snort_2.9.6.1_centos_6.5
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
snort_2.9.6.1_centos_6.5 [2014/05/08 19:34] – admin | snort_2.9.6.1_centos_6.5 [2014/06/10 12:04] – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | {{tag> | ||
+ | =====Snort 2.9.6.1 on CentOS 6.5===== | ||
====Install prerequisites==== | ====Install prerequisites==== | ||
* EPEL repo | * EPEL repo | ||
Line 10: | Line 12: | ||
====Configure Snort==== | ====Configure Snort==== | ||
* Edit **/ | * Edit **/ | ||
+ | < | ||
+ | mkdir -p / | ||
+ | chown -R snort:snort / | ||
+ | chmod -R 700 / | ||
+ | </ | ||
+ | Copy any dynamic rulesets you have or are using to the above directory. | ||
+ | |||
+ | ====Test rule==== | ||
+ | Put as last line in snort.conf | ||
+ | alert icmp any any -> 1.2.3.4 any (msg: " | ||
+ | |||
+ | Find the alerts in the log | ||
+ | < | ||
+ | 05/ | ||
+ | 05/ | ||
+ | 05/ | ||
+ | 05/ | ||
+ | </ | ||
+ | |||
+ | You can even show contents of the packets with tcpdump | ||
+ | tcpdump -r snort.log.1399615922 | ||
snort_2.9.6.1_centos_6.5.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1