SNARE is divided into three key components:
The Kernel changes
In order to collect event log data, Snare needs to add auditing support
into the operating system. You can choose to either install a binary
version of the kernel, with Snare already integrated, or you can apply
a âpatchâ to your kernel source. Although we try hard to make Snare
as easy to install as possible, there are hundreds of different
distributions and kernel versions, and it would be an immense task to
build Snare for each. If Snare is not available for your distribution ,
please let us know - we may be able to come up with a way to get things
working for you.
The Snare Audit Daemon
The Snare
audit daemon acts as an interface between the Linux kernel, and the
security administrator. It allow you to turn on events, filter the
output, and potentially push audit log information back to a central
location for collection, analysis and archival.
The Snare Audit GUI
The Snare
audit GUI provides a graphical user interface to the Snare audit
daemon. It allows you to add, remove or modify audit objectives and
change reporting options.
Thanks to redphoenix for contacting us about it, now it will be included in the upcoming releases, stay informed.