Linux Forensics Tools Repository: Package Summary for Packages on October 2, 2015:

  • ADIA-FC17-{i686,x86-64}-{VMware,VirtualBox}.iso - These items are VMware and VirtualBox-based forensic appliances built with Fedora 17 for the i686 and x86_64 architectures. Please note that they are not a live CDs. See here for more details. The changes made are the folloing:
    • Latest CERT Forensics Key installed.
    • All packages updated as of September 24, 2015.
    • SElinux disabled on all releases.

  • snort-2.9.7.6-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-openappid-2.9.7.6-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
    • The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
    • The files found here and named snort-openappid.tar.gz are installed in /usr/share/snort/cisco/apps.
    • Here is the Open Source Detectors Developers Guide here.

  • snort-sample-rules-2.9.7.6-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.