Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

SnareLinux-1.7.0-0 RPM for i386

From SourceForge / s / sn / snare / Snare for Linux / 1.7.0

Name: SnareLinux Distribution: Unknown
Version: 1.7.0 Vendor: Leigh Purdie
Release: 0 Build date: Tue Aug 9 03:49:22 2011
Group: System Environment/Daemons Build host: dhel4
Size: 177151 Source RPM: SnareLinux-1.7.0-0.src.rpm
Packager: Leigh Purdie
Url: http://www.intersectalliance.com/
Summary: Snare for Linux - audit subsystem control and distribution
The System iNtrusion Analysis and Reporting Environment (SNARE) agent for
Linux provides a event collection, filtering, control and remote distribution
cabability for the Linux operating system. Snare supports organisations
that need to meet national security policy guidelines such as NISPOM,
DCID/DIAM, SOX/Sarbanes Oxley, GLBA, CISP and BS7799.

Provides

Requires

License

GPL

Changelog

* Sun Aug 07 2011 David Mohr
  - Updated micro web server authentication (digest)
  - Added html entity stripping to the /events web page to prevent XSS
  - Removed MD5 string from /remote web page
  - Added cookie support for Change Tokens
  - Added POST support to micro web server
  - Added pre-submit MD5 hashing of remote access password in /remote web page
  - Extended Change Token timeout
  - Updated auditctl commands to support updated "-i" flag
  - Updated SELinux policy module
  - Thanks to Andrew Brooks, of Halock Security Labs for identifying items 2, 3 and 4
* Mon Jul 04 2011 David Mohr
  - Bug fix for authentication event collection
  - Update SELinux policy module
* Fri Dec 17 2010 David Mohr
  - Updated architecture identification and syscall handling
  - Added ability to pass objective filters directly to auditctl
* Sun Jun 27 2010 David Mohr
  - Updated file permissions
  - Minor Remote Control Interface updates
  - Minor configuration checking updates
  - Security patch to prevent Cross Site Request Forgery
* Tue Dec 16 2008 David Mohr
  - Streamlined Helper/Dispatcher comms, minor resource saving
  - Removed unnecessary regex from Dispatcher, major resource saving
  - Made all file handles hot (no buffering)
  - Improved signal handling between Helper and Dispatcher
  - Fixed potential data corruption in DispatchHelper
* Thu Oct 23 2008 David Mohr
  - Completely revised file watch configuration
  - Fixed "empty fqdn/criticality" problem
  - Improved authentication event handling
  - Fixed "remove objective" bug that would delete two objectives
  - Fixed message buffering in SnareDispatchHelper
  - Fixed Display Recent Events rendering when using syslog
  - Final RHEL4 targeted release
* Tue May 27 2008 David Mohr
  - Further improved resource handling and collection speed (SnareDispatchHelper)
  - Added support for file watches
  - Updated compliance objective templates
  - Improved objective handling including ability to drop events
* Sun Dec 02 2007 David Mohr
  - Added support for login/logout events
  - Added support for account modification events
  - Improved resource handling and collection speed (SnareDispatchHelper)
* Mon Aug 06 2007 David Mohr
  - Added support for compound matching elements (e.g. name=/etc/* name!=/etc/blah/*)
  - Improved authentication support for remote control interface
  - Updated SELinux policy (RHEL5 support)
  - Improved automatic audit configuration using objective returncode detection to pre filter unnecessary records
  - Fixed element matching error
  - Fixed error in criticality reporting (e.g. criticality was always zero)
  - Fixed race condition that could potentially clear all audit rules on restart
  - Improved effeciency allowing a higher throughput
  - Improved installer for easier deployment
* Sun Jul 01 2007 David Mohr
  - Fixed syslog output
  - Added file output support to web interface
  - Fixed "Other" objective type to allow underscores
  - Fixed exclusion lists
  - Changed wildcards to match zero or more characters
  - Added regex option to config file
  - Added better Audit version detection
  - DNS timeout for restricted access hosts
* Tue Nov 28 2006 Leigh Purdie
  - Initial release - InterSect Alliance - http://www.intersectalliance.com/

Files

/etc/snare.conf
/usr/sbin/SnareDispatchHelper
/usr/sbin/SnareDispatcher
/usr/sbin/SnareInstaller.sh
/usr/sbin/SnareTranslationTable
/usr/sbin/SnareWebServer.pl
/usr/share/SnareLinux-1.7.0/snare.pp


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Apr 13 23:12:56 2014