[Snort-users] Installing & Configuring snort

Peter Bates peter.bates at ...15381...
Mon Aug 13 08:23:08 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 12/08/2012 20:56, Damien Hull wrote:
> OS: Ubuntu 10.04 server SNORT: 2.9.3.1 Instructions: The
> Ubuntu-10.04-LTS instructions on the snort.org website. Barnyard2:
> Installed and configured MySQL: Using this and it seems to work 
> Snort Rules: 2923
> 
> Problem #1 The dynamic rules don't work for some reason. I
> commented out the "dynamicdetection" line to turn that off.

You've got version 2.9.3.1 with 2.9.2.3 ruleset so the SO rules will
not work.

> Problem #2 I'm not getting any alerts. I added sfportscan to
> snort.conf but I'm getting no action in the log file.

Is your unified file updating at all?

I'd suggest taking Barnyard2 out of the equation until you know your
sensor is hitting traffic -

snort -A console -u snort -g snort -c /etc/snort/snort.conf -i ethX

is very useful - also the example 'ICMP' rule in the snort.org HOWTO
is very handy to test you're actually seeing something.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQKPGsAAoJELhVoVpEMS6RgRUIAJoADB0kBdWy/PQAOe4R6eWl
t3TTBdpwUdrQtrpxneiyj2wcbNEpTsM4e+V/2xGmBE2TiO8jTj3IhrL/d0siVfjx
kPW8sKUMR490hqMrRf2GHRrQPq4lWQ9eklDaBiU4jWziPl0ybW1pabFH3GFbisXb
ysEV3zKEqs2bDOZbLSz0rsurirZzGlCva86HAgP9J4JdPA3leGbSeFe32VlSTqQF
EundzfukWKrctv7sLC4htVOncPPLXdES6kxyENykagKQrvT8J5GGVEb0m6/jGDf1
rQ0mQumqe7vMcZ4Gu1W9s2XHk5hgzOlO95PqhOY7w2gAE4CtlKZqz487Ytfxr20=
=OXZF
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list