Snort Question

[hedgehog8711]

Hey I am newbie and I'm try to set up snort I found the command in the menu I enter in the passwords for snort and mysql, then I enter in the sudo password. I get the setting up snort please be patient then the command prompt. Does this mean that snort is working? Is there a way to test said program? Or am i missing a step?

Thanks in advance

[brtw2003]

Hi,

don't setup snort blindley - you have to understand the basic concepts/components of an IDS/IPS.
At least start with the Snort Webinar: https://sourcefire.webex.com/ec0600l...b&format=short


Open a terminal:

1. check if mysql is running

Code:

pidof mysqld

>>if you don't see any'numer' eq process id, you need to start it manual: sudo /etc/init.d/mysql start

>>check if snort mysql database was created

Code:

mysqlshow -usnort -p{your-snort-mysql-pwd}

>>you should see the Database: snort


2. check if snort is running

Code:

pidof snort

>>if you don't see any'numer' eq process id, you need to start it manual.
>>HINT: Don't start snort in background mode, if you never have used it before or especially for testing purposes!
>>the most simple snort start: sudo snort -c /etc/snort/snort.conf


3. check if apache is running (needed if you' like to see snort alerts in the base graphical frontend)

Code:

pidof apache2

>>if you don't see any'numer' eq process id, you need to start it manual: sudo /etc/init.d/apache2 start
>>login to graphical frontend: http://localhost/base/base_db_setup....ate+MY+TEST+AG
>> click on 'Create MY TEST AG' button >> click on Home button

Snort log files you should verify:
/var/log/snort

/brtw2003

[thenurse]

Thanks, Nice tut! Any barnyard or ACID working?

[lupin]

don't setup snort blindley - you have to understand the basic concepts/components of an IDS/IPS.

Agreed. Snort is not something you can just run without any planning or knowledge of how an IDS works. The Snort Users Manual is a good place to start if you want to learn about how it works, how to write rules, tune the system, the different Snort run modes, alerting, logging, etc.

I am planning to write a tutorial on how to test IDS bypass methods with Snort sometime in the near future, so if the subject interests you you might want to look out for that. In the meantime though, start reading, because IDS systems require a lot of knowledge to run effectively.