Gentoo Archives: gentoo-user

From: Peter Humphrey <peter@××××××××××××.uk>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Gentoo Snort handbook is out of date
Date: Tue, 08 Apr 2014 14:25:43
Message-Id: 3428618.AN5juxXPjv@wstn
1 Hello list,
3 I just wanted to save some time and confusion for anyone wanting to dip a toe
4 into the muddy snort waters.
6 As part of preparing my LAN server for exposure to the big bad world, I wanted
7 to make it reasonably secure, and one tool for that seemed to be the snort
8 IDS. So I installed it via portage and tried to follow the snort section of
9 this guide:
13 It refers to lots of rules in the /etc/snort/rules directory, but that's
14 empty. (Apparently it's where you put any rules you write yourself.) So I just
15 copied the snort.conf.distrib file to snort.conf and used that. To my surprise,
16 I only had to comment out the blacklist and whitelist entries and it started
17 up straight away. Takes a while on this little Atom box, but it does appear to
18 run. Now to watch the logs, and maybe write a logrotate script for snort.
20 HTH someone.
22 --
23 Regards
24 Peter


Subject Author
Re: [gentoo-user] Gentoo Snort handbook is out of date Tom Wijsman <TomWij@g.o>