Quoting Javier Fernandez-Sanguino ([EMAIL PROTECTED]): > 2008/4/3, Christian Perrier <[EMAIL PROTECTED]>: > > Well, the entire template is pretty big, so I'd like to be sure about > > what you propose. We had: > (...) > > Do you propose: > > Yes. That's what I propose. > > > This omits the explanation about 'any', doesn't it? > > Yes, it does. The use of 'any' is actually a bad idea (and the > template was wrong in how it was used). I'm looking at way to tell the > user how to set it to 'none' (so that Snort considers EXTERNAL_NET as > 'any') but that might be something more for advanced users.
OK. So here's the patch I now come up with. As soon as I get an ACK, I'll launch the translation update round.
diff -Nru snort.old/debian/changelog snort/debian/changelog --- snort.old/debian/changelog 2008-01-25 06:17:03.837193938 +0100 +++ snort/debian/changelog 2008-03-07 18:57:35.502152334 +0100 @@ -1,3 +1,11 @@ +snort (2.7.0-10) UNRELEASED; urgency=low + + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. Closes: #469803 + * [Debconf translation updates] + + -- Christian Perrier <[EMAIL PROTECTED]> Fri, 07 Mar 2008 18:57:35 +0100 + snort (2.7.0-9) unstable; urgency=low * Modify debian/rules to prevent autobuilders from building diff -Nru snort.old/debian/control snort/debian/control --- snort.old/debian/control 2008-01-25 06:17:03.913192050 +0100 +++ snort/debian/control 2008-03-04 17:53:51.499669843 +0100 @@ -6,6 +6,7 @@ Build-Depends: libnet1-dev, libpcap0.8-dev, libpcre3-dev, debhelper (>= 4.1.13), libmysqlclient15-dev | libmysqlclient-dev, libpq-dev, po-debconf (>= 0.5.0), libprelude-dev, iptables-dev Build-Depends-Indep: texlive, texlive-latex-base, gs-common Standards-Version: 3.5.6 +Homepage: http://www.snort.org/ Package: snort Architecture: any @@ -14,8 +15,7 @@ Conflicts: snort-mysql, snort-pgsql Replaces: snort-common (<< 2.0.2-3) Recommends: snort-doc -Homepage: http://www.snort.org/ -Description: Flexible Network Intrusion Detection System +Description: flexible Network Intrusion Detection System Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition @@ -25,7 +25,7 @@ sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. . - This package provides the plain-vanilla snort distribution and does not + This package provides the plain-vanilla version of Snort and does not provide database (available in snort-pgsql and snort-mysql) support. Package: snort-common @@ -36,7 +36,7 @@ Replaces: snort (<< 1.8.4beta1-1) Suggests: snort-doc Homepage: http://www.snort.org/ -Description: Flexible Network Intrusion Detection System [common files] +Description: flexible Network Intrusion Detection System [common files] Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition @@ -72,7 +72,7 @@ Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate Conflicts: snort, snort-pgsql Homepage: http://www.snort.org/ -Description: Flexible Network Intrusion Detection System [MySQL] +Description: flexible Network Intrusion Detection System [MySQL] Distribution of Snort with support for logging to a MySQL database. . Snort is a libpcap-based packet sniffer/logger which can be used as a @@ -91,7 +91,7 @@ Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate Conflicts: snort, snort-mysql Homepage: http://www.snort.org/ -Description: Flexible Network Intrusion Detection System [PostgreSQL] +Description: flexible Network Intrusion Detection System [PostgreSQL] Distribution of Snort with support for logging to a PostgreSQL dbase. . Snort is a libpcap-based packet sniffer/logger which can be used as a @@ -110,7 +110,7 @@ Suggests: snort (>= 2.2.0) | snort-pgsql (>= 2.2.0) | snort-mysql (>= 2.2.0) Recommends: oinkmaster Homepage: http://www.snort.org/rules/ -Description: Flexible Network Intrusion Detection System ruleset +Description: flexible Network Intrusion Detection System ruleset Snort default ruleset which provides a common set of accepted and test network intrusion detection rules developed by the Snort community. . @@ -122,7 +122,7 @@ Suggests: snort (>= 2.7.0) | snort-pgsql (>= 2.7.0) | snort-mysql (>= 2.7.0) Conflicts: snort-common (<< 2.7.0-6) Homepage: http://www.snort.org/ -Description: Flexible Network Intrusion Detection System ruleset +Description: flexible Network Intrusion Detection System ruleset Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition diff -Nru snort.old/debian/snort.DATABASE.templates snort/debian/snort.DATABASE.templates --- snort.old/debian/snort.DATABASE.templates 2008-01-25 06:17:03.869191849 +0100 +++ snort/debian/snort.DATABASE.templates 2008-02-20 07:57:43.733652729 +0100 @@ -1,36 +1,41 @@ -Template: snort{PACKAGE}/configure_db +Template: snort${PACKAGE}/configure_db Type: boolean Default: true -_Description: Do you want to set up a database for snort{PACKAGE} to log to? - You only need to do this the first time you install snort{PACKAGE}. Before - you go on, make sure you have (1) the hostname of a machine running a - {DATABASE} server set up to allow tcp connections from this host, (2) a - database on that server, (3) a username and password to access the - database. If you don't have _all_ of these, either select 'no' and run - with regular file logging support, or fix this first. You can always - configure database logging later, by reconfiguring the snort{PACKAGE} - package with 'dpkg-reconfigure -plow snort{PACKAGE}' +_Description: Set up a database for snort${PACKAGE} to log to? + No database has been set up for Snort to log to. Before continuing, + you should make sure you have: + . + - the server host name (that server must allow TCP connections + from this machine); + - a database on that server; + - a username and password to access the database. + . + If some of these requirements are missing, reject this option and + run with regular file logging support. + . + Database logging can be reconfigured later by running + 'dpkg-reconfigure -plow snort${PACKAGE}'. -Template: snort{PACKAGE}/db_host +Template: snort${PACKAGE}/db_host Type: string _Description: Database server hostname: - Make sure it has been set up correctly to allow incoming connections from - this host! + Please specify the host name of a database server that allows + incoming connections from this host. -Template: snort{PACKAGE}/db_database +Template: snort${PACKAGE}/db_database Type: string -_Description: Database to use: - Make sure this database has been created and your database user has write - access to this database. +_Description: Database name: + Please specify the name of an existing database to which the + database user has write access. -Template: snort{PACKAGE}/db_user +Template: snort${PACKAGE}/db_user Type: string _Description: Username for database access: - Make sure this user has been created and has write access. + Please specify a database server username with write access to the database. -Template: snort{PACKAGE}/db_pass +Template: snort${PACKAGE}/db_pass Type: password _Description: Password for the database connection: - Please enter a password to connect to the Snort Alert database. + Please enter the password to use to connect to the Snort Alert database. diff -Nru snort.old/debian/snort-mysql.ADD.templates snort/debian/snort-mysql.ADD.templates --- snort.old/debian/snort-mysql.ADD.templates 2008-01-25 06:17:03.829193343 +0100 +++ snort/debian/snort-mysql.ADD.templates 2008-02-20 07:58:41.814815948 +0100 @@ -1,15 +1,17 @@ Template: snort-mysql/needs_db_config Type: note -_Description: Snort needs a configured database to log to before it starts +_Description: Configured database mandatory for Snort Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: + . cd /usr/share/doc/snort-mysql/ zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename> + . Fill in the correct values for the user, host, and database names. MySQL will prompt you for the password. . - After you created the database structure, you will need to start Snort + After you have created the database structure, you will need to start Snort manually. diff -Nru snort.old/debian/snort-pgsql.ADD.templates snort/debian/snort-pgsql.ADD.templates --- snort.old/debian/snort-pgsql.ADD.templates 2008-01-25 06:17:03.825195560 +0100 +++ snort/debian/snort-pgsql.ADD.templates 2008-02-20 07:58:26.414815513 +0100 @@ -1,15 +1,17 @@ Template: snort-pgsql/needs_db_config Type: note -_Description: Snort needs a configured database to log to before it starts +_Description: Configured database mandatory for Snort Snort needs a configured database before it can successfully start up. In order to create the structure you need to run the following commands AFTER the package is installed: + . cd /usr/share/doc/snort-pgsql/ zcat create_postgresql.gz | psql -U <user> -h <host> -W <databasename> + . Fill in the correct values for the user, host, and database names. PostgreSQL will prompt you for the password. . - After you created the database structure, you will need to start Snort + After you have created the database structure, you will need to start Snort manually. diff -Nru snort.old/debian/snort.TEMPLATE.templates snort/debian/snort.TEMPLATE.templates --- snort.old/debian/snort.TEMPLATE.templates 2008-01-25 06:17:03.829193343 +0100 +++ snort/debian/snort.TEMPLATE.templates 2008-04-03 18:49:33.281215175 +0200 @@ -1,130 +1,121 @@ Template: snort{PACKAGE}/startup Type: select -_Choices: boot, dialup, manual +__Choices: boot, dialup, manual Default: boot -_Description: When should Snort be started? +_Description: Snort start method: Snort can be started during boot, when connecting to the net with pppd or - only when you manually start it via /usr/sbin/snort. + only manually with the /usr/sbin/snort command. Template: snort{PACKAGE}/interface Type: string Default: eth0 _Description: Interface(s) which Snort should listen on: - This value usually is 'eth0', but you might want to vary this depending - on your environment, if you are using a dialup connection 'ppp0' might - be more appropiate (Hint: use 'ip link show' of 'ifconfig'). - . - Typically this is the same interface than the 'default route' is on. You can - determine which interface is used for this running either '/sbin/ip ro sh' or - '/sbin/route -n' (look for 'default' or '0.0.0.0'). + This value is usually 'eth0', but this may be inappropriate in some + network environments; for a dialup connection 'ppp0' might be more + appropiate (see the output of '/sbin/ifconfig'). + . + Typically, this is the same interface as the 'default route' is on. You can + determine which interface is used for this by running '/sbin/route -n' + (look for '0.0.0.0'). . - It is also not uncommon to use an interface with no IP - and configured in promiscuous mode, if this is your case, select the + It is also not uncommon to use an interface with no IP address + configured in promiscuous mode. For such cases, select the interface in this system that is physically connected to the network - you want to inspect, enable promiscuous mode later on and make sure + that should be inspected, enable promiscuous mode later on and make sure that the network traffic is sent to this interface (either connected - to a 'port mirroring/spanning' port in a switch, to a hub or to a tap) + to a 'port mirroring/spanning' port in a switch, to a hub or to a tap). . - You can configure multiple interfaces here, just by adding more than + You can configure multiple interfaces, just by adding more than one interface name separated by spaces. Each interface can have its - specific configuration. + own specific configuration. Template: snort{PACKAGE}/address_range Type: string Default: 192.168.0.0/16 -_Description: Address range that Snort will listen on: - You have to use CIDR form, i.e. 192.168.1.0/24 for a block of 256 IPs or - 192.168.1.42/32 for just one. Specify multiple addresses on a single line - separated by ',' (comma characters), no spaces allowed! +_Description: Address range for the local network: + Please use the CIDR form - for example, 192.168.1.0/24 for a block of + 256 addresses or 192.168.1.42/32 for just one. Multiple values should + be comma-separated (without spaces). . - If you want you can specify 'any', to not trust any side of the network. - . - Notice that if you are using multiple interfaces this definition will - be used as the HOME_NET definition of all of them. + Please note that if Snort is configured to use multiple interfaces, + it will use this value as the HOME_NET definition for all of them. Template: snort{PACKAGE}/disable_promiscuous Type: boolean Default: false _Description: Should Snort disable promiscuous mode on the interface? Disabling promiscuous mode means that Snort will only see packets - addressed to it's own interface. Enabling it allows Snort to check - every packet that passes ethernet segment even if it's a connection - between two other computers. + addressed to the interface it is monitoring. Enabling it allows Snort to + check every packet that passes the Ethernet segment even if it's a + connection between two other computers. Template: snort{PACKAGE}/invalid_interface -Type: note +Type: error _Description: Invalid interface - One of the interfaces you specified is not valid (it might not exist on the - system or be down). Please introduce a valid interface when answering the - question of which interface(s) should Snort listen on. - . - If you did not configure an interface then the package is trying to use the - default ('eth0') which does not seem to be valid in your system. + Snort is trying to use an interface which does not exist or is down. + Either it is defaulting inappropriately to 'eth0', or you specified + one which is invalid. Template: snort{PACKAGE}/reverse_order Type: boolean Default: false -_Description: Should Snort's rules testing order be changed to Pass|Alert|Log? - If you change Snort's rules testing order to Pass|Alert|Log, they will be - applied in Pass->Alert->Log order, instead of standard Alert->Pass->Log. - This will prevent people from having to make huge Berky Packet Filter - command line arguments to filter their alert rules. +_Description: Should Snort's testing order be changed to Pass|Alert|Log? + Snort's default testing order is Alert|Pass|Log; if you accept this + option, the order will be changed to Pass|Alert|Log, which can make it + simpler to use Snort with some packet-filtering tools. Template: snort{PACKAGE}/send_stats Type: boolean Default: true _Description: Should daily summaries be sent by e-mail? - This Snort installation provides a cron job that runs daily and - summarises the information of Snort logs to a selected email address. - If you want to disable this feature say 'no' here. + A cron job can be set up to send daily summaries of Snort logs to a + selected e-mail address. + . + Please choose whether you want to activate this feature. Template: snort{PACKAGE}/stats_rcpt Type: string Default: root _Description: Recipient of daily statistics mails: - A cron job running daily will summarise the information of the logs - generated by Snort using a script called 'snort-stat'. Introduce - here the recipient of these mails. The default value is the system - administrator. If you keep this value, make sure that the mail of - the administrator is redirected to a user that actually reads those - mails. + Please specify the e-mail address that should receive daily summaries + of Snort logs. Template: snort{PACKAGE}/options Type: string _Description: Additional custom options: - If you want to specify custom options to Snort, please specify them here. + Please specify any additional options Snort should use. Template: snort{PACKAGE}/stats_treshold Type: string Default: 1 -_Description: Minimum occurence to report alerts: - An alert needs to appear more times than this number to be included in the - daily statistics. +_Description: Minimum occurrences before alerts are reported: + Please enter the minimum number of alert occurrences before a given alert is + included in the daily statistics. Template: snort{PACKAGE}/please_restart_manually Type: note -_Description: You are running Snort manually - Please restart Snort using: - /etc/init.d/snort start - to let the settings take effect. +_Description: Snort restart required + As Snort is manually launched, you need to run '/etc/init.d/snort' for + the changes to take place. Template: snort{PACKAGE}/config_error -Type: note -_Description: There is an error in your configuration - Your Snort configuration is not correct and Snort will not be able to start - up normally. Please review your configuration and fix it. If you do not - do this, Snort package upgrades will probably break. To check which error - is being generated run '/usr/sbin/snort -T -c /etc/snort/snort.conf' - (or point to an alternate configuration file if you are using different - files for different interfaces) +Type: error +_Description: Configuration error + The current Snort configuration is invalid and will prevent Snort + starting up normally. Please review and correct it. + . + To diagnose an error in a Snort configuration file, use + '/usr/sbin/snort -T -c <file>'. Template: snort{PACKAGE}/config_parameters -Type: note -_Description: This system uses an obsolete configuration file - Your system has an obsolete configuration file +Type: error +_Description: Obsolete configuration file + This system uses an obsolete configuration file (/etc/snort/snort.common.parameters) which has been automatically converted into the new configuration - file format (at /etc/default/snort). Please review the new configuration - and remove the obsolete one. Until you do this, the init.d script - will not use the new configuration and you will not take advantage - of the benefits introduced in newer releases. + file format (at /etc/default/snort). + . + Please review the new configuration and remove the obsolete + one. Until you do this, the initialization script will not use the new + configuration and you will not take advantage of the benefits + introduced in newer releases.
signature.asc
Description: Digital signature