[Snort-users] Snort Debian newbie all is well but I have rules questions

Joel Esler joel.esler at ...1935...
Sun Apr 8 20:47:32 EDT 2007

I always recommend an install from Source.  Regardless of distro.   
Apt-get, because of whatever reason, is many many versions behind.

2.3.2 is very old.  The current version is

I suggest a reinstall from the tarball available from http:// 


Joel Esler                                         Security Consultant
     gpg key: http://demo.sourcefire.com/jesler.pgp.key

On Apr 8, 2007, at 1:51 PM, david wrote:

> Hello snort users, gurus, developers, evangelists, ranters and  
> ravers. I am a Snort newbie. I have for some time been aware of  
> various IDSs and Snort no less. I am a long time Linux user and I  
> have until recently relied upon my firewall, the # and type of hits  
> I have been taking and whois to admin and maintain intrusion  
> prevention. Now, I realize intrusion detection must be included  
> with my iptables install and blacklist. I have installed Snort via  
> apt-get and after reading the content at dshield.org I realize I  
> need to be able to include custom rules such as those issued by  
> dshield.org. Unfortunately, Debian forces me to use dpkg to add  
> rules. The standard rule set that is allowed via snort.debian.conf  
> is a far cry from the standard /etc/snort/snort.conf. All of the  
> rules are prepended with: DEBIAN_SORT_<something> with an  
> intimidating comment in the top of the .conf file: # You have to  
> use "dpkg-reconfigure snort" to change them. I downloaded the  
> following URL in an effort
>  to learn how to reconfigure but the PDF "how-to" (http:// 
> firmanix.com/deb-snort-howto.pdf) seems much more involved that  
> what I currently need. What are the advantages of reinstalling  
> snort with the previously stated guidelines in the PDF "how-to"  
> versus keeping my current install and learning how to enlarge the  
> debian.snort.conf to the size of the standard snort.conf file?  
> Environment particulars follow. All rants and raves welcomed.  
> Thanks in advance and please advise, David.
> OS: Debian Linux 3.1 (Linux 2.6.8-2-686-smp on an i686)
> Snort:  Version 2.3.2 (Build 12) By Martin Roesch & The Snort Team:  
> http://www.snort.org/team.html
> ---------------------------------------------------------------------- 
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to  
> share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php? 
> page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070408/04f7bc2a/attachment.html>

More information about the Snort-users mailing list