summaryrefslogtreecommitdiff
path: root/network/snort/README.SLACKWARE
diff options
context:
space:
mode:
Diffstat (limited to 'network/snort/README.SLACKWARE')
-rw-r--r--network/snort/README.SLACKWARE48
1 files changed, 48 insertions, 0 deletions
diff --git a/network/snort/README.SLACKWARE b/network/snort/README.SLACKWARE
new file mode 100644
index 0000000000..05fa4f438e
--- /dev/null
+++ b/network/snort/README.SLACKWARE
@@ -0,0 +1,48 @@
+Snort has three primary functional modes. It can be used as a packet sniffer
+like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion detection and prevention system.
+
+Please read the snort_manual.pdf file that should be included with this
+distribution for full documentation on the program as well as a guide to
+getting started.
+
+This package builds a very basic snort implimentation useful for monitoring
+traffic as an IDS or packet logger and as a sort of improved tcpdump (which
+is what I use it for). MySQL support is included, so you should have little
+trouble hooking snort up to a database or ACID. For more information on
+these, check out snort's homepage at:
+
+ http://www.snort.org/
+ http://www.snort.org/docs/
+
+snort.org has a nasty habit of changing the location of their source
+code, which means there's no garauntee that the link in snort.info is
+correct. If you can't get that link to work, look for the source code at:
+
+ http://www.snort.org/dl/old/
+
+In order for Snort to function properly, you need to provide rule files.
+I recommend registering for free at http://www.snorg.org so you can get these
+files. Once you have done that, go to http://snort.org/pub-bin/downloads.cgi
+and get the latest 2.8 series VRT Certified Rules. You need to untar this
+file and place follow files from etc in the tarball in to your /etc/snort
+directory :
+
+generators
+gen-msg.map
+sid
+sid-msg.map
+
+If you are going to use a front end like Base, you should copy the
+dog/signatures directory from the tarball in to
+/usr/doc/snort-$VERSION/ . Last, but certainly not least, you must
+copy the contents of the rules/ directory in the tarball to
+/etc/snort/rules/ . After you've done this, you can safely restart
+snort or send a HUP to snort to reload the files (killall -HUP snort).
+
+A rc.snort file has been included for your convenience, but it needs to be
+added to your init script of choice to run on boot. You should modify the
+variables in /etc/rc.d/rc.snort to reflect the interface you want to monitor.
+This Slackbuild is no longer maintained by Alan Hicks, but rather me
+(Thomas York), so email me instead if you have any questions.
+ --Thomas York (straterra@fuhell.com)
generated by cgit v1.2.3 (git 2.26.2) at 2024-12-03 22:09:28 +0000