Results 1 to 4 of 4

Thread: Snort Question

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    1

    Default Snort Question

    Hey I am newbie and I'm try to set up snort I found the command in the menu I enter in the passwords for snort and mysql, then I enter in the sudo password. I get the setting up snort please be patient then the command prompt. Does this mean that snort is working? Is there a way to test said program? Or am i missing a step?

    Thanks in advance

  2. #2

    Default Re: Snort Question

    Hi,

    don't setup snort blindley - you have to understand the basic concepts/components of an IDS/IPS.
    At least start with the Snort Webinar: https://sourcefire.webex.com/ec0600l...b&format=short


    Open a terminal:

    1. check if mysql is running
    Code:
    pidof mysqld
    >>if you don't see any'numer' eq process id, you need to start it manual: sudo /etc/init.d/mysql start

    >>check if snort mysql database was created
    Code:
    mysqlshow -usnort -p{your-snort-mysql-pwd}
    >>you should see the Database: snort


    2. check if snort is running
    Code:
    pidof snort
    >>if you don't see any'numer' eq process id, you need to start it manual.
    >>HINT: Don't start snort in background mode, if you never have used it before or especially for testing purposes!
    >>the most simple snort start: sudo snort -c /etc/snort/snort.conf


    3. check if apache is running (needed if you' like to see snort alerts in the base graphical frontend)
    Code:
    pidof apache2
    >>if you don't see any'numer' eq process id, you need to start it manual: sudo /etc/init.d/apache2 start
    >>login to graphical frontend: http://localhost/base/base_db_setup....ate+MY+TEST+AG
    >> click on 'Create MY TEST AG' button >> click on Home button

    Snort log files you should verify:
    /var/log/snort

    /brtw2003
    Last edited by brtw2003; 02-10-2010 at 08:51 PM.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    4

    Default Re: Snort Question

    Thanks, Nice tut! Any barnyard or ACID working?

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Snort Question

    Quote Originally Posted by brtw2003 View Post
    don't setup snort blindley - you have to understand the basic concepts/components of an IDS/IPS.
    Agreed. Snort is not something you can just run without any planning or knowledge of how an IDS works. The Snort Users Manual is a good place to start if you want to learn about how it works, how to write rules, tune the system, the different Snort run modes, alerting, logging, etc.

    I am planning to write a tutorial on how to test IDS bypass methods with Snort sometime in the near future, so if the subject interests you you might want to look out for that. In the meantime though, start reading, because IDS systems require a lot of knowledge to run effectively.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. A simple question
    By nevermore in forum Beginners Forum
    Replies: 2
    Last Post: 02-07-2010, 12:05 AM
  2. Question about installing to HDD
    By excellion in forum Beginners Forum
    Replies: 4
    Last Post: 01-26-2010, 11:35 AM
  3. Replies: 1
    Last Post: 01-15-2010, 07:19 PM
  4. Question about ati mobility X700
    By axel24 in forum Beginners Forum
    Replies: 0
    Last Post: 01-13-2010, 01:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •