Release of Shadow/Snort IDS version 3.1

From: Guy Bruneau (seeker_at_whitehats.ca)
Date: 08/27/03

  • Next message: Mark Teicher: "Re: ASIC-based vs. Software-based Security Platform" 
    Date: Tue, 26 Aug 2003 19:34:20 -0400
To: focus-ids@securityfocus.com, incidents@securityfocus.com

    his is to announce the release of Shadow/Snort IDS version 3.1.

    This package is released under the GNU software.

    Here are some of the features of Shadow /SnortIDS 3.1:

    - Hardened OS based on Slackware 9.0.0
    - Linux kernel 2.4.21
    - Trimmed down OS (~150 MB) and automatically runs the Shadow and Snort
    sensors after installation^M
    - Minimal user installation and configuration
    - Has no compiler and Open SSH is the only external service
    - Can only be access via Open SSH (deny all access by default)
    - Can search the sensor logs with a multi-day Perl script without the
    aid of an Analyzer. More information on how to use this feature is
    available on the installation ***.
    - Can search the sensor logs with a multi-day Perl script using Ngrep
    with a combination of strings and BPF filters. Additional information on

    how to use this feature is available on the installation ***.
    - See the release note directory for the installion *** (install.pdf).

    - Built with NSWC's Shadow version 1.8
    - Built with Snort IDS version 2.0.1
    - Built with Ngrep 1.41.0
    - Snort can monitor multiple interfaces with the use of the Snort
    configuration scripts.
    - Included slackupdate.sh script to maintain Slackware patches
    - Included Snort's oinkmaster.pl script to update Snort signatures.
    - A FAQ is located on the CD in the release note directory

    The complete installation process is located at:

    http://www.whitehats.ca/main/members/Seeker/seeker_shadow_IDS/seeker_shadow_ids.html

    The ISO can be dowloaded at:

    http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.iso

    The MD5 signature for the Shadow ISO image is located at:

    http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.md5

    References:

    Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/
    Snort at: http://www.snort.org

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
    ---------------------------------------------------------------------------

  • Next message: Mark Teicher: "Re: ASIC-based vs. Software-based Security Platform"
    • Quantcast