11 lines
499 B
Plaintext
11 lines
499 B
Plaintext
An up-to-date set of rules is needed for Snort to be useful as an IDS.
|
|
These can be downloaded manually or net/oinkmaster can be used to
|
|
download the latest rules from several different sources.
|
|
|
|
It is recommended that snort be run as an unprivileged chrooted user.
|
|
A _snort user/group and a log directory have been created for this
|
|
purpose. You should start snort with the following options to take
|
|
advantage of this:
|
|
|
|
-c /etc/snort/snort.conf -u _snort -g _snort -t /var/snort -l /var/snort/log
|