IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Release of Shadow/Snort IDS version 3.1

From: Guy Bruneau <seeker () whitehats ca>
Date: Tue, 26 Aug 2003 19:34:20 -0400
his is to announce the release of Shadow/Snort IDS version 3.1.

This package is released under the GNU software.

Here are some of the features of Shadow /SnortIDS 3.1:

- Hardened OS based on Slackware 9.0.0
- Linux kernel 2.4.21
- Trimmed down OS (~150 MB) and automatically runs the Shadow and Snort
sensors after installation^M
- Minimal user installation and configuration
- Has no compiler and Open SSH is the only external service
- Can only be access via Open SSH (deny all access by default)
- Can search the sensor logs with a multi-day Perl script without the
aid of an Analyzer. More information on how to use this feature is
available on the installation sheet.
- Can search the sensor logs with a multi-day Perl script using Ngrep
with a combination of strings and BPF filters. Additional information on

how to use this feature is available on the installation sheet.
- See the release note directory for the installion sheet (install.pdf).

- Built with NSWC's Shadow version 1.8
- Built with Snort IDS version 2.0.1
- Built with Ngrep 1.41.0
- Snort can monitor multiple interfaces with the use of the Snort
configuration scripts.
- Included slackupdate.sh script to maintain Slackware patches
- Included Snort's oinkmaster.pl script to update Snort signatures.
- A FAQ is located on the CD in the release note directory

The complete installation process is located at:

http://www.whitehats.ca/main/members/Seeker/seeker_shadow_IDS/seeker_shadow_ids.html

The ISO can be dowloaded at:

http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.iso

The MD5 signature for the Shadow ISO image is located at:

http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.md5

References:

Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/
Snort at: http://www.snort.org


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: