[Wolves] Snort fun and games

[Jono Bacon]

Hi all,

For those who are interested, I played with snort some
more after last nights discussion and this is how I
got on:

I first apt-get'd the following:

  snort
  snort-mysql
  snort-default-rules
  acidlab
  webmin

I managed to get all of this installed correctly,
configured webmin (and the snort) plugin, and I have
installed the rules. I used the snort create_mysql
script to generate my snort_log tables, and acidlab
seems to be working fin (after some funny permissions
problems).

Everything seems to be running fine, and acidlab
currently says I have had 0 alerts, but I have a few
questions someone may be able to help with:

 - I currently have the unmodified snort rules
installed in /etc/snort and snort.conf points to this
dir as the snort dir. Although I think it works fine,
is there a way to check these rule files are set
right?

 - I have got the system set up and it says there are
0 alerts. Could someone suggest some tests I can use
to attack my own machine so I can check if some alerts
are being generated. I tried to nmap my machine with
nmap -O 127.0.0.1 but it did not show up as
portscanning traffic.

 - Is there a way I can make the machine beep when an
alert is generated?

Cheers,

         Jono


=====
Jono Bacon - [vmlinuz] - jonoATkdeDOTorg
KDE Developer - Diary: http://www.advogato.org/person/jono/

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com