SNARE - System iNtrusion Analysis and Reporting Environment
===========================================================
The latest version of the SNARE Linux audit subsystem
can always be found at <http://www.intersectalliance.com/>

SNARE is an audit subsystem for the Linux open source operating system.

Major version history
=====================
0.8	- First public release

0.9	- Added user exception (report all users EXCEPT x).
	- Added open-flag filtering (report when file opened in WRITE mode).
	- Removed kernel ring buffer. Now using linked lists with dynamically allocated memory.
          This removes the large initial memory cost of loading the audit module.
	- Fixed problems with nautilus using copy_from_user for some variables.
	- Added sequence numbering to audit events.
	- Added host source, and event type (LinuxAudit) to audit events.
	- Facility added to send audit data over the network to remote systems.
	- create_module auditing added.
	- connect() and accept() auditing added.

0.9.1   - Incorporated Redhat kernel team suggestions, including
	  - Semaphore locking, rather than spin locks
	  - Much nicer /proc/auditinfo handling
	  - Much nicer node allocation / attachment.
	  - General cleanup of the class structure
	  - Execve changes
	

Requirements
============
Linux kernel 2.4 or greater, with module-capability enabled.
(Most distributions enable kernel modules by default).

To compile the audit module, you may require kernel headers to be installed.
In particular, the file asm/uaccess.h is provided by the kernel-source RPM under RedHat.

Legal Information
==================
SNARE is released under the GPL. See the COPYING file
for more information.

SNARE is distributed without any warranty.


Contact Information
===================
Send bug reports, patches, feature requests etc. to
InterSect Alliance - via http://www.intersectalliance.com/contact.html
