[Snort-users] Release of Shadow/Snort IDS version 4.4
seeker at ...5932...
Mon Aug 23 17:45:08 EDT 2004
This is to announce the release of Shadow/Snort IDS version 4.4.
This package is released under the GNU software.
Here are some of the features of Shadow/Snort IDS 4.4:
- Hardened OS based on Slackware 9.1.0
- Linux kernel 2.4.26
- Trimmed down OS (~150 MB) and automatically runs the Shadow and Snort
sensors after installation
- Minimal user installation and configuration
- Open SSH is the only remote access service. If ACID is installed,
HTTPS is restricted by iptables firewall
- Can only be access via Open SSH (deny all access by default)
- Can search the Shadow sensor logs with a multi-day Perl script without
the aid of an Analyzer. More information on how to use this feature is
available on the installation sheet.
- Can search the Shadow sensor logs with a multi-day Perl script using
Ngrep with a combination of strings and BPF filters. Additional
information on how to use this feature is available on the installation
- See the release note directory for the installion sheet (install.pdf).
- Built with NSWC's Shadow version 1.8
- Built with Snort IDS version 2.2.0 with mysql and Jeff Nathan's new
flexible response version 2
- A ready to use package with Apache/ACID/MySQL prebuilt to use ACID to
- Contains current Bleeding Edge Malware rules
- Built with Ngrep 1.41.0
- Snort can monitor multiple interfaces with the use of the Snort
- Snorts now saves the data in BPF format and cut a new log every day at
12 am through a cronjob.
- Included slackupdate.sh script to maintain Slackware patches
- Included Snort's oinkmaster.pl script to update Snort signatures.
- A FAQ is located on the CD in the release note directory
The complete installation process is located at:
The ISO can be dowloaded at:
The MD5 signature for the Shadow ISO image is located at:
More on Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/
More on Snort at: http://www.snort.org
More information about the Snort-users