Index of /projects/administration/snort

[ICO]NameLast modifiedSizeDescription
[DIR]Parent Directory  -
[TXT]INSTALL23-May-2010 10:16 545
[TXT]classification.config23-May-2010 10:16 3.3K
[TXT]delete-line23-May-2010 10:16 485
[ ]manpage-snort23-May-2010 10:16 55K
[ ]rule-clean23-May-2010 10:16 76
[DIR]rules/23-May-2010 10:16 -
[ ]setup-logging23-May-2010 10:16 2.6K
[TXT]setup-snort23-May-2010 10:16 1.1K
[ ]snort.conf23-May-2010 10:16 2.9K
[TXT]snortstatus23-May-2010 10:16 466
[TXT]startsnort23-May-2010 10:16 462
[ ]stopsnort23-May-2010 10:16 178
[ ]update-rules23-May-2010 10:16 451
[DIR]var/23-May-2010 10:16 - 
#
# Snort -- 
#
# Distro'd to Rooted Networks, Inc. Machines
#
# sigterm
# Rooted Networks, Inc.
# http://www.rootednetworks.com
# March, 2002
#

USE AT YOUR OWN RISK.
if you don't understand this stuff, don't use it!
Author is NOT responsible for these scripts wrecking your system...

REQUIRES: wget
(install this first)

WHAT IS THIS?
This is a distribution of scripts that helps you set up snort (www.snort.org) and
related rulesets, as well as keep up to date with the new rulesets.

This also starts snort up as user/group "nobody" and in a chrooted environment,
keeping things fairly secure.



Directory structure:

-|
 |- README --> this file
 |- classification.config --> classification file for snort
 |- rules --> rule directory for snort
 |- snort-1.8.4.tar.gz --> newest snort release
 |- snort.conf --> snort config file
 |- startsnort --> start file for snort (RUN THIS TO START SNORT)
 |- stopsnort --> stop file for snort (RUN THIS TO STOP SNORT)
 |- update-rules --> rule updater for snort (RUN THIS TO UPDATE RULES)
 |- setup-snort --> snort setup file (RUN THIS FIRST)
 |- setup-logging --> sets up syslog logging (uses /var/log/snort.log)
 |- var --> var subdirectory for the snort unified logs


setup-logging script tested on FreeBSD, should set up logrotate.d stuff on linux as well (maybe)

Quick order to set up your system:

extract this tar.gz into /usr/local/snort

### getting the newest snort
./setup-snort

cd snort-snapshot
./configure
make;make install

### setting up logging
./setup-logging

(restart syslogd now)

### update the ruleset
./update-rules

(edit snort.conf and add yoru own IP addresses - comment out unwanted rules, etc.)

### change modes on all files to be owner=nobody group=nobody
chmod -R nobody:nobody /usr/local/snort

### start snort
./startsnort

### stop snort
./stopsnort