snort-rules-default 2.9.2.2-3 / usr / share / doc / snort-rules-default / README.Debian

This file is indexed.

/usr/share/doc/snort-rules-default/README.Debian is in snort-rules-default 2.9.2.2-3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
README for snort-rules-default
-----------------------------

  A common question by Snort users is: why is the default ruleset provided by
  the snort-rules-default package outdated?

  The answer is simple: starting with the 2.4 release of Snort, Sourcefire, the
  company developing the program, decided to stop distributing any ruleset with
  the Snort software itself.

  At the same time, the company changed the license of the IDS ruleset provided
  introducing "Sourcefire VRT Certified rules" ruleset which is considered the
  official ruleset for Snort. This ruleset is:
    
    - provided only to registered users through the snort.org site
    - distributed under a non-free license which prohibits redistribution 
      by other sources (including this package)

  However, since providing a network IDS such as Snort without *any* ruleset
  makes it completely useless, for the benefit of those users with no Internet
  connection, the Debian maintainer continued provided the the free (GPLv2)
  ruleset that was provided with the Snort back in 2005. This ruleset was later
  increased with the rulese provided in "Community" ruleset later on
  (in 2007).

  This rulesets is provided for testing purposes. It can be useful to define
  new (local) rules using the provided rules as a basis.
  
  Please note that, since network threats are constantly changing, a network
  intrusion detection system using rules developed in 2007 cannot be considered
  to "protect" a network and detect recent network attacks. No more than an
  anti-virus program using a 5-year-old database can be considered an
  "effective" measure to detect and remove new virii.


  Users that want to use Snort in production environments are recommended
  to either:

    - Obtain additional/updated rulesets from Open Source projects
      such as "Emerging Threats". 

      For more information see http://www.emergingthreats.net/
      For rulesets seet http://rules.emergingthreats.net/open/

    - Obtain additional/updated rulesets from Sourcefire or any other
      companies providing non-free content. For Sourcefire, this requires
      registration at their site.
      
      For more information see http://www.snort.org/snort-rules/

    - Develop their own ruleset

  To automatically download rules and keep their Snort system up-to-date users
  can use the 'oinkmaster' package. This program will automatically update the
  rulesets once configured to download from an appropiate location.


  In any case, should you find any issues (such as false positives, performance
  problems), please file a bug against the Debian 'snort-rules-default' package.
  The Debian package maintainers will do their best to keep the ruleset bug-free
  though not necessarily up-to-date.

  You can find the list of known problems at 

   http://bugs.debian.org/snort-rules-default


 -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org>  Wed, 08 Aug 2012 01:23:41 +0200

APT Browse - Built by Thomas Orozco.