On Tuesday 27 November 2001 02:00 am, Thomas Madhavan wrote:
> Hi guys,
>
> I'm a pretty new user to Linux, and I want to set up some sort of
> protection for my box. I have snort installed and I'm looking for rulesets
> - the problem I have is this:
>
> When I run snort, it runs in a terminal. How exactly do I set snort to just
> run in the background, collecting unusual packets? I'm sure there must be a
> way.
>
> Also, is Hogwash a suitable tool to use instead of/as well as snort? I need
> something that is relatively simple but also effective.
>
> Regards,
>
> Thomas Madhavan
snort doesn't really do any protect in tems of preventing things, however it
does notify you when suspicious activity happens (if you happen to look that
is). hogwash however does stop packets that match certain signatures, so it
does offer plenty of actual protection. to have snort detach from the
terminal give it the -D option, although an init script would be a better
soltuion for starting it. and as for being simple and fairly effective in
stopping attacks, you really would only need some simple iptables/ipchains
rules (most linux distribs have some simplified interface for seting this up,
under redhat 7.1+ you can use lokkit and set it to medium or high). of course
the most important things are to not run services you dont need, and to keep
your software up to date
