| 1 |
Hello list, |
| 2 |
|
| 3 |
I just wanted to save some time and confusion for anyone wanting to dip a toe |
| 4 |
into the muddy snort waters. |
| 5 |
|
| 6 |
As part of preparing my LAN server for exposure to the big bad world, I wanted |
| 7 |
to make it reasonably secure, and one tool for that seemed to be the snort |
| 8 |
IDS. So I installed it via portage and tried to follow the snort section of |
| 9 |
this guide: |
| 10 |
|
| 11 |
http://www.gentoo.org/doc/en/security/security-handbook.xml?style=printable&part=1&chap=13 |
| 12 |
|
| 13 |
It refers to lots of rules in the /etc/snort/rules directory, but that's |
| 14 |
empty. (Apparently it's where you put any rules you write yourself.) So I just |
| 15 |
copied the snort.conf.distrib file to snort.conf and used that. To my surprise, |
| 16 |
I only had to comment out the blacklist and whitelist entries and it started |
| 17 |
up straight away. Takes a while on this little Atom box, but it does appear to |
| 18 |
run. Now to watch the logs, and maybe write a logrotate script for snort. |
| 19 |
|
| 20 |
HTH someone. |
| 21 |
|
| 22 |
-- |
| 23 |
Regards |
| 24 |
Peter |
Archives