Niels Horn's Blog

Random thoughts, tips & tricks about Slackware-Linux, Lego and Star Wars

Snort on Slackware

snortSnort is an “Intrusion Detection and Prevention System”, or – in other words – a program that can detect attempts to attack your network and prevent them. It does this through a series of “rules” that try to detect if the traffic arriving / passing through is legitimate or suspicious.
These rules are regularly updated (as there are always new forms of attack being invented).

I have used snort before on Slackware, using the build scripts from SlackBuilds.org, but this week I discovered that there was no script yet for Slackware 13.1
I adapted the one from 13.0, adding some small improvements and have it up-and-running on Slackware 13.1.

Snort itself is running fine now, but I’m still in the process of configuring some front-ends so that I can check it remotely.
Barnyard2 is already running, processing the binary logs from Snort. A SlackBuild script is ready, but I’ll probably only submit it after I’m really sure I got all the configuration bits figured out :)

I’ll write about the rest of this adventure in future posts…

If you already want to start installing Snort, you can download the packages for Slackware, Slackware64 and ARMedslack from my site.

Bookmark and Share

This entry was posted on Sunday, September 19th, 2010 at 11:17 and is filed under ARMedslack, Slackware, snort. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply



XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

It may take some time for your comment to appear, it is not necessary to submit it again.