<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> | |
<pkgmetadata> | |
<herd>netmon</herd> | |
<herd>proxy-maintainers</herd> | |
<maintainer> | |
<email>patrick@gentoo.org</email> | |
<name>Patrick Lauer</name> | |
<description>Maintainer</description> | |
</maintainer> | |
<maintainer> | |
<email>jason.r.wallace@gmail.com</email> | |
<name>Jason Wallace</name> | |
<description>Proxy maintainer. CC him on bugs</description> | |
</maintainer> | |
<longdescription> | |
Snort is an open source network intrusion prevention and detection | |
system (IDS/IPS) developed by Sourcefire. Combining the benefits of | |
signature, protocol, and anomaly-based inspection, Snort is the most | |
widely deployed IDS/IPS technology worldwide. With millions of downloads | |
and approximately 300,000 registered users, Snort has become the de facto | |
standard for IPS. | |
</longdescription> | |
<upstream> | |
<maintainer> | |
<email>snort-team@sourcefire.com</email> | |
<name>Snort Team</name> | |
</maintainer> | |
<changelog>http://www.snort.org/snort-downloads</changelog> | |
<doc>http://www.snort.org/docs</doc> | |
<bugs-to>http://www.snort.org/snort-downloads/submit-a-bug/</bugs-to> | |
</upstream> | |
<use> | |
<flag name='control-socket'> | |
Enables Snort's control socket. | |
</flag> | |
<flag name='dynamicplugin'> | |
Enable ability to dynamically load preprocessors, detection engine, | |
and rules library. This is required if you want to use shared | |
object (SO) snort rules. | |
</flag> | |
<flag name='file-inspect'> | |
Enables extended file inspection capabilities. | |
</flag> | |
<flag name='gre'> | |
Enable support for inspecting and processing Generic Routing | |
Encapsulation (GRE) packet headders. Only needed if you are | |
monitoring GRE tunnels. | |
</flag> | |
<flag name='high-availability'> | |
Enables high-availability state sharing. | |
</flag> | |
<flag name='inline-init-failopen'> | |
Enables support to allow traffic to pass (fail-open) through | |
inline deployments while snort is starting and not ready to begin | |
inspecting traffic. If this option is not enabled, network | |
traffic will not pass (fail-closed) until snort has fully started | |
and is ready to perform packet inspection. | |
</flag> | |
<flag name='linux-smp-stats'> | |
Enable accurate statistics reporting through /proc on systems with | |
multipule processors. | |
</flag> | |
<flag name='mpls'> | |
Enables support for processing and inspecting Multiprotocol Label | |
Switching MPLS network network traffic. Only needed if you are | |
monitoring an MPLS network. | |
</flag> | |
<flag name='non-ether-decoders'> | |
Enable decoding of non-ethernet protocols such as TokenRing, FDDI, | |
IPX, etc. | |
</flag> | |
<flag name='perfprofiling'> | |
Enables support for preprocessor and rule performance profiling | |
using the perfmonitor preprocessor. | |
</flag> | |
<flag name='ppm'> | |
Enables support for setting per rule or per packet latency limits. | |
Helps protect against introducing network latency with inline | |
deployments. | |
</flag> | |
<flag name='react'> | |
Enables support for the react rule keyword. Supports interception, | |
termination, and redirection of HTTP connections. | |
</flag> | |
<flag name='shared-rep'> | |
Enables the use of shared memory for the Reputation Preprocessor | |
(Only available on Linux systems) | |
</flag> | |
<flag name='side-channel'> | |
Enables Snort's the side channel. | |
</flag> | |
<flag name='sourcefire'> | |
Enables Sourcefire specific build options, which include | |
--enable-perfprofiling and --enable-ppm. | |
</flag> | |
<flag name='targetbased'> | |
Enables support in snort for using a host attibute XML file | |
(attribute_table.dtd). This file needs to be created by the user | |
and should define the IP address, operating system, and services | |
for all hosts on the monitored network. This is cumbersome, but | |
can improve intrusion detection accuracy. | |
</flag> | |
<flag name='reload-error-restart'> | |
Enables support for completely restarting snort if an error is | |
detected durring a reload. | |
</flag> | |
<flag name='zlib'> | |
Enables HTTP inspection of compressed web traffic. Requires | |
dynamicplugin be enabled. | |
</flag> | |
<flag name='active-response'> | |
Enables support for automatically sending TCP resets and ICMP | |
unreachable messages to terminate connections. Used with inline | |
deployments. | |
</flag> | |
<flag name='normalizer'> | |
Enables support for normalizing packets in inline deployments to | |
help minimize the chances of detection evasion. | |
</flag> | |
<flag name='flexresp3'> | |
Enables support for new flexable response preprocessor for enabling | |
connection tearing for inline deployments. Replaces flexresp and | |
flexresp2. | |
</flag> | |
<flag name='paf'> | |
Enables support for Protocol Aware Flushing. This allows Snort to | |
statefully scan a stream and reassemble a complete protocol data | |
unit regardless of segmentation. | |
</flag> | |
<flag name='large-pcap-64bit'> | |
Allows Snort to read pcap files that are larger than 2 GB. ONLY | |
VALID FOR 64bit SYSTEMS! | |
</flag> | |
</use> | |
</pkgmetadata> |