Looking for the latest version? Download SNEZ-1.14.tar.gz (6.1 MB)
Name Modified Size Downloads / Week Status
downloads 2017-08-23 77 weekly downloads
README 2017-08-23 8.1 kB 0
SNEZdoc.pdf 2017-08-23 6.4 MB 0
Totals: 3 Items   6.4 MB 7
Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Gene Guinter SNEZ is free software: you can redistribute it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. SNEZ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/. Contact the copyright holder at gene@geneguinter.com. **SECURITY** While SNEZ is tested with web vulnerability scanners, DO NOT allow SNEZ to be accessed from the Internet or an untrusted or insecure network. Consult the project website and wiki regularly for new versions and hotfixes addressing security vulnerabilities. The ABSENCE OF A WARRANTY EXTENDS TO ISSUES REGARDING the SECURITY OF THE PROGRAM and ANY NETWORK OR ACCESSIBLE DEVICES. Several buttons and links will visit external internet sites. See internet connection in REQUIREMENTS and PRE-REQS below. **USE SNEZ AT YOUR OWN RISK**. REQUIREMENTS and PRE-REQS Installation- Both bash and sh shells, MySQL and MySQL service started Linux or FreeBSD- Ubuntu (tested on 14.04LTS and 16.04LTS) RedHat-based (tested on Centos 6 and 7) SuSe-based Linux (tested on OpenSuSe) FreeBSD-Tested on FreeBSD 11 and Apache 2.4 Snort- Snort 2.9 or Snort 3.0 The SNEZ threshold function, if needed, requires Snort to be installed in /usr/local/snort. Otherwise, SNEZthreshold can be modified for the correct path. Apache- Apache paths are assumed to be the default for your distribution. MySQL- When configuring Snort, output type must be unified2(use barnyard2) to MySQL. PHP- For https connection (default)- mod_ssl and openssl are required. README.SSL contains information to a aid in the generation of a digital certificate. Javascript- close screen buttons use javascript, but not needed if you're willing to close with an 'x'. Internet connection- Pressing the 'Malware Site List Update' button accesses www.malwaredomainlist.com Signature Reference links leave local installtion to www.snort.org, cve.mitre.org, and others to provide signature information. These links are generated from the specific Snort rule reference designated in the triggered Snort rule. Optionally, reputation websites can be added to the SNEZconfig.php file. NEW INSTALL (See below for upgrades) Create SNEZ database and install package- 1. mkdir /opt/SNEZ 2. cd /opt/SNEZ 3. cp [download location]/SNEZ-[ver].[rel].tar.gz ./ md5sum SNEZ-[ver].[rel].tar.gz and compare to "i" (info) button on Sourceforge (next to filename downloaded) 4. tar -xzvf SNEZ-[ver].[rel].tar.gz 5. cd SNEZ-[ver].[rel] 6. ./SNEZcreate or bash SNEZcreate (This will create and populate your SNEZ db. Supply password for root@localhost when prompted; then supply a password for access to your SNEZ DB when prompted. You will enter this password in the config file in the next step). 7. vi ./SNEZconfig.php. Add the SNEZ database password selected in the previous step to the line SNEZ.password= Modify other parameters as needed, especially your sniffer interface (See CONFIG FILE later in the README) 8. ./SNEZinstall or bash SNEZinstall (Answer prompt with C for Centos, U for Ubuntu, S for OpenSuSe) 9. Create logins and populate malware active ip list- a. In a browser- http://[ip address of b. Login as 'admin' using password of 'admin' c. Click on the Admin Functions tab and add an administrator that can add users (be sure to check the box) d. From the browser, log off and log on with the new administrator id from step 3. e. Go to Admin Functions and delete user admin. 10. Click on the box to load malware active ip list from malwaredomainlist.com 11. Use visudo to make the additions and changes so certain root commands can be executed. (Caution! Read the sudo and visudo documentation. Mistakes here can render your system inoperable. Never edit the sudoers file with vi or another editor. You skip this if you don't want to use the tcpdump or logrotate-on-demand capabilities ofSNEZ, or are uncomfortable making the changes, or concerned about security implications of allowinga non-root user running tcpdump or logrotate). hostname (get hostname of your system) visudo (add the following lines, adjusting for your system appropriately; some systems may use apache as http server user, Centos for example; FreeBSD may use www) www-data hostname=NOPASSWD:/usr/sbin/tcpdump (substitue your host name for 'hostname' www-data hostname=NOPASSWD:/bin/ps and correct paths to your executables) www-data hostname=NOPASSWD:/bin/kill www-data hosthame=NOPASSWD:/usr/sbin/logrotate comment out the following lines if present: Defaults requiretty Require !visualpwd !wq (or q! if you make mistakes and want to start over) CONFIG FILE (after install, the config file can be changed at any time, and then run SNEZconfiginstall from /opt/SNEZ/SNEZ-v.r.m) Settings in the SNEZconfig.php file- [settings] encrypt = none none or an existing, installed php hash function for password NOTE: if you change this on a running system, login first,run SNEZconfiginstall, and immediately add new users (choosing an encryption method is highely recommended) https = enforced all connections https; change to unenforced for http (NOT RECOMMENDED) inactive = 900 page timeout SNEZ.password password to the SNEZ database chosen at install time; must be set; place within "" gmt= -5 GMT offset; default to USA Eastern max.rowlimit=10000 default maximum db rows read before page displayed dns.rowlimit=1000 default max db rows read before page displayed when DNS resolution used;(can be lowered for speed) summary.rowlimit = 10000 number of db rows to read before fully collapsed summary view page displayed php.max.execution.time = 120 overrides php.ini max execution time sniffer.interface = eth1 sniffer interface for optional use of tcpdump (*Note) min.user.pwd.len = 8 minimum password length for users pwd.complexity = strong default is strong, letter, number, caps, special chars; can change to simple whois = SNEZdoc.php?page"="whois whois or reputation lookup site; select your personal favorite *(whois2 through whois9 can be added to for up to 10 reputation or lookup sites) * You can cut from the SNEZ page and paste into the lookup site, however, keyword substitution is also provided for ip address and domain lookup information. Use keyword SNEZip to substitute ip address, and SNEZdns for domain lookup. You will need to manually visit the site to determine the path and the proper location in the URI for the parameters. Escape equal signs and ampersand characters by enclosing them in double-quotes. This feature is offered as a convenience, and you are solely responsible for accessing the chosen site properly and according to the chosen site's terms of use. Format whois = http://favoritelookupdomain.com/....path.../SNEZdns whois = http://favoriteantimalwaresite.com/...path.../SNEZip Examples: whois = http://www.ipvoid.com/scan/SNEZip/ whois = http://www.google.com/safebrowsing/diagnostic?site"="SNEZdns whois = http://www.siteadvisor.com/sites/SNEZdns UPGRADES 1. cd /opt/SNEZ 2. cp [download location]/SNEZ-[ver].[rel].tar.gz ./ 3. tar -xzvf SNEZ-[ver].[rel].tar.gz 4. cd SNEZ-[ver].[rel] 5. ./SNEZinstall UNINSTALL Can be used to uninstall product permanently or clean for fresh install ./opt/SNEZ/SNEZ-[ver].[rel]/SNEZuninstall PERFORMANCE Occassionally use mysqlcheck --databases SNEZ -vop and mysqlcheck --databases snort -vop. Best to stop Snort and Barnyard2 first.
Source: README, updated 2017-08-23

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

No, thanks