SLUG Mailing List Archives
Re: [SLUG] Using Snort - oink oink :-)
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Using Snort - oink oink :-)
- From: Jeff Waugh <jdub@xxxxxxxxxxx>
- Date: Thu May 3 18:32:02 2001
- User-agent: Mutt/1.3.17i
> Jeff suggested, over boiled television entrails I think, that snort was a
> nice program to monitor others attempts at your machine. I have downloaded
> and compiled snort, and have the default snort.conf file and a few
> questions. OK it needs to be run as root. Now as I prob wan tot run this
> when I am connected whats the best way to do this safely: I want to run in
> network intrusion detection mode.
Best to run as part of the /etc/ppp/ip-up.d/ scripts, thus it will run as
root without any hassle.
> Question 2: does any one have a simple rules file suitable for a home
> network where I am connected via ppp0.
Knowing that you've got Debian on at least one of your machines, I'd
recommend installing the package and pillaging the configuration files. I
do the same for most of the non-Debian machines I administer; gets you
started very quickly. :)
"World domination is a community responsibility." - Michael Hall,