8b39380162
- enable dynamicplugin / dynamic preprocessors. - install documentation. - fix instructions. - USE_LIBTOOL. update from nikns <nikns@secure.lv> with a few changes; feedback and ok msf@
24 lines
788 B
Plaintext
24 lines
788 B
Plaintext
An up-to-date set of rules is needed for Snort to be useful as an IDS.
|
|
These can be downloaded manually or net/oinkmaster can be used to
|
|
download the latest rules from several different sources.
|
|
|
|
To start with snort as sensor for prelude, you have to create a
|
|
starting profile, e.g. "snort" by running on the manager side:
|
|
|
|
# prelude-adduser registration-server prelude-manager \
|
|
--uid=564 --gid=564
|
|
|
|
and on the sensor side:
|
|
|
|
# prelude-adduser register snort "idmef:w" \
|
|
<manager address> --uid 557 --gid 557
|
|
|
|
Then, fill in the prelude section in ${SYSCONFDIR}/snort/snort.conf
|
|
before starting snort (the name of the profile is "snort" in the
|
|
example).
|
|
|
|
Eventually, you should start snort with the following options:
|
|
|
|
-c /etc/snort/snort.conf -u _snort -g _snort -l /var/snort/log
|
|
|