fwsnort 1.6.4

An Open Source application that translates snort rules into equivalent iptables rulesets
fwsnort is an open source command-line application written in C and designed to parse the rules files that are included in the Snort intrusion detection software. It also generates equivalent iptables rulesets.

fwsnort supports detection for tcp syn, null, fin, xmas scans, udp scans, many signature rules for Snort, a forensics mode for the analysis of iptables logfiles, passive OS fingerprinting through tcp syn packets, two different fingerprinting strategies, email alerts, and content-based alerts.

Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.

last updated on:
February 6th, 2014, 8:10 GMT
price:
FREE!
developed by:
Michael Rash
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ Logging

FREE!

In a hurry? Add it to your Download Basket!

user rating 28

UNRATED
3.2/5
 

0/5

3 Screenshots
fwsnort - The help message of the fwsnort command, as viewed from the Linux Terminalfwsnort - The output of the "fwsnort --help" commandfwsnort - fwsnort can only by executed as root (system administrator)
What's New in This Release:
  • Bug fix for vulnerability CVE-2014-0039 reported by Murray McAllister of the Red Hat Security Team in which an attacker-controlled fwsnort.conf file could be read by fwsnort when not running as root. This was caused by fwsnort reading './fwsnort.conf' when not running as root and when a path to the config file was not explicitly set with -c on the command line. This behavior has been changed to require the user to specify a path to fwsnort.conf with -c when not running as root.
  • Switch fwsnort.sh iptables-restore exec() strategy to leverage 'cat' against fwsnort.save file (fixes CentOS deployments).
  • Updated to bundle the latest Emerging Threats rule set.
read full changelog

Add your review!

SUBMIT