Skip to content

BobuSumisu/snort-mode

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Snort Major Mode for Emacs

About SNORT®

http://upload.wikimedia.org/wikipedia/en/3/3a/Snort_ids_logo.png

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.

Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.

With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.

Emacs

GNU Emacs is an extensible, customizable text editor—and more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing.

Features

Support for syntax highlighting, commenting and indentation.

Validate the syntax of the current file with snort-validate and test it against a PCAP-file with snort-test-pcap.

Jump between rules with snort-next-rule and snort-previous-rule. Kill the rule at the point with snort-kill-rule.

Customizable variables

Variables are in the snort group.

  • snort-basic-offset: the indentation level
  • snort-executable: path to the Snort executable

Todo

Misc.

  • Remove word lists when regexp are created (free memory?)
  • Does not support user created rule actions (dynamically?)
  • Variable modifiers
  • Extend the syntax table

Functions

  • snort-expand, snort-contract, snort-expand-all, snort-contract-all: toggle between one-line and multiline rules (one modifier per line)
  • snort-create-rule: create skeleton for common rules (e.g. dns query, http-requests, ping)

About

Emacs major mode for editing Snort rules

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published