[Mageia-dev] [changelog] [RPM] cauldron core/release snort-2.9.4-1.mga3

Guillaume Rousse guillomovitch at gmail.com
Tue Dec 4 09:30:59 CET 2012

Le 04/12/2012 03:12, dlucio a écrit :
> Description :
> Snort is a libpcap-based packet sniffer/logger which can be used as a
> lightweight network intrusion detection system. It features rules based logging
> and can perform protocol analysis, content searching/matching and can be used
> to detect a variety of attacks and probes, such as buffer overflows, stealth
> port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
> Snort has a real-time alerting capabilty, with alerts being sent to syslog, a
> separate "alert" file, or as a WinPopup message via Samba's smbclient
This is perfectly enough as package description. Everything else is 
package usage documentation, and should go elsewhere, such as a 
README.mga file.

> This rpm is different from previous rpms
Which ones ?

> and while it will not clobber
> your current snort file, you will need to modify it.
As for every other package.

> There are 9 different packages available
> All of them require the base snort rpm.  Additionally, you will need
> to chose a binary to install.
> /usr/sbin/snort should end up being a symlink to a binary in one of
> the following configurations. We use update-alternatives for this.
> Here are the different packages along with their priorities.
> plain(10)               plain+flexresp(11)              mysql(12)
> mysql+flexresp(13)      postgresql(14)                  postgresql+flexresp(15)
> bloat(16)               inline(17)                      inline+flexresp(18)
> prelude(19)             prelude+flexresp(20)
The day you'll modify those priorities, you'll have to modify those 
values too.

> Please see the documentation in /usr/share/doc/snort
As for every other package.

BOFH excuse #388:

Bad user karma.

More information about the Mageia-dev mailing list