Hi all,
Jeff suggested, over boiled television entrails I think, that snort was a nice program
to monitor others attempts at your machine. I have downloaded and compiled snort, and
have the default snort.conf file and a few questions. OK it needs to be run as root.
Now as I prob wan tot run this when I am connected whats the best way to do this
safely:
I want to run in network intrusion detection mode.
Question 1:
1. su root -c "gosnort" where gosnort is a small bash script that contains say
/usr/local/bin/snort -dv -l snort.logs -h 192.168.4.0/24 -c ./snort.conf
2. make it suid root (I guess prob not)
and start it as a daemon using the -D option.
Question 2:
does any one have a simple rules file suitable for a home network where I am connected
via ppp0.
Mike
--
--------------------------------------------------------------------
Michael Lake
Active caver, Linux enthusiast and interested in anything technical.
Safety Convenor, Australian Speleological Federation
Owner, Speleonics (Australia)
--------------------------------------------------------------------
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
