Snort is an open source network intrusion detection and prevention
system. It is capable of performing real-time traffic analysis,
alerting, blocking and packet logging on IP networks. It utilizes
a combination of protocol analysis and pattern matching in order to
detect a anomalies, misuse and attacks.
Snort uses a flexible rules language to describe activity that can
be considered malicious or anomalous as well as an analysis engine
that incorporates a modular plugin architecture. Snort is capable
of detecting and responding in real-time, sending alerts, performing
session sniping, logging packets, or dropping sessions/packets when
deployed in-line.
Snort has three primary functional modes. It can be used as a packet
sniffer like tcpdump(1), a packet logger (useful for network traffic
debugging, etc), or as a full blown network intrusion detection and
prevention system.
You need to create a new UID/GID before building snort
groupadd -g 395 snort
useradd -u 395 -g 395 -d /var/log/snort snort
If you need to port the old snort configuration files to new lua format,
you can use snort2lua with -c parameter:
snort2lua -c snort.conf
or
snort2lua --conf-file snort.conf
if you want to convert Snort 2 rules into Snort 3 rules, use:
Snort2lua -c snort2.rules -r snort3.rules
For more information about running Snort on Slackware, please see
README.SLACKWARE.
This requires: luajit, daq, hwloc
Maintained by: David Spencer
Keywords: security,ids,ipds,sniffer,ips,intrusion,detection,prevention
ChangeLog: snort
Homepage:
https://www.snort.org/
Download SlackBuild:
snort.tar.gz
snort.tar.gz.asc (FAQ)
(the SlackBuild does not include the source)
| Individual Files: |
| • README |
| • README.SLACKWARE |
| • doinst.sh |
| • rc.snort |
| • slack-desc |
| • snort.SlackBuild |
| • snort.info |
| • update_rules.sh |
© 2006-2026 SlackBuilds.org Project. All rights reserved.
Slackware® is a registered trademark of
Patrick Volkerding
Linux® is a registered trademark of
Linus Torvalds