Gentoo Packages

net-analyzer/snort (gentoo)

Search

Package Information

Description:
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
Homepage:
https://www.snort.org
License:
GPL-2

Versions

Version EAPI Keywords Slot
2.9.20-r1 8 ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~sparc ~x86 0
2.9.20 8 ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~sparc ~x86 0

Metadata

Description

Maintainers

Upstream

Raw Metadata XML 
<pkgmetadata>
	<maintainer type="person">
		<email>patrick@gentoo.org</email>
		<name>Patrick Lauer</name>
	</maintainer>
	<maintainer type="project">
		<email>netmon@gentoo.org</email>
		<name>Gentoo network monitoring and analysis project</name>
	</maintainer>
	<longdescription>
		Snort is an open source network intrusion prevention and detection
		system (IDS/IPS) developed by Sourcefire. Combining the benefits of
		signature, protocol, and anomaly-based inspection, Snort is the most
		widely deployed IDS/IPS technology worldwide. With millions of downloads
		and approximately 300,000 registered users, Snort has become the de facto
		standard for IPS.
	</longdescription>
	<use>
		<flag name="control-socket">
			Enables Snort's control socket.
		</flag>
		<flag name="file-inspect">
			Enables extended file inspection capabilities.
		</flag>
		<flag name="gre">
			Enable support for inspecting and processing Generic Routing
			Encapsulation (GRE) packet headers. Only needed if you are
			monitoring GRE tunnels.
		</flag>
		<flag name="high-availability">
			Enables high-availability state sharing.
		</flag>
		<flag name="inline-init-failopen">
			Enables support to allow traffic to pass (fail-open) through
			inline deployments while snort is starting and not ready to begin
			inspecting traffic. If this option is not enabled, network
			traffic will not pass (fail-closed) until snort has fully started
			and is ready to perform packet inspection.
		</flag>
		<flag name="linux-smp-stats">
			Enable accurate statistics reporting through /proc on systems with
			multiple processors.
		</flag>
		<flag name="non-ether-decoders">
			Enable decoding of non-ethernet protocols such as TokenRing, FDDI,
			IPX, etc.
		</flag>
		<flag name="open-appid">
			Enable OpenAppID, an open, application-focused detection language
			and processing module for Snort that enables users to create, share,
			and implement application detection. Requires <pkg>dev-lang/luajit</pkg>.
		</flag>
		<flag name="perfprofiling">
			Enables support for preprocessor and rule performance profiling
			using the perfmonitor preprocessor.
		</flag>
		<flag name="ppm">
			Enables support for setting per rule or per packet latency limits.
			Helps protect against introducing network latency with inline
			deployments.
		</flag>
		<flag name="react">
			Enables support for the react rule keyword. Supports interception,
			termination, and redirection of HTTP connections.
		</flag>
		<flag name="shared-rep">
			Enables the use of shared memory for the Reputation Preprocessor
			(Only available on Linux systems)
		</flag>
		<flag name="side-channel">
			Enables Snort's side channel.
		</flag>
		<flag name="sourcefire">
			Enables Sourcefire specific build options, which include
			--enable-perfprofiling and --enable-ppm.
		</flag>
		<flag name="reload-error-restart">
			Enables support for completely restarting snort if an error is
			detected during a reload.
		</flag>
		<flag name="active-response">
			Enables support for automatically sending TCP resets and ICMP
			unreachable messages to terminate connections. Used with inline
			deployments.
		</flag>
		<flag name="flexresp3">
			Enables support for new flexable response preprocessor for enabling
			connection tearing for inline deployments. Replaces flexresp and
			flexresp2.
		</flag>
		<flag name="large-pcap-64bit">
			Allows Snort to read pcap files that are larger than 2 GB. ONLY
			VALID FOR 64bit SYSTEMS!
		</flag>
		<flag name="libtirpc">
			Build against <pkg>net-libs/libtirpc</pkg> for RPC support
		</flag>
	</use>
	<upstream>
		<maintainer>
			<email>snort-team@sourcefire.com</email>
			<name>Snort Team</name>
		</maintainer>
		<changelog>https://www.snort.org/downloads</changelog>
		<doc>https://snort.org/documents#OfficialDocumentation</doc>
		<bugs-to>https://snort.org/community#bugs</bugs-to>
	</upstream>
</pkgmetadata>

Lint Warnings

USE Flags

Flag Description 2.9.20-r1 2.9.20
active-response Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments.
control-socket Enables Snort's control socket.
debug Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
file-inspect Enables extended file inspection capabilities.
flexresp3 Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2.
gre Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headers. Only needed if you are monitoring GRE tunnels.
high-availability Enables high-availability state sharing.
inline-init-failopen Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection.
large-pcap-64bit Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!
libtirpc Build against <pkg>net-libs/libtirpc</pkg> for RPC support
linux-smp-stats Enable accurate statistics reporting through /proc on systems with multiple processors.
non-ether-decoders Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc.
open-appid Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires <pkg>dev-lang/luajit</pkg>.
perfprofiling Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor.
ppm Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments.
react Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections.
reload-error-restart Enables support for completely restarting snort if an error is detected during a reload.
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
shared-rep Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems)
side-channel Enables Snort's side channel.
sourcefire Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm.
threads Add threads support for various packages. Usually pthreads

Files

Manifest

Type File Size Versions
DIST snort-2.9.20.tar.gz 7009894 bytes 2.9.20
Unmatched Entries
Type File Size