless inspection.
*  Added support to decode packets that contains VLAN with Secure Group Tag (SGT).
*  Fixed Issue related to DLL-Load in Snort on windows platforms for CVE-2016-1417.

See Also

Package Description
snort-postgresql-2.9.1.1-1.el6.i386.rpm Snort with PostgreSQL support
snort-sample-rules-2.9.11-1.el6.noarch.rpm Sample rules for snort
snort-sample-rules-2.9.11.1-1.el6.noarch.rpm Sample rules for snort
snort-sample-rules-2.9.12-1.el6.noarch.rpm Sample rules for snort
snort-sample-rules-2.9.8.0-1.el6.noarch.rpm Sample rules for snort
snort-sample-rules-2.9.8.3-1.el6.noarch.rpm Sample rules for snort
snort-sample-rules-2.9.9.0-1.el6.noarch.rpm Sample rules for snort
snort-unixODBC-2.9.1.1-1.el6.i386.rpm Snort with unixODBC support
socat-1.7.3.0-1.el6.i686.rpm Relay for bidirectional data transfer between 2 channels
socat-1.7.3.2-1.1.el6.i686.rpm Relay for bidirectional data transfer between 2 channels
ssdeep-2.13-1.el6.i686.rpm Computes a checksum based on context triggered piecewise hashes
ssdeep-2.14.1-1.el6.i686.rpm Computes a checksum based on context triggered piecewise hashes
ssdeep-2.7-1.el6.i386.rpm Computes a checksum based on context triggered piecewise hashes
stegdetect-0.6-2.el6.i686.rpm Detect and extract steganography messages inside JPEG
super_mediator-1.2.1-1.el6.i686.rpm IPFIX Super Mediator for use with the YAF and SiLK tools
Advertisement
Advertisement