If you could tell me how to autostart it, that would be brilliant, thankyou.
Also, I need some rulesets. whitehats.com seems to be down. Are the default Snort rulesets (if there are any) suitable for use with a home linux box? Manually configuring the ruleset seems a pretty daunting task for me, are there any shortcuts for this? So then perhaps I could run Snort against these rules, set it up to log any alerts, 'autostart' it, and then leave it to run with minimum maintenence :D Help is much appreciated, Thomas Madhavan -----Original Message----- From: Gary McKinney [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 7:10 PM To: Thomas Madhavan Subject: RE: Snort/Hogwash help Hi Thomas, One very useful tool in unix and Linux systems is the "man" command (without the ")... If you type 'man snort' (without the ' ) you will get the manual page for snort... If you are starting and stopping snort with defaults then you can add the -D flag to the command line to run snort as a daemon (disconnects from the terminal and runs in the background)... If you are going to use snort as a daemon and using the defaults then you would type something like: 'snort -D' with whatever else you use on the command line with a '&' at the end of the command line. The '&' tells unix or Linux to execute the command in the background and return immediately to the shell (terminal)... I have my version running in that mode and have it setup to auto start when the system is rebooted. If you want to know the steps to setup snort to auto start let me know and I can send you the directions... gm... > -----Original Message----- > From: Thomas Madhavan [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 27, 2001 3:00 AM > To: [EMAIL PROTECTED] > Subject: Snort/Hogwash help > > > Hi guys, > > I'm a pretty new user to Linux, and I want to set up some sort of > protection > for my box. I have snort installed and I'm looking for rulesets - the > problem I have is this: > > When I run snort, it runs in a terminal. How exactly do I set > snort to just > run in the background, collecting unusual packets? I'm sure there > must be a > way. > > Also, is Hogwash a suitable tool to use instead of/as well as > snort? I need > something that is relatively simple but also effective. > > Regards, > > Thomas Madhavan >
