Snort has moved on since this thread was opened.
Oinkmaster (already packaged and available under Ubuntu (server 7.04)) provides
signature updates for Snort that are also used by Snort-inline. As per John's
message these can be free-registered to get 7 day-old bundles.
Ala - Linux Gazette circa 2005;
http://linuxgazette.net/118/savage.html
Snort-inline has picked up a stream4 reassembler, so it runs as Snort did.
Ala Snort manual - item 2.1.3 Stream4;
http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node11.html#SECTION00313000000000000000
For Snort-inline to run, there are two libraries required that are not shipped
in Ubuntu (server 7.04), these are libipq and libNet.
Using libnetfilter_queue, a symlink from /lib/libipq.so ->
/lib/libnetfilter_queue_libipq.so lets the Snort configure run fine. Was
libipq the depreciated library John referred to? The active libnetfilter_queue
project can be found here;
ftp://ftp.netfilter.org/pub/libnetfilter_queue/
The libNet page has been updated in 2007, but it's tgz archive contains files
that are only as recent as 2004 (was libNet the depreciated library John
referred to?) I haven't compiled up a libNet, but it can be found here;
http://www.packetfactory.net/projects/libnet/
Snort-inline seems like a good opportunity to get some self-defending servers
(at least, if not desktops) out there. Out-of-the-box Ubuntu installs could be
oinkmaster'd up to at least download the "full release" updates (free and no
registration). While not current, it would still be updated at sporadic
intervals. In a default configuration snort-inline would prevent both in and
outbound signature-recognised attacks (i.e. no Ubuntu desktop script kiddies).
Setting aside an enabled snort-inline; For the sake of two libraries, I
can't see why snort-inline isn't at least made available to the Ubuntu
community - even if the two libraries were just dependencies on the
Snort package.
--
Snort 2.3 Inline Support
https://bugs.launchpad.net/bugs/466
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
