LiFTeR: Changes for October 2, 2015
- ADIA -
These items are VMware and VirtualBox-based forensic appliances built with Fedora 17 for the i686 and x86_64 architectures.
Please note that they are not a live CDs.
See here for more details.
The changes made are the folloing:
- Latest CERT Forensics Key installed.
- All packages updated as of September 24, 2015.
- SElinux disabled on all releases.
- snort-2.9.7.6-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6}.{i686,x86_64}.rpm and snort-2.9.7.6-1.el7.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
- snort-openappid-2.9.7.6-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm and snort-openappid-2.9.7.6-1.el7.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
- snort-sample-rules-2.9.7.6-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.noarch.rpm - These rules are sample rules only and are intended to allow
snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.