I use Snort in ubuntu 9.10 as a nIDS with BASE as a front end. Then i wanna expand snort with blocking ability using snortsam to build IPS that communicate with iptables. Here is my log:
[Code]...
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
When I upgraded to 10.4LT I agreed to something that stopped snort, after days decided to just re-do with new snort version. Used bodhi.zazen's MySql instruction version (which is what I used in the past) Everything went pretty well except for figuring out that I needed to delete all the lib_sfdynamic_preprocessor_example?? files (I also deleted all the lib_sfdynamic_example?? files too just to be safe). Used my original Oinkmaster with updated rules version and downloaded the emerging threats too (as I had in the past) and snort won't run with some of the emerging threat rules because it's lookning for snortsam (fwsam). I read up and snortsam looks like a good idea (if I'm wrong somebody just let me know)
if this seems dumb, but I really don't understand, the snortsam directions are HORRIBLE, the snortsam src looks like a windows file when unpacked with all the .dll files(but they say for all OS's), it builds but you need to copy the binary to /usr/local/bin (what in ubuntu would be a binary?).
the snortsam-patch-2.8.tar.gz won't unpack and the Snort 2.8.6 patch is a file, not a package (have no clue where to put it or what to call it if I got the 2.8.tar.gz to unpack so I could build it)
I;m installing RTAI and I get this message. I can't seem to find the solution, because I really don't know exactly what the main problem is. There are a list of error,s and warnings that I 'm not sure from where should I tackle the problem: Here is what I get when I boot my 2.6.31.8 kernel with GRUB. (I used the RTAI x86 compatible patch):
[code]...
After that system does NOT boot.
I just want to upgrade my Slackware 13.1 kernel (2.6.33.4) to the latest stable kernel from kernel.org (2.6.38.2). I have never done anything like this and I am a Linux newbie, so I would appreciate a "Kernel Patching for Dummies" version if possible. I did do a search on this forum and most of what I read was over my head. I found an FAQ on kernelnewbies.org on "How To Apply A Patch" but when I attempted what they suggested, it said it couldn't find the file to patch at line 5 and asked me which file to patch. So I CTRL-Z'd out of there and came here. Here's what I tried:
[code]...
is there a way to remove a patch from a kernel?
I need to apply a squashfs-lzma patch (squashfs 4.1cvs) to the liquorix kernel source which is already patched with squashfs 4.0.
how would I do that?I tried googling got this. url
but I dont know the command used to apply the patch the patch is called
35.4-3.patch.gz
url
but that patch includes more than squashfs,etc
I'm trying to install a patch but when I copy it into terminal I get message " /home/john/patch-modules_v62-opensuse.sh 'vmware-7.1.3-2.6.37-rc5.patch' not found. copy it to the current '/home/john' directory. Exiting" But I have it in my home directory!
View 3 Replies View Relatedthere is an issue with the way the Linux Kernel addresses memory by default and the graphic drivers for my Asus G1Sn. I have a patch that I had compiled against a custom kernel for 2.6.27.xx how ever it does not work with the latest kernel in Fedora 11. It is beyond me to rewrite the patch to work with a different kernel.
View 1 Replies View RelatedI'm using 'Adobe Flash plug-in 10.3.183.4ubuntu0.11.04.1', installed from the package repos on kubuntu, and since the last update, it has broken all flash functionality in both rekonq and firefox.I have tried removing and reinstalling the package multiple times, both with and without the browsers open. Can anyone suggest a way to restoring functionality?
View 7 Replies View Relatedhow to make creative web cam working with ubuntu
View 1 Replies View RelatedI have this annoying problem since day one.I am testing out Red Hat RHEL5, everything is fine except DNS look up.If I ping www.google.com, it doesn't work, ping ip address it all works;if I bring up browser, put www.google.com it doesn't work, can't find the name, however, simply put ip address there it works.My DNS seeting seems ok, and the DNS works from Windows box.
View 2 Replies View RelatedWhen I installed my 64 bit system of Ubuntu 10.04 the sound worked very well and I were very happy. The problem started however when I installed Skype which uses pulseaudio. As soon as I start skype (or any other application that uses pulse, HoN for example) the applications sound output or input does not work at all. If I have pulseaudio started in some way, applications that I suppose do not use it like spotify or flash player stops to produce sounds. And when I type "pulseaudio" in the terminal it gives me this:
[Code]...
i have tried mail function in php to send email from the local host its work for yahoo but not with HOTMAIL whay ! actually i tried to figure it out,
View 1 Replies View RelatedI'm having trouble getting compiz to work on my Laptop. It worked for a while and then I turned on Shift Switcher and a message popped up saying..."The new value for the button binding for the action Terminate in plugin Shift Switcher conflicts with the action Zoom Window of the Scale Addons plugin. Do you wish to disable Zoom Window in the Scale Addons plugin?" I was given the option of Set Terminate anyway, Don't set Terminate, and Disable Zoom Window. I clicked Don't set Terminate and ever since the only thing that works in compiz are the bindings in the general options. I've used synaptic to completely remove and then reinstall compiz but the problem persist. Something else weird, all of the changes I made are still there, even after complete removal, but they don't work?
View 2 Replies View RelatedWhen I try to hibernate, the computer just goes to a blank, black screen and doesn't turn off. I have to hold the power button to get it to shut down, and when I turn it back on none of the programs running before hibernation have been saved.
View 8 Replies View RelatedI just recently (about an hour ago) installed Ubuntu Netbook edition on my old laptop, and I was greeted with the message, that unity could not be run due to some sort of missing driver...fair enough, I was then greeted with the default Ubuntu desktop, I installed all my needed software (wine, google chrome) and installed the missing display drivers. I then rebooted the system, and once again I am stuck with the default desktop, and not the Unity interface. I checked the software center, and it says Unity IS in fact installed.. And yet I cannot make it appear. So now I ask you Ubuntu veterans. How do I make it work?
P.S. I wiped the system of windows, and the computer is an old HP Pavilion DV6000
I am running Debian 5 and I'm trying to install and configure SNORT. My first stop is to Snort.org where I check out the directions. They tell me I need Libpcap, PCRE, Libnet and Barnyard. I've looked at the Debian Snort installation guide, and I've noticed that most the documents are really old...
I've actually got libpcap and PCRE installed and now I'm trying to figure out how to get libnet installed. It seems more tricky. I think it's the oldest api I've seen.
I guess my main area of question is if there is a better way of getting Snort up and running... I had a previous version of Linux where I install just Snort and I had network packets streaming across the screen, but that's not very helpful as I need some kind of interface so I know what the hell im looking at.
So should I follow the instructions on Snort.org as well as the "Debian, Snort, Barnyard, BASE, & Oinkmaster Setup Guide"? Or does anyone know a more up-to-date guide for Debian users?
want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies View RelatedHow can I install snort in Ubuntu 10.10 and how can I use it?
View 1 Replies View RelatedI am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
View 1 Replies View RelatedI normally install programs with yum but I have to download barnyard as a requisite for snort to detect instrusion attempts.I downloaded barnyard and ran ./configure, make, make install, etc.Where does the program get installed? I was running this as root so does it install it into /root/barnyard?
View 5 Replies View RelatedI'm using on my PC the firewall NuFW and SNORT. Snort send alerts when he detects a pornographic website. I would like that NuFW create an ACL to drop this IP. Can SNORT do this or must i do a program wich listen the Snort's port to catch the ip and write it in the ACL file of NuFW?
View 3 Replies View RelatedHow to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies View RelatedCode:
test@denial:~# ps -e | grep snort
18470 ? 00:00:00 snort
how do i disable snort daemon at start up? i only want it to be running when i want it to be running.
I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
When i setup snort default listen on eth0, now i want change to eth1 set default listen interface.
View 11 Replies View RelatedI am trying to install snort on debian linux. The following error appears ERROR! Libpcre library not found. Get it from [URL].. I have installed the Libpcre3-dev library but the error is still on.What could I be doing wrong?
View 5 Replies View RelatedAccording to tutorial for installing snort in CentOS, downloaded from CentOS or snort site, I installed snort using:
Code:
./configure -with-mysql-libraries=/usr/lib64/mysql/ --enable-dynamicplugin --enable-ipv6 --enable-zlib
make
make install
[Code].....
I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting