SNARE is divided into three key components:
The Kernel changes
In order to collect event log data, Snare needs to add auditing support
into the operating system. You can choose to either install a binary
version of the kernel, with Snare already integrated, or you can apply
a ’patch’ to your kernel source.
Although we try hard to make Snare as easy to install as possible,
there are hundreds of different distributions and kernel versions, and
it would be an immense task to build Snare for each. If Snare is not
available for your distribution , please let us know - we may be able to
come up with a way to get things working for you.
The Snare Audit Daemon
The Snare audit daemon
acts as an interface between the Linux kernel, and the security
administrator. It allow you to turn on events, filter the output, and
potentially push audit log information back to a central location for
collection, analysis and archival.
The Snare Audit GUI
The Snare audit GUI provides
a graphical user interface to the Snare audit daemon. It allows you to
add, remove or modify audit objectives and change reporting options.
Thanks to redphoenix for contacting us about it, now it will be included in the upcoming releases, stay informed.