Source: hlbrw
Section: admin
Priority: optional
Maintainer: Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
Build-Depends: debhelper (>= 7)
Standards-Version: 3.8.4
Homepage: http://hlbr.sf.net
Vcs-Svn: svn://svn.debian.org/svn/debian-br-team/packages/hlbrw
Vcs-Browser: http://svn.debian.org/wsvn/debian-br-team/packages/hlbrw

Package: hlbrw
Architecture: all
Depends: ${misc:Depends}, hlbr, iwatch
Description: assistant to help make new rules to HLBR
 HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool
 to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was
 made to be used by HLBR users needing make new rules (it will require some
 expertise about HLBR, TCP/IP protocol suite and regular expressions).
 .
 HLBRW is a script started by iwatch (a system events watch program available
 at http://iwatch.sourceforge.net) when the HLBR events log is modified. The
 concept is very single: if the HLBR log was modified, then a knew attack was
 blocked. But the attacker can make others subsequent actions unknown by HLBR.
 Then the iwatch running as daemon will start HLBRW and it will co-ordinate a
 tcpdump session to record the posterior traffic generated by attacker IP for
 some minutes. If the recorded traffic isn't relevant (without a push in TCP
 or another relevant protocol), the created file will be deleted. Based in the
 recorded traffic, the network security manager will can  make new rules.
 .
 HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used
 in firewall systems.
