Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Using Snort - oink oink :-)


Hi all,

Jeff suggested, over boiled television entrails I think, that snort was a nice program to monitor others attempts at your machine. I have downloaded and compiled snort, and have the default snort.conf file and a few questions. OK it needs to be run as root. Now as I prob wan tot run this when I am connected whats the best way to do this safely:
I want to run in network intrusion detection mode.

Question 1:
1. su root -c "gosnort"    where gosnort is a small bash script that contains say 
   /usr/local/bin/snort -dv -l snort.logs -h 192.168.4.0/24 -c ./snort.conf

2. make it suid root (I guess prob not)
   and start it as a daemon using the -D option.

Question 2: 
does any one have a simple rules file suitable for a home network where I am connected via ppp0.

Mike
-- 
--------------------------------------------------------------------
Michael Lake
Active caver, Linux enthusiast and interested in anything technical.
Safety Convenor, Australian Speleological Federation
Owner, Speleonics (Australia)
--------------------------------------------------------------------