Results 1 to 5 of 5

Thread: Snort Install

  1. #1

    Default Snort Install

    I was surprised to see that snort was not an option to install in yast so i went looking for some info on getting it going.

    Could not find anything OpenSUSE related besides a tutorial on installing snort on OpenSUSE 10.0 and i am using 11. http://www.snort.org/docs/setup_guid..._SUSE-10.0.pdf

    I went threw thew whole thing and if i run snort -dev i see traffic but there seems to be a problem with the startup script. If i run service snort start it says that its starting service but never says that it was a success like all the others do. So then i check ps -ef | grep snort and i do not see it running.

    My question is does anyone know of a good tutorial that is 11.0 specific or anyone know what i can do to get going. Or even if there is package somewhere for snort I can uninstall what i did and then just run that.

    Thanks in advance

  2. #2

    Default Re: Snort Install

    no one using snort on 11.0?

  3. #3
    Join Date
    Jun 2008
    Location
    Cleveland USA
    Posts
    138

    Default Re: Snort Install

    I never heard about snort until just now, but a quick google shows the app was dropped in 10.3 due to lack of willing maintainers. See Re: [opensuse-security] Where is snort? - ReadList.com
    Maybe you can pick up the mantle if you get the install figured out
    Unintentionally left blank...

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Snort Install

    I guess you could build and install from source.

    Bear in mind that you won't get value out of snort if the machine is not a border machine. I.e. if you are on a LAN behind a router/firewall and the LAN is pretty safe (your son isn't in the habit of attacking your machine , you won't see anything worth mentioning. However if your machine is also a router/firewall...

    There you will be deluged with snort hits due to malware on the Net and what will you do with all that information? Presumably you can summarise per day etc on webpages. Then what? If you are the typical SOHO user who doesn't portforward anything, there isn't anything more you can close off, so the snort reports are just noise.

  5. #5

    Default Re: Snort Install

    Yea i tried to compile and run from source but had problems getting it to run. No big deal. I have an old 133mhz computer in storage that i forgot about so i was gonna set it up and put it on the DMZ and just watch the things it logs

    Maybe i will turn it in to a honeypot or maybe now that i have another box i will do my own dns. I will figure something out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •