Snort is an open source network intrusion detection and prevention system. It is capable of performing real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matchingin order to detect a anomalies, misuse and attacks. Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line. Snort has three primary functional modes. It can be used as a packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection and prevention system. Please read the snort_manual.pdf file that should be included with this distribution for full documentation on the program as well as a guide to getting started. This package builds a very basic snort implimentation useful for monitoring traffic as an IDS or packet logger and as a sort of improved tcpdump (which is what I use it for). MySQL support is included, so you should have little trouble hooking snort up to a database or ACID. For more information on these, check out snort's homepage at: http://www.snort.org/ http://www.snort.org/docs/ snort.org has a nasty habit of changing the location of their source code, which means there's no garauntee that the link in snort.info is correct. If you can't get that link to work, look for the source code at: http://www.snort.org/dl/old/ Please note that this build script disables dynamic plugins. This can be easily added by deleting the following line in the script. --disable-dynamicplugin \ This will put the headers and source for dynamic plugins into /usr/src/snort. There is no rc.snort script included with this script at this time, but you should have little trouble creating one of your own. Please e-mail me with any questions or comments. -- Alan Hicks