[Snort-users] Release of Shadow/Snort IDS version 4.4

Guy Bruneau seeker at ...5932...
Mon Aug 23 17:45:08 EDT 2004


This is to announce the release of Shadow/Snort IDS version 4.4.

This package is released under the GNU software.

Here are some of the features of Shadow/Snort IDS 4.4:

- Hardened OS based on Slackware 9.1.0
- Linux kernel 2.4.26
- Trimmed down OS (~150 MB) and automatically runs the Shadow and Snort
sensors after installation
- Minimal user installation and configuration
- Open SSH is the only remote access service. If ACID is installed,
HTTPS is restricted by iptables firewall
- Can only be access via Open SSH (deny all access by default)
- Can search the Shadow sensor logs with a multi-day Perl script without
the aid of an Analyzer. More information on how to use this feature is
available on the installation sheet.
- Can search the Shadow sensor logs with a multi-day Perl script using
Ngrep with a combination of strings and BPF filters. Additional
information on how to use this feature is available on the installation
sheet.
- See the release note directory for the installion sheet (install.pdf).

- Built with NSWC's Shadow version 1.8
- Built with Snort IDS version 2.2.0 with mysql and Jeff Nathan's  new
flexible response version 2
- A ready to use package with Apache/ACID/MySQL prebuilt to use ACID to
correlate events
- Contains current Bleeding Edge Malware rules
- Built with Ngrep 1.41.0
- Snort can monitor multiple interfaces with the use of the Snort
configuration scripts.
- Snorts now saves the data in BPF format and cut a new log every day at
12 am through a cronjob.
- Included slackupdate.sh script to maintain Slackware patches
- Included Snort's oinkmaster.pl script to update Snort signatures.
- A FAQ is located on the CD in the release note directory

The complete installation process is located at:
http://www.whitehats.ca/main/members/Seeker/seeker_shadow_IDS/seeker_shadow_ids.html

The ISO can be dowloaded at:
http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.iso

The MD5 signature for the Shadow ISO image is located at:
http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.md5

References:

More on Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/
More on Snort at: http://www.snort.org






More information about the Snort-users mailing list