[opensuse-security] Where is snort?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is no snort in 10.3. Why? - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSg8ItTMYHG2NR9URAmbIAJ4/XfzorMHrTclNlUpf1g+WC3k9fACfWbRW 8/8bLrVwfLyYbiqZW/InBBs= =KMUJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
There is no snort in 10.3. Why?
Wtf does this have to do with this list? Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
quoting Wikipedia: Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows <http://en.wikipedia.org/wiki/Buffer_overflow>, stealth port scans <http://en.wikipedia.org/wiki/Port_scan>, web application attacks, SMB <http://en.wikipedia.org/wiki/Server_Message_Block> probes, and OS fingerprinting attempts, amongst other features. ( http://en.wikipedia.org/wiki/Snort_%28software%29 ) I think that it really fits a security related list. regards! Ariel Druid escribió:
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
I think that it really fits a security related list.
Not really. This list is not about people finding packages. It would if there were a problem with snort, if snort didnt work, if there was a compilation problem, if there was a security breach, if there was an update, if there was a security incidente, if there was a new tool around, etc etc. Regards Marcio Ferreira --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Druid wrote:
I TOTALLY disagree. "Why is security package <foo> not included in SUSE X.y?" is a perfectly reasonable security question for this list. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin CEO, Mercenary Linux http://mercenarylinux.com/ Itanium. Vista. GPLv3. Complexity at work --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2007-11-25 at 18:44 -0800, Crispin Cowan wrote:
I TOTALLY disagree. "Why is security package <foo> not included in SUSE X.y?" is a perfectly reasonable security question for this list.
Thanks, Crispin. Any idea why snort was dropped, though? :-) Nobody seems to know, or people that know don't read this list. The question was asked also in the main list, but no answer. The last resource would be bugzilla... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSsVktTMYHG2NR9URAtnrAJ4stbo9+JK6pVvvBTAbwadZqbyLjACggoaM 4AT9s2oQuvCmn5dyYXFbAP8= =VZxZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Nov 26, 2007 at 02:08:49PM +0100, Carlos E. R. wrote:
The people that know read this list, like me for instance. The packager called for another maintainer of the package and since no-one was found, the package got dropped. This is not an ideal solution however, I will inquire how to handle such things otherwise. I do not even know if snort OpenSource is really useful, or if you need to buy the fully uptodate ruleset subscription to make it useful. If the latter is true, then snort.org should offer the packages. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-11-26 at 14:11 +0100, Marcus Meissner wrote:
Sorry - maybe you needed a little teasing O:-)
The packager called for another maintainer of the package and since no-one was found, the package got dropped.
Ah.
This is not an ideal solution however, I will inquire how to handle such things otherwise.
Thanks!
I personally don't need it, but I was certainly curious why it was removed. A chap in the Spanish list updated from 10.0 to 10.3, and his snort was not removed, somehow. Something was broken, though, with weird symptoms: he could not ftp from one particular suse machine to the 10.3 machine, in the local network, but he could from internet. Just by chance he noticed the old snort version, removed it, and then voilá, ftp worked again. This prompted us to investigate why snort had not been updated, then saw it was not included in 10.3, and I got curious, and /he/ may need it. So I asked here :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSsnUtTMYHG2NR9URArpzAJ4ma98WqF0Oxe/EHUI7YqqF9Va96wCgklae 6PPEOHB1wb1SFAriPnExRmM= =GzOS -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schrieb:
Does this mean packages seen of least interest aren't further maintained unless you purchase a commercial license? Or does it mean if no one is found to maintain a package it can be dropped from the distro unless no one asks for?
An software author who distributes sources is not forced to offer pre-compiled binaries. In case of SuSE you don't find any binaries (maybe a few) offered from authors pages for up-to-date distributions. Instead you are forced to compile your own binaries or download from compiled sources with unknow file integrity. Notice: Any download not coming from the author of a software might contain _arbitrary_ (or any) code! Regards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBR0sm2UNg1DRVIGjBAQI3YwcAjrWmRc5wUNBVNlspHMCDscW6SNLfoAd6 iU+U8ntjFivnOWEoXFpxvOPMjbKP9/OS1+9qRJAZu+7KogB24nsDgRI0NPvf38FA uf+JZgPPhE5ScmjxsjOn/AzEfgc5HNQPadXQDsXoIvyIepqeb/O7IhShE4Rbh8h3 k0yyAeR47geAtKTJfsryRFcr+we3vsxndWoGycLxfkvL/+qmOgWyDuO8MOlTjmol kowDVMaaJA5VVPiPf1vcA3NClGt0VpFBZYLwb8+Y1CKYWiIshaEntNk5WhTQtyiA Kt7X/RYvTRY= =MmHC -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Philippe Vogel wrote:
I guess Marcus' argument was meant to apply if snort is of no use w/o a commercial subscription then the company/people behind the commercial version should take care of distributing their software. Noone forces them to do it but then noone gets their software. But since you state it's still useful in its "free" flavour I guess it's still of interest to have it distributed within openSUSE.
That's no argument if you decide to pay the snort vendor for their service since you have to trust them anyway in that case. It's finally a security application. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Sunday 25 November 2007 16:17, Druid wrote:
There is no snort in 10.3. Why?
Wtf does this have to do with this list?
Snort is a security tool. I'm guessing it isn't included in 10.3, hence the question. http://www.snort.org/ http://en.wikipedia.org/wiki/Snort_(software) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Perhaps the OP's question is, "why was snort pulled from the 10.3 branch?" It used to be part of the regular distro, http://www.novell.com/products/linuxpackages/suselinux/snort.html but maybe now it's been pulled. I wasn't able to see it in the in the 10.3 listing on the novell site. Either way, OP, you should be able to find a pre-build snort rpm at http://rpm.pbone.net/index.php3. On Nov 25, 2007 7:27 PM, Kai Ponte <kai@perfectreign.com> wrote:
-- cheers, dg Darko Gavrilovic, CISSP http://www.linkedin.com/in/darkog --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2007-11-25 at 20:03 -0500, darko g wrote:
Perhaps the OP's question is, "why was snort pulled from the 10.3 branch?"
Yes, that's another way to pose my question :-) It was included, now it is not, and being a security package there must be a security related reason not to include it any more - thus my query.
but maybe now it's been pulled. I wasn't able to see it in the in the 10.3 listing on the novell site.
Neither using webpin.
Either way, OP, you should be able to find a pre-build snort rpm at http://rpm.pbone.net/index.php3.
No, I'm not that interested in the package itself, I don't really need it. What interests me is the reason for not including it. You see, I trust that Novell must have a reason for that decision, and I'd like to know it. Maybe it is no longer free, or maybe it is no longer maintained. As a matter of fact, the site < http://www.snort.org> is down. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSiX8tTMYHG2NR9URAm0qAJwP54yKPQGMA8++yoRPi4YKwyTjiwCff1CM ICcu36JIuun8ChH35Ypzr5M= =JuWY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Nah, Snort still maintained. Will be for some time to come. Have you checked the release notes for 10.3. The developers might have put something in there as to why they did it. It's entirely possible that it wasn't that popular a package for most desktop users and got the boot. On Nov 25, 2007 8:48 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
-- cheers, dg Darko Gavrilovic, CISSP http://www.linkedin.com/in/darkog --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2007-11-25 at 21:04 -0500, darko g wrote:
No, there's nothing in the release notes, I just checked. And the fact that snort home page is down is suspicious. I'm sure it was intentionally dropped from the distro; opensuse is also used on server machines and popularity is not a good enough reason, not a serious one for a security related package; but lack of maintenance would be. And somebody must know! We'll have to wait till people on the know wake up and check the list :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSjOCtTMYHG2NR9URAjWXAJ9gkz3K70bTN4rKW4+6rdMfBnYUhwCdEtr9 UzBLJ7ArrPshQSZBPapx3/s= =Oz6v -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
2007/11/25, Carlos E. R. <robin.listas@telefonica.net>:
I recall having read about that, it was dropped because of legal issues. Regards, Ciro --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
2007/11/25, Ciro Iriarte <cyruspy@gmail.com>:
Sorry, i was wrong, the blacklisted security package is aircrack (http://en.opensuse.org/Application_Black_List). You should ask on the OpenSUSE list, maybe it's a omission/bug. Regards, Ciro --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Nov 25, 2007 9:46 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
No, there's nothing in the release notes, I just checked.
And the fact that snort home page is down is suspicious.
www.snort.org is down, everything else seems up. http://www.google.ca/search?hl=en&rlz=1B3GGGL_enCA247CA247&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=inurl:snort.org&spell=1 It might be just a lazy sysadmin on US thanksgiving holidays. -- cheers, dg Darko Gavrilovic, CISSP http://www.linkedin.com/in/darkog --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-11-26 at 01:50 -0300, Ciro Iriarte wrote:
It might be just a lazy sysadmin on US thanksgiving holidays.
The site is back online.
Well... then they are in bussiness. Their latest tar is dated on September. But why it was dropped from the distro remains a mistery. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSsZgtTMYHG2NR9URAkvoAJ42yiajGhbM/C+4oWo/sFcmecd4GwCfY9g5 dNJGMmEVG4KFco9KLVNkHGE= =xJiT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (10)
-
ariel sabiguero yawelak
-
Carlos E. R.
-
Ciro Iriarte
-
Crispin Cowan
-
darko g
-
Druid
-
Kai Ponte
-
Marcus Meissner
-
Philippe Vogel
-
Wolfgang Rosenauer