![[Snare Logo]](/images/SnareLinux.gif)
The team at InterSect Alliance has experience with auditing and
intrusion detection on a wide range of platforms such as - Solaris,
Windows 2000/NT/XP/2003, Novell Netware, AIX, even MVS (ACF2/RACF); and within
a wide range of IT security in businesses such as - National Security and
Defence Agencies, Financial Service firms, Government Departments and Service
Providers.
This background gives us an insight into how to effectively
deploy host and network intrusion detection systems that support and enhance
an organisation's business goals.
As long term users of the Linux operating system, we believe that
an effective auditing and event logging subsystem is a key prerequisite
for many large organisations; particularly those that need to meet national, or international security-related legislative requirements.
As such, the InterSect Alliance team is building on the existing
audit subsystem in later generations of the Linux kernel, to try and bring
a simple and effective audit subsystem to the linux operating system.
The project is called 'SNARE for Linux' (SNARE stands for System
iNtrusion Analysis & Reporting Environment), and like many of our
other Snare Agent tools, is available under the terms of the GNU Public License.
|
Snare is currently used by hundreds of thousands of individuals,
and organisations worldwide. Snare for Linux is used by many large Financial,
Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to
meet elements of local and federal security requirements, such as:
|
InterSect Alliance welcome your support, comments, and contributions. Our contact details are
available from our contact page.
Setting an objective using the tiny browser-compatible control system.
Viewing recent events using the internal event browser.
This version has been developed on Redhat Enterprise Linux 4.0 U3, and tested on Redhat Enterprise 5, Fedora Core 5 and Fedora Core 6.
It will work on SuSE 10.1+. Download the service script here thanks to Ryan Landis.
It does not yet work on Ubuntu Dapper, but Canonical are currently investigating options.
The native audit subsystem is a prerequisite for the installation of the 1.x version of Snare.
This may be available on distributions that run kernel 2.6.13 and above.
We also recommend turning on Snare's tiny web-browser compatible configuration interface by modifying /etc/snare.conf, uncommenting "allow=1" from the [Remote] section of the configuration file, and restarting the audit subsystem (/etc/init.d/auditd restart). Once this is done, you will be able to point a web browser at port 6161 on the local machine to configure objectives and otherwise manage your agent. We recommend setting a password to restrict access, and you may also want to take advantage of the application-level firewall capability.
Your feedback is important to us. Please let us know if you encounter any problems, or have a suggested base objective setup for the final release.
|
| Version 1.3 |
Source Files (optional) |
Download, and install using 'make install'
|
| RPMS |
Download the following files:
64 bit RPMS:
Install by running the command:
rpm -Uvh SnareLinux-1.3-1.i386.rpm
|
Older versions of Snare for Linux (which require kernel-level changes to your system) are available from
this page.
The Sourceforge development website shows support for the open source development community by providing SNARE with a home away from home, and Snare support forums.
| |
InterSect provides commercial Snare Agent support for our Snare Server customers, but we're always happy to help out via the
Snare Sourceforge Forum.
![[InterSect Swish]](/images/Right-Swish.jpg)
