Ubuntu Security :: Terminal Commands For Snort / Network Snoop?
Jan 24, 2010
I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
View 4 Replies
ADVERTISEMENT
May 12, 2011
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
View 2 Replies
View Related
Mar 19, 2010
I'm looking for information on how to use a single FTP command from the terminal window, that would do this:
- Login (with usesrname/password)
- Set Transfer type to Binary
- Get all files in a directory and download somewhere.
- Delete all files in the directory that was just downloaded.
- Close Connection when complete.
There lots of information on individual commands, but I want to combine them into one single command that requires no human interaction. Just one big line Hopefully from this one command line I'll be able to create more for other purposes (like login and delete one file then close).
View 9 Replies
View Related
Feb 4, 2011
I am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
View 1 Replies
View Related
Sep 1, 2011
How to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies
View Related
Dec 5, 2010
want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies
View Related
Mar 3, 2010
I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
View 4 Replies
View Related
May 10, 2010
I am running Lucid on this machine, but I have had this problem on every machine with Snort. When I awaken the system from suspend or hibernation, snort pegs out one of the CPUs.
View 4 Replies
View Related
Dec 11, 2010
does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
View 9 Replies
View Related
Feb 24, 2011
I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
View 2 Replies
View Related
Feb 23, 2011
I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.The syntax i used to compile Snort as follows below
[Code]...
View 2 Replies
View Related
Mar 4, 2009
I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
View 2 Replies
View Related
Mar 25, 2010
I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
View 6 Replies
View Related
Jul 26, 2010
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
View 5 Replies
View Related
Feb 10, 2011
i started using computer when it was all dos driven so thought i was going to be fine using the terminal in ubuntu the problem i am facing is i can not quite get my head round why is it if i load the terminal. and the first this i type is dir or ls it gives me a list off directories. So why is it if i type cd /pictures i get no such file or directory ? Confused
This also bugging the jebus out off me is i am trying to get into my usb pen drive from the terminal to run a program i have on there.
so i type cd /media
then typed ls
is displayed New Volume <-- This being the name off my pen drive
i have tried every this to get into there but the commands i would use in dos are not playing ball.
Can some one please explain how to get into my usb pen then tell me were i can go read on this as i really can not get my head around this at moment.
View 5 Replies
View Related
Jan 27, 2010
i'm used to input the following command when tracing a port or interface in Solaris 9/10.This a packet sniffer.
==================================
snoop -o <Outputfile.txt> -x -ip <TraceIP>
==================================
is there a packet sniffer command which performs this on Ubuntu 9.04 (Jaunty)?
View 1 Replies
View Related
Jan 24, 2010
if you do the command conky in terminal, it starts conky ofcourse, but it also shows output to that terminal so you can't do any other commands to that terminal, Is their an option like you can do with the '&' sign in other cases? If you do the '&' sign with conky it still gives output, also the conky -d command gives output...
View 9 Replies
View Related
Jan 21, 2010
I am in the process of coverting some video files to motion jpeg (Wii) files with ffmpeg (great program by the way). I have been successful and so the majority of my work is over. My question is simple (I think) but complex to me so... here it goes. Is there a way on one command line to "batch" convert 8 or 9 files together instead of one by one. I just don't know what to put on the command line. I took one UNIX class a long time ago and the terms pipe and such come to mind... but I forget. Any takers? That was I can write what I want the computer to do in the morning and just come back after work and voila...
View 6 Replies
View Related
Feb 27, 2010
Is there any easy way to Make a GUI for terminal commands?
View 2 Replies
View Related
Mar 20, 2010
I was following a guide to stop Ubuntu from always asking the root password. And apparently i messed something up in vsudo edit or something like that i was in... So now when i put in a sudo command i get this...
Quote:
>>> /etc/sudoers: syntax error near line 18 <<<
sudo: parse error in /etc/sudoers near line 18
sudo: no valid sudoers sources found, quitting
so i cant even get back to undo what i edited.
View 8 Replies
View Related
Apr 11, 2010
I am trying to boot debian on my nexus one the guide i am using is telling me to run these commands
I am getting to the point where i type the command # cd /sdcard/debian but it tells me cd: can't cd to /sdcard/debian.
View 9 Replies
View Related
Apr 30, 2010
I've created a bash shell script, to open a few graphical programs. Trouble is, the next one doesn't start until I close the first one. How can I just skip to the next program?
View 2 Replies
View Related
May 7, 2010
Is there any way to run commands of other programs from the terminal?opened a doc file from the terminal using>openoffice.org filename.docis there any way to executeSELECT ALL[ctrl + a] orCOPY [ctrl + c]from the terminal?
View 2 Replies
View Related
Nov 17, 2010
I couldn't really find a general Ubuntu discussion area. So I typed ipconfig and of course it said no such command blah blah blah. What I found interesting was that it provided a list of other commands I may have meant to use, ie. ifconfig. So what's the algorithm used to determine the commands? Is it SOUNDEX or something else?
View 1 Replies
View Related
Nov 30, 2010
Unzipped the folder in home/folder wordpress-3.0.2.tar.gz and now have a file called 'wordpress' Can someone walk me through the terminal commands to install from here.
View 1 Replies
View Related
May 6, 2011
I upgraded to 11.04 today and wanted to reconfigure so that I could have the desktop cube again. Once I started trying to switch my settings for the cube configuration compiz asked whether I wanted to turn off various features and apparently among them was the control bar on the side and top of the screen. Now I log in to Ubuntu and I get my workspace and that's it. No control bars, just the workspace. I need to know a few things:
1) Has anyone else had this problem?
2) How do I get into the terminal from keyboard commands?
3) What terminal commands do I need to bring back at least the main toolbar so I can access programs.
View 1 Replies
View Related
Jul 16, 2011
Im new to ubuntu and I was wondering if someone could list some basic terminal commands and explain what they do, and when and why you would use them.
View 4 Replies
View Related
Aug 3, 2011
I have a question regarding terminal. I try to launch it from the "Startup Applications" by entering a script.Code: sh -c '/usr/bin/gnome-terminal'but it does not start.Also, when it does start I would like it to auto run certain commands: navigate to my project folder run "play test" open a new tab run "top".how can I achieve this?
View 9 Replies
View Related
Jan 6, 2010
I was wondering if there was a way to show all current actions I am doing in a terminal window? For example if I left a terminal window open on one of my desktops, could I make it display everything I am doing so that when I receive some general error in a program, I could jump over and get some more details. I could also use it to see what commands are actually run when I do certain things.
View 1 Replies
View Related
Jul 1, 2010
I added this:
Code:
clear
fortune | cowsay | echo
to the bottom of my .profile expecting a cow to tell me a fun quote whenever i pull up a terminal. It hasn't done anything, however. How do I achieve my desired effect?
View 4 Replies
View Related
