diff options
| author | Thomas_York <straterra@fuhell.com> | 2010-05-12 17:44:12 +0200 |
|---|---|---|
| committer | Robby Workman <rworkman@slackbuilds.org> | 2010-05-12 17:44:12 +0200 |
| commit | 253331a788c0b5f75ac7854310db12ad82b35b40 (patch) | |
| tree | b2c279ce00fdc3728f8665cce643cb1dda0f8715 /network/snort/README.SLACKWARE | |
| parent | 4d34781f9d03b76829018cbbaaa14076b3fdaf95 (diff) | |
| download | slackbuilds-253331a788c0b5f75ac7854310db12ad82b35b40.tar.gz | |
network/snort: Updated for version 2.8.4.1
Diffstat (limited to 'network/snort/README.SLACKWARE')
| -rw-r--r-- | network/snort/README.SLACKWARE | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/network/snort/README.SLACKWARE b/network/snort/README.SLACKWARE new file mode 100644 index 0000000000..05fa4f438e --- /dev/null +++ b/network/snort/README.SLACKWARE @@ -0,0 +1,48 @@ +Snort has three primary functional modes. It can be used as a packet sniffer +like tcpdump(1), a packet logger (useful for network traffic debugging, etc), +or as a full blown network intrusion detection and prevention system. + +Please read the snort_manual.pdf file that should be included with this +distribution for full documentation on the program as well as a guide to +getting started. + +This package builds a very basic snort implimentation useful for monitoring +traffic as an IDS or packet logger and as a sort of improved tcpdump (which +is what I use it for). MySQL support is included, so you should have little +trouble hooking snort up to a database or ACID. For more information on +these, check out snort's homepage at: + + http://www.snort.org/ + http://www.snort.org/docs/ + +snort.org has a nasty habit of changing the location of their source +code, which means there's no garauntee that the link in snort.info is +correct. If you can't get that link to work, look for the source code at: + + http://www.snort.org/dl/old/ + +In order for Snort to function properly, you need to provide rule files. +I recommend registering for free at http://www.snorg.org so you can get these +files. Once you have done that, go to http://snort.org/pub-bin/downloads.cgi +and get the latest 2.8 series VRT Certified Rules. You need to untar this +file and place follow files from etc in the tarball in to your /etc/snort +directory : + +generators +gen-msg.map +sid +sid-msg.map + +If you are going to use a front end like Base, you should copy the +dog/signatures directory from the tarball in to +/usr/doc/snort-$VERSION/ . Last, but certainly not least, you must +copy the contents of the rules/ directory in the tarball to +/etc/snort/rules/ . After you've done this, you can safely restart +snort or send a HUP to snort to reload the files (killall -HUP snort). + +A rc.snort file has been included for your convenience, but it needs to be +added to your init script of choice to run on boot. You should modify the +variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor. +This Slackbuild is no longer maintained by Alan Hicks, but rather me +(Thomas York), so email me instead if you have any questions. + --Thomas York (straterra@fuhell.com) |