UUASC Snort/Acid Presentation - 1.2 Snort installation

UUASC Snort/Acid Presentation - 1.2 Snort installation

Note blockquote> I don't really think there is any reason to install snort from a package; be it rpm, deb, ports, etc. You don't know for sure if it has been compiled w/ mysql support - some people opt for logging to std out and use swatch to send alerts. It's fairly common, but IMHO will overload you w/ a glut of emails until you get your system tuned.

There will be dependencies. You will need to have libpcap installed on linux (think ethereal, tcpdump) however, snort has one of the best ./configure scripts around. If something isn't installed, the error will tell you where to get it.

* If you've installed from rpm, or ports, a default /etc/snort.conf or /usr/local/etc/snort.conf should be installed along w/ a rules directory. If they have not, copy them from the tgz, or ports directory, etc.
* You can put them wherever you like, but I generally go w/ /etc/snort, or /usr/local/etc/snort
* Also, keep your rules in the same directory, which will allow webmin to be able to edit them (a non variable path in the snort.conf would be OK too)

Created on Wednesday 30 June 2004 by Nicholas Bernstein with KPresenter