{snort.templates,snort-common.templates}

Christian PERRIER Sun, 25 Aug 2013 06:12:49 -0700

Please find, for review, the debconf templates and packages descriptions for 
the snort source package.


This review will last from Sunday, August 25, 2013 to Wednesday, September 04, 
2013.

Please send reviews as unified diffs (diff -u) against the original
files. Comments about your proposed changes will be appreciated.

Your review should be sent as an answer to this mail.

When appropriate, I will send intermediate requests for review, with
"[RFRn]" (n>=2) as a subject tag.

When we will reach a consensus, I send a "Last Chance For
Comments" mail with "[LCFC]" as a subject tag.

Finally, a summary will be sent to the review bug report,
and a mail will be sent to this list with "[BTS]" as a subject tag.

This review is quite "light": I indeed have the feeling that I already
came on this package at some (distant) point in the past.

Most changes are switching to double-quotes, the now standardized
common practice by debian-l10n-english.


Rationale:
--- snort.old/debian/snort.templates    2013-08-18 06:18:52.501757139 +0200
+++ snort/debian/snort.templates        2013-08-25 14:59:27.881965518 +0200
@@ -10,13 +10,13 @@
 Type: string
 Default: eth0
 _Description: Interface(s) which Snort should listen on:
- This value is usually 'eth0', but this may be inappropriate in some
- network environments; for a dialup connection 'ppp0' might be more
- appropriate (see the output of '/sbin/ifconfig').
+ This value is usually "eth0", but this may be inappropriate in some
+ network environments; for a dialup connection "ppp0" might be more
+ appropriate (see the output of "/sbin/ifconfig").
  .
- Typically, this is the same interface as the 'default route' is on. You can
- determine which interface is used for this by running '/sbin/route -n'
- (look for '0.0.0.0').
+ Typically, this is the same interface as the "default route" is on. You can
+ determine which interface is used for this by running "/sbin/route -n"
+ (look for "0.0.0.0").
  .
  It is also not uncommon to use an interface with no IP address
  configured in promiscuous mode. For such cases, select the

Use of double quotes


@@ -54,7 +54,7 @@
 Type: error
 _Description: Invalid interface
  Snort is trying to use an interface which does not exist or is down.
- Either it is defaulting inappropriately to 'eth0', or you specified
+ Either it is defaulting inappropriately to "eth0", or you specified
  one which is invalid.
 
 Template: snort/send_stats
@@ -88,7 +88,7 @@
 Template: snort/please_restart_manually
 Type: note
 _Description: Snort restart required
- As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ As Snort is manually launched, you need to run "service snort restart" for
  the changes to take place.

Use of double quotes

Also advice using "service" instead of directly calling /etc/init.d/snort

 
 Template: snort/config_parameters
--- snort.old/debian/control    2013-08-18 06:18:52.501757139 +0200
+++ snort/debian/control        2013-08-25 15:00:36.675922549 +0200
@@ -67,7 +67,7 @@
 Conflicts: snort (<< ${binary:Version})
 Replaces: snort (<< 1.8.4beta1-1)
 Suggests: snort-doc
-Description: flexible Network Intrusion Detection System [common files]
+Description: flexible Network Intrusion Detection System - common files
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition

Common practice suggested in English reviews....


@@ -85,7 +85,7 @@
 Depends: ${misc:Depends}
 Priority: optional
 Section: doc
-Description: Documentation for the Snort IDS [documentation]
+Description: Documentation for the Snort IDS - documentation
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
@@ -106,7 +106,7 @@
 Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
 Recommends: oinkmaster
 Homepage: http://www.snort.org/snort-rules/
-Description: flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - ruleset
  Snort default ruleset which provides a basic set network intrusion detection
  rules developed by the Snort community.
  .
@@ -120,7 +120,7 @@
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
 Conflicts: snort-common (<< 2.7.0-6)
-Description: flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - libraries
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition

That seems to be a copy/paste error, so s/ruleset/libraries


--

Template: snort/startup
Type: select
__Choices: boot, dialup, manual
Default: boot
_Description: Snort start method:
 Snort can be started during boot, when connecting to the net with pppd or
 only manually with the /usr/sbin/snort command.

Template: snort/interface
Type: string
Default: eth0
_Description: Interface(s) which Snort should listen on:
 This value is usually "eth0", but this may be inappropriate in some
 network environments; for a dialup connection "ppp0" might be more
 appropriate (see the output of "/sbin/ifconfig").
 .
 Typically, this is the same interface as the "default route" is on. You can
 determine which interface is used for this by running "/sbin/route -n"
 (look for "0.0.0.0").
 .
 It is also not uncommon to use an interface with no IP address
 configured in promiscuous mode. For such cases, select the
 interface in this system that is physically connected to the network
 that should be inspected, enable promiscuous mode later on and make sure
 that the network traffic is sent to this interface (either connected
 to a 'port mirroring/spanning' port in a switch, to a hub or to a tap).
 .
 You can configure multiple interfaces, just by adding more than
 one interface name separated by spaces. Each interface can have its
 own specific configuration.

Template: snort/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range for the local network:
 Please use the CIDR form - for example, 192.168.1.0/24 for a block of
 256 addresses or 192.168.1.42/32 for just one. Multiple values should
 be comma-separated (without spaces).
 .
 Please note that if Snort is configured to use multiple interfaces,
 it will use this value as the HOME_NET definition for all of them.

Template: snort/disable_promiscuous
Type: boolean
Default: false
_Description: Should Snort disable promiscuous mode on the interface?
 Disabling promiscuous mode means that Snort will only see packets
 addressed to the interface it is monitoring. Enabling it allows Snort to
 check every packet that passes the Ethernet segment even if it's a
 connection between two other computers.


Template: snort/invalid_interface
Type: error
_Description: Invalid interface
 Snort is trying to use an interface which does not exist or is down.
 Either it is defaulting inappropriately to "eth0", or you specified
 one which is invalid.

Template: snort/send_stats
Type: boolean
Default: true
_Description: Should daily summaries be sent by e-mail?
 A cron job can be set up to send daily summaries of Snort logs to a
 selected e-mail address.
 .
 Please choose whether you want to activate this feature.

Template: snort/stats_rcpt
Type: string
Default: root
_Description: Recipient of daily statistics mails:
 Please specify the e-mail address that should receive daily summaries
 of Snort logs.

Template: snort/options
Type: string
_Description: Additional custom options:
 Please specify any additional options Snort should use.

Template: snort/stats_treshold
Type: string
Default: 1
_Description: Minimum occurrences before alerts are reported:
 Please enter the minimum number of alert occurrences before a given alert is
 included in the daily statistics.

Template: snort/please_restart_manually
Type: note
_Description: Snort restart required
 As Snort is manually launched, you need to run "service snort restart" for
 the changes to take place.

Template: snort/config_parameters
Type: error
_Description: Obsolete configuration file
 This system uses an obsolete configuration file
 (/etc/snort/snort.common.parameters)
 which has been automatically converted into the new configuration
 file format (at /etc/default/snort).
 .
 Please review the new configuration and remove the obsolete
 one. Until you do this, the initialization script will not use the new
 configuration and you will not take advantage of the benefits
 introduced in newer releases.

Template: snort/deprecated_config
Type: note
_Description: Deprecated options in configuration file
 The Snort configuration file (/etc/snort/snort.conf) uses deprecated
 options no longer available for this Snort release. Snort will not be able to
 start unless you provide a correct configuration file. Either allow the
 configuration file to be replaced with the one provided in this package or fix
 it manually by removing deprecated options.
 .
 The following deprecated options were found in the configuration file:
 ${DEP_CONFIG}

Template: snort/config_error
Type: error
_Description: Configuration error
 The current Snort configuration is invalid and will prevent Snort
 starting up normally. Please review and correct it.
 .
 To diagnose errors in your Snort configuration you can run (as root)
 the following: '/usr/sbin/snort -T -c /etc/snort/snort.conf'

Template: snort/deprecated_file
Type: note
_Description: Deprecated configuration file
 Your system has deprecated configuration files which should not be used any
 longer and might contain deprecated options. If included through the standard
 configuration file (/etc/snort/snort.conf), they might prevent Snort from
 starting up properly.
 . 
 Please remove these files as well as any existing references to them in the
 /etc/snort/snort.conf configuration file.
 .
 The following deprecated configuration files were found:
 ${DEP_FILE}

--- snort.old/debian/snort.templates    2013-08-18 06:18:52.501757139 +0200
+++ snort/debian/snort.templates        2013-08-25 14:59:27.881965518 +0200
@@ -10,13 +10,13 @@
 Type: string
 Default: eth0
 _Description: Interface(s) which Snort should listen on:
- This value is usually 'eth0', but this may be inappropriate in some
- network environments; for a dialup connection 'ppp0' might be more
- appropriate (see the output of '/sbin/ifconfig').
+ This value is usually "eth0", but this may be inappropriate in some
+ network environments; for a dialup connection "ppp0" might be more
+ appropriate (see the output of "/sbin/ifconfig").
  .
- Typically, this is the same interface as the 'default route' is on. You can
- determine which interface is used for this by running '/sbin/route -n'
- (look for '0.0.0.0').
+ Typically, this is the same interface as the "default route" is on. You can
+ determine which interface is used for this by running "/sbin/route -n"
+ (look for "0.0.0.0").
  .
  It is also not uncommon to use an interface with no IP address
  configured in promiscuous mode. For such cases, select the
@@ -54,7 +54,7 @@
 Type: error
 _Description: Invalid interface
  Snort is trying to use an interface which does not exist or is down.
- Either it is defaulting inappropriately to 'eth0', or you specified
+ Either it is defaulting inappropriately to "eth0", or you specified
  one which is invalid.
 
 Template: snort/send_stats
@@ -88,7 +88,7 @@
 Template: snort/please_restart_manually
 Type: note
 _Description: Snort restart required
- As Snort is manually launched, you need to run '/etc/init.d/snort' for
+ As Snort is manually launched, you need to run "service snort restart" for
  the changes to take place.
 
 Template: snort/config_parameters
--- snort.old/debian/control    2013-08-18 06:18:52.501757139 +0200
+++ snort/debian/control        2013-08-25 15:00:36.675922549 +0200
@@ -67,7 +67,7 @@
 Conflicts: snort (<< ${binary:Version})
 Replaces: snort (<< 1.8.4beta1-1)
 Suggests: snort-doc
-Description: flexible Network Intrusion Detection System [common files]
+Description: flexible Network Intrusion Detection System - common files
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
@@ -85,7 +85,7 @@
 Depends: ${misc:Depends}
 Priority: optional
 Section: doc
-Description: Documentation for the Snort IDS [documentation]
+Description: Documentation for the Snort IDS - documentation
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition
@@ -106,7 +106,7 @@
 Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
 Recommends: oinkmaster
 Homepage: http://www.snort.org/snort-rules/
-Description: flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - ruleset
  Snort default ruleset which provides a basic set network intrusion detection
  rules developed by the Snort community.
  .
@@ -120,7 +120,7 @@
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
 Conflicts: snort-common (<< 2.7.0-6)
-Description: flexible Network Intrusion Detection System ruleset
+Description: flexible Network Intrusion Detection System - libraries
  Snort is a libpcap-based packet sniffer/logger which can be used as a
  lightweight network intrusion detection system. It features rules
  based logging and can perform content searching/matching in addition

Source: snort
Section: net
Priority: optional
Maintainer: Javier Fernández-Sanguino Peña <[email protected]>
Uploaders: Andrew Pollock <[email protected]>
Build-Depends: 
    libnet1-dev, 
    libpcap0.8-dev, 
    libpcre3-dev, 
    debhelper (>= 5.0.0), 
    po-debconf (>= 0.5.0), 
    libgnutls-dev, 
    libdumbnet-dev, 
    libdaq-dev, 
    flex, 
    bison
Build-Depends-Indep: 
    texlive, 
    texlive-latex-base, 
    latex2html,
    ghostscript
Standards-Version:  3.9.2
Homepage: http://www.snort.org/
Vcs-Git: git://git.debian.org/git/pkg-snort/pkg-snort.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-snort/pkg-snort.git

Package: snort
Architecture: any
Pre-Depends: adduser (>= 3.11)
Depends: 
    snort-common-libraries (>=${binary:Version}),
    snort-rules-default (>= ${source:Version}), 
    snort-common (>= ${source:Version}),
    debconf (>= 0.2.80) | debconf-2.0,
    rsyslog | system-log-daemon,
    logrotate,
    net-tools,
    ${shlibs:Depends},
    ${misc:Depends}
Conflicts: 
    snort-mysql, 
    snort-pgsql
Replaces: snort-common (<< 2.0.2-3)
Recommends: iproute
Suggests: snort-doc
Description: flexible Network Intrusion Detection System
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to being used to detect a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides the plain-vanilla version of Snort.

Package: snort-common
Architecture: all
Pre-Depends: adduser (>= 3.11)
Depends: 
    perl-modules, 
    debconf (>= 0.2.80) | debconf-2.0,
    lsb-base,
    ${shlibs:Depends},
    ${misc:Depends}
Conflicts: snort (<< ${binary:Version})
Replaces: snort (<< 1.8.4beta1-1)
Suggests: snort-doc
Description: flexible Network Intrusion Detection System - common files
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to being used to detect a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This is a common package which holds cron jobs, tools and config files used
 by all the different packages flavors.

Package: snort-doc
Architecture: all
Depends: ${misc:Depends}
Priority: optional
Section: doc
Description: Documentation for the Snort IDS - documentation
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to being used to detect a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.

Package: snort-rules-default
Provides: snort-rules
Architecture: all
Depends: 
    debconf (>= 0.2.80) | debconf-2.0, 
    adduser (>= 3.11), 
    ${shlibs:Depends}, 
    ${misc:Depends}
Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0)
Recommends: oinkmaster
Homepage: http://www.snort.org/snort-rules/
Description: flexible Network Intrusion Detection System - ruleset
 Snort default ruleset which provides a basic set network intrusion detection
 rules developed by the Snort community.
 .
 These rules can be used as a basis for development of additional rules. Users
 using Snort to defend networks in production environments are encouraged
 to update their local rulesets as described in the included documentation
 or using the oinkmaster package.

Package: snort-common-libraries
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0)
Conflicts: snort-common (<< 2.7.0-6)
Description: flexible Network Intrusion Detection System - libraries
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules
 based logging and can perform content searching/matching in addition
 to being used to detect a variety of other attacks and probes, such
 as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
 much more. Snort has a real-time alerting capability, with alerts being
 sent to syslog, a separate "alert" file, or even to a Windows computer
 via Samba.
 .
 This package provides libraries used by all the Snort binary packages.

signature.asc
Description: Digital signature

Bug#720061: [RFR] templates://snort/{snort.templates,snort-common.templates}

Reply via email to