今天2007/06/07 才正式 release啦
http://snort-inline.sourceforge.net/download.html
Source code MD5
snort_inline-2.6.1.5 69a70a1f5652d7163375147a82b15144
一樣可到這http://www.inliniac.net/blog/?p=74查看 snort in inline mode 與 snort-inline 的不同
Quote:
List,I know it has been a long time since we have had a non-beta release,
but what can I say? Victor and I have both been busy in our personal
and professional lives. If you have been running the version of code
in SVN, there are no major updates with this release other than a
memleak fix for stream4inline. I don't think this gets said often
enough, so I would like to thank Sourcefire for all the hard work they
put into snort and the snort rule sets for which I and the rest of the
community greatly benefit.Regards,
Will
snort_inline-2.6.1.5
http://snort-inline.sourceforge.net/download.htmlDifferences between snort in inline mode and snort_inline
http://www.inliniac.net/blog/?p=74————————————————————————-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C – the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-inline-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/snort-inline-users
發現 snort-inline.conf 放了新東西
### Bleeding Rules
# include $RULE_PATH/bleeding.rules
# include $RULE_PATH/bleeding-attack_response.rules
# include $RULE_PATH/bleeding-botcc.rules
# include $RULE_PATH/bleeding-dos.rules
# include $RULE_PATH/bleeding-dshield.rules
# include $RULE_PATH/bleeding-exploit.rules
# include $RULE_PATH/bleeding-game.rules
# include $RULE_PATH/bleeding-inappropriate.rules
# include $RULE_PATH/bleeding-malware.rules
# include $RULE_PATH/bleeding-p2p.rules
# include $RULE_PATH/bleeding-policy.rules
# include $RULE_PATH/bleeding-scan.rules
# include $RULE_PATH/bleeding-virus.rules
# include $RULE_PATH/bleeding-voip.rules
# include $RULE_PATH/bleeding-web.rules
有必要來這http://www.bleedingsnort.com/研究研究囉
呵呵,寶藏@@,對我來說啦,^^
http://doc.bleedingthreats.net/bin/view/Main/AllRulesets
就 snort_inline.conf內容不一樣的地方還有
# 多了 SSH_PORTS參數
var SSH_PORTS 22# clamav的前置處理名稱也換了,並且多了 block-failed-scans參數,說明假如 clamav掃描過程中出現錯誤仍 Drop,需配合 action-drop 或 action-reset,如果沒加的話只是會 alert
#clamav: ports all !22 !443, toclientonly, dbdir /usr/share/clamav, dbreload-time 43200# 不知是無意的還是有意的,其實還是要 preprocessor clamav
留言
我有去下載新的rules,版本是2905的 不過很像還是跟snort_inline2.6.1.5的版本不相容 可以請教一下rules的版本嗎?? 謝謝您
這個我已經不記得了,你可能要再試試
請問一下snort_inline2.6.1.5安裝的問題 我在snort_inline2.6.1.5資料夾內做完./configure;make;make install之後 下一步不知道怎麼作 因為裡面無rules的資料夾 不知道要不要作 要去下載嗎還是? classification.config和reference.config這兩個設定檔也要放到drop-rules資料夾內嗎?? 麻煩您了
應該不用,下載snort rules來用就可以了