I went threw thew whole thing and if i run snort -dev i see traffic but there seems to be a problem with the startup script. If i run service snort start it says that its starting service but never says that it was a success like all the others do. So then i check ps -ef | grep snort and i do not see it running.
My question is does anyone know of a good tutorial that is 11.0 specific or anyone know what i can do to get going. Or even if there is package somewhere for snort I can uninstall what i did and then just run that.
I never heard about snort until just now, but a quick google shows the app was dropped in 10.3 due to lack of willing maintainers. See Re: [opensuse-security] Where is snort? - ReadList.com
Maybe you can pick up the mantle if you get the install figured out
Bear in mind that you won’t get value out of snort if the machine is not a border machine. I.e. if you are on a LAN behind a router/firewall and the LAN is pretty safe (your son isn’t in the habit of attacking your machine :), you won’t see anything worth mentioning. However if your machine is also a router/firewall…
There you will be deluged with snort hits due to malware on the Net and what will you do with all that information? Presumably you can summarise per day etc on webpages. Then what? If you are the typical SOHO user who doesn’t portforward anything, there isn’t anything more you can close off, so the snort reports are just noise.
Yea i tried to compile and run from source but had problems getting it to run. No big deal. I have an old 133mhz computer in storage that i forgot about so i was gonna set it up and put it on the DMZ and just watch the things it logs
Maybe i will turn it in to a honeypot or maybe now that i have another box i will do my own dns. I will figure something out.
