[Wolves] Snort fun and games

Jono Bacon jono@kde.org
Thu Aug 22 19:26:01 2002

Hi all,

For those who are interested, I played with snort some
more after last nights discussion and this is how I
got on:

I first apt-get'd the following:


I managed to get all of this installed correctly,
configured webmin (and the snort) plugin, and I have
installed the rules. I used the snort create_mysql
script to generate my snort_log tables, and acidlab
seems to be working fin (after some funny permissions

Everything seems to be running fine, and acidlab
currently says I have had 0 alerts, but I have a few
questions someone may be able to help with:

 - I currently have the unmodified snort rules
installed in /etc/snort and snort.conf points to this
dir as the snort dir. Although I think it works fine,
is there a way to check these rule files are set

 - I have got the system set up and it says there are
0 alerts. Could someone suggest some tests I can use
to attack my own machine so I can check if some alerts
are being generated. I tried to nmap my machine with
nmap -O but it did not show up as
portscanning traffic.

 - Is there a way I can make the machine beep when an
alert is generated?



Jono Bacon - [vmlinuz] - jonoATkdeDOTorg
KDE Developer - Diary: http://www.advogato.org/person/jono/

Do You Yahoo!?
HotJobs - Search Thousands of New Jobs