Snort on Slackware
Snort is an “Intrusion Detection and Prevention System”, or – in other words – a program that can detect attempts to attack your network and prevent them. It does this through a series of “rules” that try to detect if the traffic arriving / passing through is legitimate or suspicious.
These rules are regularly updated (as there are always new forms of attack being invented).
I have used snort before on Slackware, using the build scripts from SlackBuilds.org, but this week I discovered that there was no script yet for Slackware 13.1
I adapted the one from 13.0, adding some small improvements and have it up-and-running on Slackware 13.1.
Snort itself is running fine now, but I’m still in the process of configuring some front-ends so that I can check it remotely.
Barnyard2 is already running, processing the binary logs from Snort. A SlackBuild script is ready, but I’ll probably only submit it after I’m really sure I got all the configuration bits figured out
I’ll write about the rest of this adventure in future posts…
If you already want to start installing Snort, you can download the packages for Slackware, Slackware64 and ARMedslack from my site.