On Wed, 16 May 2001, Oki DZ wrote: >John Galt wrote: >> Expect changes when woody freezes: the file you reference is >> snort.debian.conf in testing/unstable...snort.conf is a real snort.conf >> (more in line with the upstream...) > >I see. >I've been running on potato (current stable, right?); well, for the >machine that directly connected to the Internet. That creates a lot of >problem. My desktop always use unstable. But I don't think that it'd be >wise to put an unstable machine on the Internet. So that I end up with >different releases. Problem is, sometimes Gnome apps wouldn't be run >remotely (crashed, to be exact; due to the differences in the libs).
Make sure to keep up with security.debian.org on the stable box... >> >DEBIAN_SNORT_HOME_NET="192.168.1.x/32" >> ^^^^^^^^^^^^^^^^ >> Mine shows the routable interface's IP here: is this a munge or your NAT? > >The machine runs NAT. >Actually, I want to monitor both NICs. To get the outside interface, you need to tell it your ISP-assigned IP. Probably it'd be a good idea to put in a CIDR including all of your broadcast as well (the number after the slash: I use /24). >> >DEBIAN_SNORT_OPTIONS=" -i eth0" >> ^^^^ >> is eth0 your ISP-connected NIC? > >No, internal. eth1 is the one that connected to outside. Actually, I forgot you can put more than one interface here. Go ahead and prepend eth1 in there: DEBIAN_SNORT_OPTIONS=" -i eth1 eth0" >> >DEBIAN_SNORT_STATS_RCPT="root" >> ^^^^^ >> Change this just on principle: using root to check system email is just >> another thing you can do as a user and not have to be logged in as root so >> much... > >Okay. > >BTW, the "stable" and "unstable" release names are pretty misleading >(misinterpreting?), right? I believe that those who happen to read >messages on Debian lists (eg: on the archives) would think that there'd >be Debian systems that are bound to crash daily. I think changing >"unstable" to "development" would be nicer in the eye. Bring it up on -policy or -devel... What can they do, say no and flame you to death? >Oki > > > -- <a mailto:[EMAIL PROTECTED]>Who is John Galt?</a> Failure is not an option. It comes bundled with your Microsoft product. -- Ferenc Mantfeld