SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 

fwsnort rpm build for : Mageia 9. For other distributions click fwsnort.

Name : fwsnort
Version : 1.6.8 Vendor : Mageia_Org
Release : 4.mga9 Date : 2022-03-20 19:17:46
Group : System/Servers Source RPM : fwsnort-1.6.8-4.mga9.src.rpm
Size : 14.48 MB
Packager : umeabot < umeabot>
Summary : Translates Snort rules into equivalent iptables rules
Description :
fwsnort translates Snort rules into equivalent iptables rules and generates
a Bourne shell script that implements the resulting iptables commands. This
ruleset allows network traffic that exhibits Snort signatures to be logged
and/or dropped by iptables directly without putting any interface into
promiscuous mode or queuing packets from kernel to user space. In addition,
fwsnort (optionally) uses the IPTables::Parse module to parse the iptables
ruleset on the machine to determine which Snort rules are applicable to the
specific iptables policy. After all, if iptables is blocking all inbound
http traffic from external addresses, it is probably not of much use to try
detecting inbound attacks against against tcp/80. By default fwsnort
generates iptables rules that log Snort sid\'s with --log-prefix to klogd
where the messages can be analyzed with a log watcher such as logwatch or
psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables
string match extension to match Snort content fields in the application portion
of ip traffic. Since Snort rules can contain hex data in content fields,
fwsnort implements a patch against iptables-1.2.7a which adds a
\"--hex-string\" option which will accept content fields such as
\"|0d0a5b52504c5d3030320d0a|\". fwsnort bundles the latest rule set from
Emerging Threats (http://www.emergingthreats.net) and also includes all rules
from the Snort-2.3.3 IDS - the final Snort rule set that was released under
the GPL. fwsnort is able to translate well over 60% of all bundled rules.
For more information about the translation strategy as well as
advantages/disadvantages of the method used by fwsnort to obtain intrusion
detection data, see the README included with the fwsnort sources or browse
to: http://www.cipherdyne.org/fwsnort/

RPM found in directory: /vol/rzm3/linux-mageia/distrib/9/i586/media/core/release

Content of RPM  Changelog  Provides Requires

Download
ftp.icm.edu.pl  fwsnort-1.6.8-4.mga9.noarch.rpm
ftp.icm.edu.pl  fwsnort-1.6.8-4.mga9.noarch.rpm
ftp.icm.edu.pl  fwsnort-1.6.8-4.mga9.noarch.rpm
ftp.icm.edu.pl  fwsnort-1.6.8-4.mga9.noarch.rpm
     

Provides :
config(fwsnort)
fwsnort
perl(IPTables::Parse)
perl(NetAddr::IP)
perl(NetAddr::IP::InetBase)
perl(NetAddr::IP::Lite)
perl(NetAddr::IP::Util)
perl(NetAddr::IP::UtilPP)
perl(NetAddr::IP::UtilPolluted)
perl(NetAddr::IP::Util_IS)

Requires :
/bin/sh
/bin/sh
/bin/sh
config(fwsnort) = 1.6.8-4.mga9
iptables
perl >= 0:5.006
perl(AutoLoader)
perl(Carp)
perl(Cwd)
perl(Data::Dumper)
perl(DynaLoader)
perl(Exporter)
perl(File::Copy)
perl(File::Path)
perl(File::Temp)
perl(Getopt::Long)
perl(IO::Socket)
perl(NetAddr::IP::InetBase)
perl(NetAddr::IP::Lite) >= 1.410.0
perl(NetAddr::IP::Util) >= 1.460.0
perl(NetAddr::IP::Util_IS)
perl(POSIX)
perl(Socket)
perl(Sys::Hostname)
perl(strict)
perl(vars)
perl(warnings)
perl-base >= 2:5.34.1
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1


Content of RPM :
/etc/fwsnort
/etc/fwsnort/fwsnort.conf
/etc/fwsnort/snort_rules
/etc/fwsnort/snort_rules/VERSION
/etc/fwsnort/snort_rules/attack-responses.rules
/etc/fwsnort/snort_rules/backdoor.rules
/etc/fwsnort/snort_rules/bad-traffic.rules
/etc/fwsnort/snort_rules/chat.rules
/etc/fwsnort/snort_rules/ddos.rules
/etc/fwsnort/snort_rules/deleted.rules
/etc/fwsnort/snort_rules/dns.rules
/etc/fwsnort/snort_rules/dos.rules
/etc/fwsnort/snort_rules/emerging-all.rules
/etc/fwsnort/snort_rules/experimental.rules
/etc/fwsnort/snort_rules/exploit.rules
/etc/fwsnort/snort_rules/finger.rules
/etc/fwsnort/snort_rules/ftp.rules
/etc/fwsnort/snort_rules/icmp-info.rules
/etc/fwsnort/snort_rules/icmp.rules
/etc/fwsnort/snort_rules/imap.rules
/etc/fwsnort/snort_rules/info.rules
/etc/fwsnort/snort_rules/local.rules
/etc/fwsnort/snort_rules/misc.rules
/etc/fwsnort/snort_rules/multimedia.rules
/etc/fwsnort/snort_rules/mysql.rules
/etc/fwsnort/snort_rules/netbios.rules
/etc/fwsnort/snort_rules/nntp.rules
/etc/fwsnort/snort_rules/oracle.rules
/etc/fwsnort/snort_rules/other-ids.rules
/etc/fwsnort/snort_rules/p2p.rules
There is 109 files more in these RPM.

 
ICM