https://github.com/sonertari/snortips

Passive IPS for Snort on OpenBSD
https://github.com/sonertari/snortips

ips openbsd passive-ips snort

Last synced: 2 months ago
JSON representation

Passive IPS for Snort on OpenBSD

• Host: GitHub
• URL: https://github.com/sonertari/snortips
• Owner: sonertari
• Created: 2017-11-03T10:46:40.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2018-02-09T12:45:00.000Z (about 7 years ago)
• Last Synced: 2025-01-08T04:13:03.465Z (4 months ago)
• Topics: ips, openbsd, passive-ips, snort
• Language: Perl
• Homepage:
• Size: 11.7 KB
• Stars: 3
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# SnortIPS

SnortIPS is a passive Intrusion Prevention System (IPS) for Snort IDS running on OpenBSD.

## Features

As a summary of its operation, SnortIPS:

- Follows new lines appended to Snort alerts file to find priority and keywords defined in its configuration file.

- Blocks source IP addresses in matching alerts for a duration of time.

- Adds such hosts to snortips table defined in pf.conf, which supports white and black list entries as well.

- Relies on pfctl while managing this hosts table, and is able to recover previously blocked hosts when starting.

- Upon receiving the INFO signal, dumps currently blocked, whitelisted, and blacklisted hosts with the total numbers of each to a dump file.

- Upon receiving the USR1 signal, processes commands in the signal message file.

- Upon receiving the USR2 signal, unblocks all non-blacklisted hosts and zeros all variables.

- Upon receiving the HUP signal, reloads its configuration.

- Handles alert file rotation.