mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-22 19:44:21 +01:00
48 lines
2.2 KiB
Text
48 lines
2.2 KiB
Text
Snort has three primary functional modes. It can be used as a packet sniffer
|
|
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
|
|
or as a full blown network intrusion detection and prevention system.
|
|
|
|
Please read the snort_manual.pdf file that should be included with this
|
|
distribution for full documentation on the program as well as a guide to
|
|
getting started.
|
|
|
|
This package builds a very basic snort implimentation useful for monitoring
|
|
traffic as an IDS or packet logger and as a sort of improved tcpdump (which
|
|
is what I use it for). MySQL support is included, so you should have little
|
|
trouble hooking snort up to a database or ACID. For more information on
|
|
these, check out snort's homepage at:
|
|
|
|
http://www.snort.org/
|
|
http://www.snort.org/docs/
|
|
|
|
snort.org has a nasty habit of changing the location of their source
|
|
code, which means there's no garauntee that the link in snort.info is
|
|
correct. If you can't get that link to work, look for the source code at:
|
|
|
|
http://www.snort.org/dl/old/
|
|
|
|
In order for Snort to function properly, you need to provide rule files.
|
|
I recommend registering for free at http://www.snorg.org so you can get these
|
|
files. Once you have done that, go to http://snort.org/pub-bin/downloads.cgi
|
|
and get the latest 2.8 series VRT Certified Rules. You need to untar this
|
|
file and place follow files from etc in the tarball in to your /etc/snort
|
|
directory :
|
|
|
|
generators
|
|
gen-msg.map
|
|
sid
|
|
sid-msg.map
|
|
|
|
If you are going to use a front end like Base, you should copy the
|
|
dog/signatures directory from the tarball in to
|
|
/usr/doc/snort-$VERSION/ . Last, but certainly not least, you must
|
|
copy the contents of the rules/ directory in the tarball to
|
|
/etc/snort/rules/ . After you've done this, you can safely restart
|
|
snort or send a HUP to snort to reload the files (killall -HUP snort).
|
|
|
|
A rc.snort file has been included for your convenience, but it needs to be
|
|
added to your init script of choice to run on boot. You should modify the
|
|
variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor.
|
|
This Slackbuild is no longer maintained by Alan Hicks, but rather me
|
|
(Thomas York), so email me instead if you have any questions.
|
|
--Thomas York (straterra@fuhell.com)
|