snort

Description:The de facto standard for intrusion detection/prevention
License: GPL-2
Homepage:https://www.snort.org
Location:Portage
Legend:
  • + - stable
  • ~ - unstable
  • M - hardmask
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
2.9.15.1 diff - ~ ~ - - - ~ ~ ~ - - ~ ~
2.9.15 diff - ~ ~ - - - ~ ~ ~ - - ~ ~
2.9.12 diff - ~ ~ - - - ~ ~ ~ - - ~ ~
2.9.8.3-r2 - ~ ~ - - - ~ ~ ~ - - ~ ~

USE flags

  • active-response - Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments.
  • control-socket - Enables Snort's control socket.
  • debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
  • file-inspect - Enables extended file inspection capabilities.
  • flexresp3 - Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2.
  • gre - Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headders. Only needed if you are monitoring GRE tunnels.
  • high-availability - Enables high-availability state sharing.
  • inline-init-failopen - Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection.
  • ipv6 - Add support for IP version 6
  • large-pcap-64bit - Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!
  • libtirpc - Build against net-libs/libtirpc for RPC support
  • linux-smp-stats - Enable accurate statistics reporting through /proc on systems with multipule processors.
  • mysql - Add mySQL Database support
  • non-ether-decoders - Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc.
  • odbc - Add ODBC Support (Open DataBase Connectivity)
  • open-appid - Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires dev-lang/luajit.
  • perfprofiling - Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor.
  • postgres - Add support for the postgresql database
  • ppm - Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments.
  • prelude - Add support/bindings for the Prelude Intrusion Detection System
  • react - Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections.
  • reload-error-restart - Enables support for completely restarting snort if an error is detected durring a reload.
  • selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
  • shared-rep - Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems)
  • side-channel - Enables Snort's the side channel.
  • sourcefire - Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm.
  • static - !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
  • threads - Add threads support for various packages. Usually pthreads

Security Advisory

Date Severity Title
about 13 years high Snort: Remote execution of arbitrary code
about 13 years normal Snort: Denial of Service

Also available in: Atom

Thank you!