Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Using Snort - oink oink :-)


Jeff Waugh wrote:
> > Question 2: does any one have a simple rules file suitable for a home
> > network where I am connected via ppp0.
> 
> Knowing that you've got Debian on at least one of your machines, I'd
> recommend installing the package and pillaging the configuration files. I
> do the same for most of the non-Debian machines I administer; gets you
> started very quickly. :)


And if you didn't have Debian on at least one of your machines, you
could still download the package and pillage the config files, as debian
packages are dead easy to unpack on any linux distro -


[matthewd] try/cflow $ ls
./                  ../                 cflow_2.0-12.1.deb
[matthewd] try/cflow $ ar x cflow_2.0-12.1.deb 
[matthewd] try/cflow $ ls
./                  cflow_2.0-12.1.deb  data.tar.gz
../                 control.tar.gz      debian-binary
[matthewd] try/cflow $ tar xvzf data.tar.gz 
./
usr/
usr/bin/
usr/bin/cflow
usr/bin/prcc
usr/bin/prcg
usr/lib/
usr/lib/cflow/
usr/lib/cflow/prcc
usr/lib/cflow/prcg
usr/doc/
usr/doc/cflow/
usr/doc/cflow/copyright
usr/doc/cflow/examples/
usr/doc/cflow/examples/prcc.cflow
usr/doc/cflow/examples/prcc.i.cflow
usr/doc/cflow/changelog.Debian.gz
usr/man/
usr/man/man1/
usr/man/man1/prcc.1.gz
usr/man/man1/prcg.1.gz
usr/man/man1/cflow.1.gz
[matthewd] try/cflow $ cat /etc/redhat-release 
Red Hat Linux release 5.2 (Apollo)


easy ;)

Matthew