4
Thank you for your review
Free
http://www.macupdate.com/download/8014/henwen212.dmg.gz%3Fdownload
Email me when discounted: 

HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary.

A NIDS has a number of practical uses on a network. For people that use Mac OS X Server or otherwise provide network services with their Macs, a NIDS will inform the administrator that someone from a specific place on the network is trying to scan more...

What's New

Version 2.1.2:
  • Restored compatibility with Mac OS X 10.2.x.
  • Fixed a problem which made it impossible to edit variables and rules under Mac OS X 10.4.x.
  • The "Launch Snort as a startup item" menu item works again under Mac OS X 10.4.x.

Requirements

Mac OS X 10.2 or later

Similar Software

Open Comparison
Suggest Other Similar Software
Leave a Review

HenWen User Discussion

Nobody has reviewed or commented on this app yet. Add your own comment and get a discussion going!
Sort by: Time | Smiles
Name Member IconReview+3
Name
+2

This is the best firewall, intrusion detection and handling as well as notification and logging tool for the Mac OS X. It has more features and more flexible features as NetBarrier from Intego software. It is free and based on a strong development behind Snort, it uses rules update feature, database logging, notification system, menubar item for quick access, and this is now very important: A 73 pages documentation with great explanations in every cases written in a non-geeky language. This my indispensable security solution for my internet and network activity.

I can only strongly encourage to use this system, I my self am a developer, and traditional Macintosh user since Mac OS 7.

This tremendous work beats all commercial products with it's community and software development as well as support. It should win the Apple Design Award.

Reply0 replies
Version 2.1.2
Anonymous Member IconReview
Anonymous
+0

GEEZ,
If I wanted all this garbage taking up valuable recources I would switch back to my full of security holes M$ XP machine which had AV ASW ATW ACB HOST FW DFW Cleaner DASW running which a hem never fixed corrected or really protected me any of those issues. Get real!

Reply3 replies
Version 2.1.1
Anonymous Member Icon
Anonymous
+1

So, umm... have you actually tried to use this and see if it will work (and how much it might or might not bog down your system)... or are you just complaining because your Windows setup didn't work the way you wanted it to work?

Anonymous Member Icon
Anonymous
+2

Obviously you haven't a clue what this is for. If you run your own server and don't want to shell out big bucks, Snort is a very potent intrusion detection system (you DO know HenWen is a front end for Snort, right? You DO know that Snort is a cross platform tool that this developer has kindly made a simple (i.e. something even a clueless individual... ahem... could configure) interface to, right?).

You will probably never have any issues a la intrusion but Snort exists to give web admins peace of mind (as well as a tool to track those bad guys who DO try to screw with you).

Anonymous Member Icon
Anonymous
+1

Silly grownups, NIDS is for KIDS! Morons need not apply.

fellow Member IconComment+0
fellow
+0

I've been running SNORT/HenWen/LetterStick for a few months, logging to MySQL. I would like to view alerts and logs, but it appears I must install ACID to do so... It looks very complicated to just be able to get at the data that is already there. Is there an easier way?

Thanks,

fellow

Reply1 reply
Version 2.0.4
Anonymous Member Icon
Anonymous
+0

Not really. ACID is not too hard to install as long as you follow the directions carefully.
If you do go that way, remember to password protect ACID unless you don't mind Google searching your results. For an example of what I mean go to Google and input the following:

allinurl: "acid/acid_main php"


Good luck.

Anonymous Member IconReview
Anonymous
+0

I can't seem to get letterstick to open in 10.3.2. I get a message saying error2 'either you're not logged in as administrator or you don't have NIDS running'. How do I know if NIDS 'SNORT' is running? When in HENWEN, I click in the menu bar to run NIDS. It comes back and says successful. What can I be doing wrong?

Reply1 reply
Version 2.0.4
Anonymous Member Icon
Anonymous
+0

You might try opening a terminal and do a ps -aux |grep snort or just type "top" and look for the process.

docdyhr Member IconComment+0
docdyhr
+0

Henwen 2.0.2 crashed on 2 different Mac OS 10.2.8, so I unfortunately had to revert to 2.0!

Reply1 reply
Version 2.0.2
Anonymous Member Icon
Anonymous
+0

Here follows the trick I applied to make HenWen work on Mac OS X 2.0.8.

The snort binary (HenWen.app/Contents/MacOS) that comes with HenWen 2.0.3 is targeted for Panthor. I replaced the snort binary with the one that I built myself (download the source; ./configure; make and you find a new binary under the src directory).

One trick is to disable the "Perform security checks on executables and scripts" check that you find in HenWen preference panel.

Anonymous Member IconReview
Anonymous
+0

Thanx anon for the answers to most of my questions. Thanks for the tip on nMapFE - very cool tool. I'm not in the expert league and did not find the snort documentation that easy to understand - especially configuring the "network" tab - thats MY problem ofcourse!

Anyway - I am on an Airport network with an IP like 10.0.1.20. Having setup Henwen(and letterstick) to run on en1 (would not accept en0,en1) - I tried to use nMapFE on that IP - but got no alerts! Can I not run the scan from the same computer?
Thanks!

Reply0 replies
Version 2.0.1
Anonymous Member IconReview
Anonymous
+0

alexmathew:

1. quitting HenWen does _not_ stop Snort. you can start/stop it from within HenWen, though

2. the logs are placed in /var/logs/snort/

3. that's ok. if there haven't been alerts, there isn't an alert log :)

4. you can use a port scanner/sniffer like NmapFE on your own IP

5. en0 is your primary ethernet card (built-in ethernet). if you use airport to connect to the internet, you must configure HenWen to en1 (typically), for modem ppp0 .... etc.

Also: To have LetterStick alert you, you must configure snort output to 'Log alerts to a Unix socket'

RTFM! - You should really read the (excellent!) documentation :)

Reply0 replies
Version 2.0.1
Anonymous Member IconReview
Anonymous
+0

The interface (and price) looks good.
However:
1. When I quit HenWen, is NDIS and Snort still running?
2. Where are the logs placed? How can I see it from within HenWen?
3. With LetterStick installed, I still cannot see Snorts Alert Log (I have had no alerts) - it opens a terminal, asks for my password and then nothing. Is this OK?
4. How can I test HenWen ?
5. I get these messages in console - is this Ok or is there a problem?:

OpenPcap() device en0 network lookup: en0: no IPv4 address assigned

HenWen[1854] *** -[NSCFArray objectAtIndex:]: index (-1) beyond bounds (2)

Any information is appreciated.

Reply0 replies
Version 2.0.1
Anonymous Member IconReview
Anonymous
+1

A very well designed front end of Snort and more!

A full-fledged Intrusion Detection System which is easy to use and highly configurable.

And it is free for personal use!

The LetterStick application is a great addition, although the colorful icon is a bit disturbing in the menu bar. Still better than having it in the dock, though :)

Maybe a black&white option, soon?

Also, it would be nice if there was an installer for the log rotation feature.

Reply0 replies
Version 2.0
Anonymous Member IconReview
Anonymous
+0

one of the best icons for an app i have seen!

oh. cool app too :)

Reply0 replies
Version 2.0
There are no Ratings for this App yet.
> 5 5

Ratings

Overall
(5)
Current Version (2.x)
(4)

Details

Downloads 19,116
Version Downloads 7,521
License Free
Date 20 Jun 2005
Platform OS X / PPC 32
Price Free