[Snort-users] Snort and Suse 8.2

Michael Schwartzkopff misch at ...3397...
Tue Nov 11 07:24:08 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 11. November 2003 15:59 schrieb Josh Berry:
> On my configurations I set /etc/sysconfig/network/ifcfg-ethx to:
>
> DEVICE=ethx
> ONBOOT=yes
> USRCTL=no
>
> And that is all I put in them config file.
>
> > Because of setting up Suse 8.2 for Snort I want to set one of the
> > ethernet-interfaces in promiscuous mode. Which is not the problem ;-)
> >
> > The problem is I want to setup this ethernet-interface without an
> > ip-address.
> >
> > Setting up with an ip-address causes snort changes var HOME_NET into
> > $eth0_ADDRESS when I changed it to particular address ranges or even to
> > any.
> >

(...)

In Suse 8.2 an old version (1.91) of snort is used. It will not understand the 
latest rules any more. I downloaded the latest rpm files from snort and 
installed it with rpm -i. There are some complaints about wrong version of 
libpng (?) but you can igore this.

You have to adopt the SuSE init scripts to the location of the new snort, but 
you can use the SuSE variables file.

It works with me ;-)

- -- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP-ID: 15F925D9CEF94F2C
Fingerprint: AF27 2674 4631 E230 B431  F68D 15F9 25D9 CEF9 4F2C

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/sP7VFfkl2c75TywRAqPHAJ0YNqflcv4kZgDaiX0tzRLwBhwZVwCfQ26b
RmblyQu1x7dcaQUNZsrIS+0=
=/GYD
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list