Ubuntu Security :: How To Enable Ipv6 In Snort
Sep 1, 2011How to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies
ADVERTISEMENT
Ubuntu Security :: Snort Not Starting - ERROR: "/etc/snort/rules/exploit.rules(264) => 'fast_pattern' Does Not Take An Argument"
May 12, 2011I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
Ubuntu Security :: Snort: Convert From IDS To IPS
Feb 4, 2011I am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
View 1 Replies View RelatedFedora Security :: How To Setup Snort On F13
Dec 5, 2010want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies View RelatedUbuntu Security :: No Alert Found In Result From Snort
Mar 3, 2010I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
Ubuntu Security :: Snort Maxing A CPU On Return From Suspend?
May 10, 2010I am running Lucid on this machine, but I have had this problem on every machine with Snort. When I awaken the system from suspend or hibernation, snort pegs out one of the CPUs.
View 4 Replies View RelatedUbuntu Security :: Setup And Configure Snort 2.8.5.2 On A 10.10 System?
Dec 11, 2010does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
View 9 Replies View RelatedSecurity :: Snort And MS Threat Protection Manager?
Feb 24, 2011I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
Ubuntu Security :: Terminal Commands For Snort / Network Snoop?
Jan 24, 2010I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
View 4 Replies View RelatedUbuntu Security :: Snort Init Errors Mysql Logging?
Feb 23, 2011I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.The syntax i used to compile Snort as follows below
[Code]...
Fedora Security :: Snort Dead But Subsys Locked
Mar 4, 2009I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
Ubuntu Security :: Install And Run Snort On A Single Laptop With A Wireless Router?
Mar 25, 2010I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
View 6 Replies View RelatedSecurity :: Make Use Of Snort And Its Packet Filtering/inspection Abilities
Jul 26, 2010I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
Networking :: How To Enable Ipv6 Forwarding
Mar 26, 2011I would like to enable ipv6 forwarding . i have ipv6 module loaded.I added net.ipv6.conf.all.forwarding=1 in /etc/sysctl.conf .i tried reboot , did 'service network restart' .
.
Also I tried
sysctl -w net.ipv6.conf.all.forwarding=1
and
[code]....
Fedora Networking :: How To Enable Ipv6 Forwarding
Jun 2, 2010Okay I have searched how do I enable ipv6 forwarding?
There is no ip_forward in /proc/sys/net/ipv6/
General :: Whether Should Enable Ipv6 When Installing Linux
Jun 14, 2011What determines whether I should enable ipv6 when installing Linux? so not sure whether it depends on my ISP, my hardware (network card or modem or router), my Linux kernel, my CentOS version (5.6), my requirements, etc.
So I'm not sure whether or not I should enable it. And if I were to, in the CentOS installation screen would I select 'Automatic neighbor discovery' or 'Dynamic IP configuration' or 'Manual configuration'?
Slackware :: Disable And Enable Ipv6 Connectivity?
May 7, 2011I just finished setting up my slack machine as a home server (printers & files) and I noticed that I have an IPv6 address (from ifconfig)... I didn't know I did. I used to work in tech support and when a windows or OSx machine didn't connect properly on a LAN, disabling IPV6 was a common troubleshooting step. Is there a way to easily turn inet6 connectivity off/on in Slackware? (I want to keep the ability to get an IPv6, we will all use those in the future)
View 2 Replies View RelatedNetworking :: Enable Duel Ipv4 / Ipv6 Stack On System?
Mar 12, 2010How do you I use duel stack i.e How do I use ipv6 packet inside ipv4 packet using fedora kernel 12 ?
View 1 Replies View RelatedUbuntu Security :: How To Disable IPv6 On 10.04
Aug 9, 2010Anyone know how to disable IPv6 but still use IPv4?
View 6 Replies View RelatedUbuntu Security :: How To Prove Ipv6 Has Been Successfully Disabled
Jun 26, 2010There seems to be much disagreement between distros regarding how ipv6 is disabled, even between different versions of the same distro. Rather than just follow instructions for disabling ipv6 for a given distro, I would like to also test that ipv6 is not used any more. Any software or executable that relies on ipv6, that I can use to confirm that ipv6 has been successfully disabled?
View 9 Replies View RelatedFedora Networking :: Ipv6 With Tunnel Broker - Better Client For Non Native Ipv6 Connectivity?
Jul 22, 2009I used to play with gw6c ( a client for tunnel broker ) It works well with fedora9 , fedora 10, but not with leonidas. my rpm is gw6c-6.0-0.4.beta4.fc9.i386.rpm ( a little old!) when I tried to install i have got this: libcrypto.so.7 est ncessaire pou w6c-6.0-0.4.beta4.fc9.i386 I try to make a soft link to libcrypto.so.0.9.8k, but nothing; The question :-Is there a solution for that pb - did you know a better client for non native ipv6 connectivity?
View 2 Replies View RelatedFedora Networking :: FC15 IPV6 Wireless Router - No Longer Gets An IPv6 Address
Aug 31, 2011I have been struggling to get FC15 to act as an IPv6 router for a while now, am sure I am missing something trivial.. The idea is that I have a ppp / adsl connection (this works fine), use the wireless card on my pc with hostapd and dhcpd to provide connections to other pcs (works fine), and radvd to delegate ipv6 addresses.
The issue seem to be that as soon as I turn on ipv6 forwarding (net.ipv6.conf.all.forwarding =1), the ppp connection no longer gets an IPv6 address. This means the router cannot ping any ipv6 address outside my network.
If I disable ipv6 routing, my router gets an IPv6 address on its ppp connection, and can ping things such as ipv6.google.com just fine, however (of course) no packets are forwarded from my network and radvd complains that forwarding is disabled.
Ubuntu Security :: Set A Rule In Iptables, Does That Rule Also Apply To Ipv6, Or Just Ipv4?
Jul 16, 2010Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
Ubuntu :: Deluge WebUI Enable / Re-enable Subsequently Unable To Re-enable It (doesn't Appear In The Side Panel Again)?
Feb 10, 2010I recently installed Deluge 1.2.0 from the following PPA:[URL]I using this on two different Linux computers. One is running Linux Mint 8 and the other is running Ubuntu Netbook Remix 9.10. The first time on either computer when I enable WebUI in the Deluge GUI it works fine. However if I ever disable it in plugins section I am subsequently unable to re-enable it (doesn't appear in the side panel again). Rebooting or reinstalling Deluge seems to have no effect.Is this a bug or am I doing something wrong?
View 3 Replies View RelatedSecurity :: Enable ACL In RHEL 5?
May 26, 2011I am using RHEL 5, how to enable ACl in /etc/fstab
View 2 Replies View RelatedFedora Security :: How To Enable MLS Policy
Feb 1, 2010I have in /etc/selinux/config:
Code:
SELINUX=enforcing
SELINUXTYPE=mls
Do I have MLS enabled? I can't use Selinux commands. I thought MLS is sort of package to Selinux. I fallowed this:
Code:
[code].....
Fedora Security :: How To Enable The SELinux
Jan 17, 2011My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
View 11 Replies View RelatedSecurity :: How To Enable Passphrase For Access Via Ssh?
Apr 21, 2011How can I enable passphrase along with the password for login via ssh ? In that whenever I login from server A to server B via ssh, it should ask me for a password and then passphrase to allow me access.
OR
Can we have multiple passwords to login via ssh ?My basic need is to have 2 levels of password.
Fedora Networking :: Dot1x Security Need To Enable In 10
Nov 28, 2009We have enabled DOT1x security (8021x) in our wired network for testing purpose. but to get enable that facility our account should be a domain account so that it will get certifiy from the certificate server through RADIUS server. But in Fedora We are unable to get certified from the certificate server how ever if we are loging in through Root user or any local user in fedora we are able to get IP and able to work in net as well as connected to domain. but after loging off we are unable to login to domain account. I need to login throuhg Domain Account by using DOT1X security.
View 1 Replies View RelatedFedora Security :: How To Enable Encryption With Luks
Jun 17, 20101.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?