Re: [gentoo-user] Gentoo Snort handbook is out of date
On Wednesday 09 Apr 2014 09:49:40 I wrote: On Tuesday 08 Apr 2014 18:25:34 Tom Wijsman wrote: On Tue, 08 Apr 2014 15:25:31 +0100 Peter Humphrey pe...@prh.myzen.co.uk wrote: I just wanted to save some time and confusion for anyone wanting to dip a toe into the muddy snort waters. You can file a bug to have the page update or be marked as outdated. Done. https://bugs.gentoo.org/show_bug.cgi?id=507220 Now fixed and the amended doc is on-line. -- Regards Peter
Re: [gentoo-user] Gentoo Snort handbook is out of date
On Tuesday 08 Apr 2014 18:25:34 Tom Wijsman wrote: On Tue, 08 Apr 2014 15:25:31 +0100 Peter Humphrey pe...@prh.myzen.co.uk wrote: I just wanted to save some time and confusion for anyone wanting to dip a toe into the muddy snort waters. You can file a bug to have the page update or be marked as outdated. Done. https://bugs.gentoo.org/show_bug.cgi?id=507220 -- Regards Peter
[gentoo-user] Gentoo Snort handbook is out of date
Hello list, I just wanted to save some time and confusion for anyone wanting to dip a toe into the muddy snort waters. As part of preparing my LAN server for exposure to the big bad world, I wanted to make it reasonably secure, and one tool for that seemed to be the snort IDS. So I installed it via portage and tried to follow the snort section of this guide: http://www.gentoo.org/doc/en/security/security-handbook.xml?style=printablepart=1chap=13 It refers to lots of rules in the /etc/snort/rules directory, but that's empty. (Apparently it's where you put any rules you write yourself.) So I just copied the snort.conf.distrib file to snort.conf and used that. To my surprise, I only had to comment out the blacklist and whitelist entries and it started up straight away. Takes a while on this little Atom box, but it does appear to run. Now to watch the logs, and maybe write a logrotate script for snort. HTH someone. -- Regards Peter
Re: [gentoo-user] Gentoo Snort handbook is out of date
On Tue, 08 Apr 2014 15:25:31 +0100 Peter Humphrey pe...@prh.myzen.co.uk wrote: I just wanted to save some time and confusion for anyone wanting to dip a toe into the muddy snort waters. You can file a bug to have the page update or be marked as outdated. -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : tom...@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D