You are not logged in.

#1 2013-02-05 03:00:19

fixles
Member
Registered: 2012-09-15
Posts: 101

Configure snort on a single machine?

Hi,

I have snort installed from the AUR along with oinkmaster and have updated my /etc/snort/rules with "$sudo oinmaster.pl -o /etc/snort/rules/"

However after a couple of hours of frustration and bastardising snorts config file I finally managed to run "$sudo snort -c /etc/snort/snort.conf -i wlp5s0" without it complaining of an error. I then ran a full TCP scan with nmap from another machine. Stopped snort running to look at the output and it hadnt found anything.

I just want to run a simple snort configuration on a single machine to alert me of anything that looks suspicious.  Does anyone know how to do this or know of a good guide?  Or alternatively something else better suited to the task?

(Snorts documentation is awful and the Arch wiki article is the first bad one I've seen)

Thanks.

Offline

#2 2013-02-05 15:12:56

t0m5k1
Member
From: overthere
Registered: 2012-02-10
Posts: 302

Re: Configure snort on a single machine?

I have had the same issue for years & now I just don't bother with snort, hope you get some form of example/guide/how to for this as I would love to get a snort running at home too.

gluck


Optiplex 790, Intel Core i3-2100 CPU @ 3.10GHz 16Mb Corsair Vengeance 1333Mhz - GeForce 970 - AwesomeWM (occasionally XFCE, i3)

If everything in life was easy, we would learn nothing!
Linux User: 401820   Last FM

Offline

#3 2013-02-05 16:26:02

fixles
Member
Registered: 2012-09-15
Posts: 101

Re: Configure snort on a single machine?

t0m5k1 wrote:

I have had the same issue for years & now I just don't bother with snort, hope you get some form of example/guide/how to for this as I would love to get a snort running at home too.

gluck

I've tried it a couple of times in the past and never succeeded. Its the most frustrating thing I've ever tried to do with a computer.

Offline

Board footer

Powered by FluxBB