1 |
Hello list, |
2 |
|
3 |
I just wanted to save some time and confusion for anyone wanting to dip a toe |
4 |
into the muddy snort waters. |
5 |
|
6 |
As part of preparing my LAN server for exposure to the big bad world, I wanted |
7 |
to make it reasonably secure, and one tool for that seemed to be the snort |
8 |
IDS. So I installed it via portage and tried to follow the snort section of |
9 |
this guide: |
10 |
|
11 |
http://www.gentoo.org/doc/en/security/security-handbook.xml?style=printable&part=1&chap=13 |
12 |
|
13 |
It refers to lots of rules in the /etc/snort/rules directory, but that's |
14 |
empty. (Apparently it's where you put any rules you write yourself.) So I just |
15 |
copied the snort.conf.distrib file to snort.conf and used that. To my surprise, |
16 |
I only had to comment out the blacklist and whitelist entries and it started |
17 |
up straight away. Takes a while on this little Atom box, but it does appear to |
18 |
run. Now to watch the logs, and maybe write a logrotate script for snort. |
19 |
|
20 |
HTH someone. |
21 |
|
22 |
-- |
23 |
Regards |
24 |
Peter |