ossim patch for snort

Paul Schmehl pauls at utdallas.edu
Thu Aug 17 15:01:21 UTC 2006


Wesley Shields wrote:
> On Thu, Aug 17, 2006 at 12:22:33PM +0200, ilreds at tiscali.it wrote:
>> Hi,
>> I need use ossim (www.ossim.net), a security tool that provides patch 
>> for snort, ntop, arpwatch, tcptrack, base, ecc.
>>
>> Can you apply ossim patch to the snort port?
> 
> You sent me the same message but asking me to apply the patch to the
> ntop port.  As I told you in my reply I don't think ossim provides
> patches to the various applications but rather bundles them all together
> with some glue and a web front end.  If anything there should be an
> ossim port.
> 
> Of course, this is all from a 5 minute glance through the webpage you
> linked to so I could be entirely wrong.  If anyone has the time to port
> ossim I'm sure it would be appreciated by the original poster.
> 
If someone wants to tackle an ossim port, they will first have to create 
a port for spade.  Then, after the spade port has been accepted into the 
ports tree, they can create the ossim port.  The ossim website doesn't 
even provide any links to spade, or any of the other applications it 
uses, nor does it provide instructions on how they integrate into ossim.

Once you've gotten spade accepted, you'll have to deal with a a boatload 
of dependencies and options to get the port working as the end-users 
will expect.  You'll have to check for, and install if necessary, 
arpwatch, p0f, pads, nessus, snort, mysql, spade, tcptrack, ntop, nagios 
and possibly osiris.

I've been down this road before.  I decided to build ports for sguil.  I 
first had to port barnyard and sancp and fix the iwidgets port (so I 
became maintainer.)  The sguil ports are *still* not in the ports tree, 
and I started this project well over a year ago.  I actually had to 
scrap my original sguil ports because sguil had a major revision before 
any of them were accepted.

That's what you face if you want to port ossim.

Good luck.

-- 
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5268 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060817/3ba67e87/smime.bin


More information about the freebsd-ports mailing list