snort

Description:The de facto standard for intrusion detection/prevention
License: GPL-2
Homepage:https://www.snort.org
Location:Portage
Legend:
  • + - stable
  • ~ - unstable
  • M - hardmask
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
2.9.17-r1 - - - - - - - - - - - - -

USE flags

  • active-response - Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments.
  • control-socket - Enables Snort's control socket.
  • debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
  • file-inspect - Enables extended file inspection capabilities.
  • flexresp3 - Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2.
  • gre - Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headers. Only needed if you are monitoring GRE tunnels.
  • high-availability - Enables high-availability state sharing.
  • inline-init-failopen - Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection.
  • large-pcap-64bit - Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!
  • libtirpc - Build against net-libs/libtirpc for RPC support
  • linux-smp-stats - Enable accurate statistics reporting through /proc on systems with multiple processors.
  • lua_single_target_luajit - Build for LuaJIT only
  • non-ether-decoders - Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc.
  • open-appid - Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires dev-lang/luajit.
  • perfprofiling - Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor.
  • ppm - Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments.
  • react - Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections.
  • reload-error-restart - Enables support for completely restarting snort if an error is detected during a reload.
  • selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
  • shared-rep - Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems)
  • side-channel - Enables Snort's side channel.
  • sourcefire - Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm.
  • threads - Add threads support for various packages. Usually pthreads

Security Advisory

Date Severity Title
almost 18 years high Snort: Remote execution of arbitrary code
almost 18 years normal Snort: Denial of Service

Also available in: Atom

Thank you!