Date: Sat, 18 Aug 2001 12:33:21 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Joe Clarke" <marcus@marcuscom.com>, "John Galt" <galt@inconnu.isu.edu> Cc: "Dave" <dave@reason.za.org>, <freebsd-security@FreeBSD.ORG>, <freebsd-questions@FreeBSD.ORG>, <hogwash-users@lists.sourceforge.net> Subject: RE: IDS Message-ID: <002d01c1281c$a3baacc0$1401a8c0@tedm.placo.com> In-Reply-To: <20010818143216.F67826-100000@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
While it would be great if you wanted to put a port of this together, unless you want to be responsible for this for a long period of time - years that is - then please consider this carefully. We already have many ports in FreeBSD that have been abandonded by their maintainers and cause a lot of trouble for users. A much better solution for those that aren't comitted to this is to go through the code of the package and make sure that it cleanly compiles under FreeBSD without a string of compiler warnings, and get the changes fed back into the package distribution maintainers. In particular pay attention to: http://www.freebsd.org/porters-handbook/porting-versions.html http://www.freebsd.org/porters-handbook/porting-prefix.html http://www.freebsd.org/porters-handbook/x1895.html http://www.freebsd.org/porters-handbook/x1947.html The problems covered by these links are really portability issues. It becomes a lot harder when packages that people write make a bunch of assumptions about hard coding directory names, stomping on variables, and putting wrong ifdef's in the code. That just forces the port maintainer to create huge sets of patch files to be applied to the package and greatly increase the maintainence requirements. It's much better if these suggestions can be fed back into the package developers so they get included in their source, without having to be patched in later. If this is done then even an inexperienced person can create a port of the package and add that into the FreeBSD ports section later on. I agree with Dave that this is a great idea, let's make sure that the things get done to it now so that it doesen't become a maintainence problem for us later on. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke >Sent: Saturday, August 18, 2001 11:33 AM >To: John Galt >Cc: Dave; freebsd-security@FreeBSD.ORG; freebsd-questions@FreeBSD.ORG; >hogwash-users@lists.sourceforge.net >Subject: Re: IDS > > >I would be happy to put a FreeBSD port together if people want it. I >think this would be a useful application. > >Joe Clarke > >On Fri, 17 Aug 2001, John Galt wrote: > >> >> We DO have a -users list, and we ARE trying to go with the BSD setup, it's >> just our main author is more comfortable with Linux. However, I believe >> that we should have a FreeBSD test box RSN (4.3R), as we have two people >> working on getting one up: one'll be up within a week. Pity :( I was >> waiting until FreeBSD 4.4 came out to get the box in question up: looks >> like a cvsup/make world... >> >> On Fri, 17 Aug 2001, Joe Clarke wrote: >> >> >You can certainly get hogwash to compile on FreeBSD. I just did it. Let >> >me know if you have questions on the build. >> > >> >Joe Clarke >> > >> >On Fri, 17 Aug 2001, Dave wrote: >> > >> >> Hello, >> >> I have been using snort for some time now and I stumbled across a >> >> program named Hogwash (http://hogwash.sourceforge.org) which >uses the snort >> >> base to detect possible intrusion, but then DROPS the packet if >it matches a >> >> ruleset. E.g. Code red can just be dropped instead of blocking port 80. >> >> >> >> This seems like a very good idea to me however hogwash is a >linux program. >> >> Can anyone perhaps recommend another program and/or method to do this. >> >> >> >> Thanks in advance, >> >> --Dave. >> >> >> >> >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> >> >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> >> -- >> The Internet must be a medium for it is neither Rare nor Well done! >> <a href="mailto:galt@inconnu.isu.edu">John Galt </a> >> >> >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002d01c1281c$a3baacc0$1401a8c0>