Ubuntu Security :: Terminal Commands For Snort / Network Snoop?
Jan 24, 2010
I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
I'm looking for information on how to use a single FTP command from the terminal window, that would do this:
- Login (with usesrname/password) - Set Transfer type to Binary - Get all files in a directory and download somewhere. - Delete all files in the directory that was just downloaded. - Close Connection when complete.
There lots of information on individual commands, but I want to combine them into one single command that requires no human interaction. Just one big line Hopefully from this one command line I'll be able to create more for other purposes (like login and delete one file then close).
I am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping") alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows") alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run: snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
I am running Lucid on this machine, but I have had this problem on every machine with Snort. When I awaken the system from suspend or hibernation, snort pegs out one of the CPUs.
does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
i started using computer when it was all dos driven so thought i was going to be fine using the terminal in ubuntu the problem i am facing is i can not quite get my head round why is it if i load the terminal. and the first this i type is dir or ls it gives me a list off directories. So why is it if i type cd /pictures i get no such file or directory ? Confused
This also bugging the jebus out off me is i am trying to get into my usb pen drive from the terminal to run a program i have on there.
so i type cd /media then typed ls is displayed New Volume <-- This being the name off my pen drive i have tried every this to get into there but the commands i would use in dos are not playing ball.
Can some one please explain how to get into my usb pen then tell me were i can go read on this as i really can not get my head around this at moment.
if you do the command conky in terminal, it starts conky ofcourse, but it also shows output to that terminal so you can't do any other commands to that terminal, Is their an option like you can do with the '&' sign in other cases? If you do the '&' sign with conky it still gives output, also the conky -d command gives output...
I am in the process of coverting some video files to motion jpeg (Wii) files with ffmpeg (great program by the way). I have been successful and so the majority of my work is over. My question is simple (I think) but complex to me so... here it goes. Is there a way on one command line to "batch" convert 8 or 9 files together instead of one by one. I just don't know what to put on the command line. I took one UNIX class a long time ago and the terms pipe and such come to mind... but I forget. Any takers? That was I can write what I want the computer to do in the morning and just come back after work and voila...
I was following a guide to stop Ubuntu from always asking the root password. And apparently i messed something up in vsudo edit or something like that i was in... So now when i put in a sudo command i get this...
Quote:
>>> /etc/sudoers: syntax error near line 18 <<< sudo: parse error in /etc/sudoers near line 18 sudo: no valid sudoers sources found, quitting
I've created a bash shell script, to open a few graphical programs. Trouble is, the next one doesn't start until I close the first one. How can I just skip to the next program?
Is there any way to run commands of other programs from the terminal?opened a doc file from the terminal using>openoffice.org filename.docis there any way to executeSELECT ALL[ctrl + a] orCOPY [ctrl + c]from the terminal?
I couldn't really find a general Ubuntu discussion area. So I typed ipconfig and of course it said no such command blah blah blah. What I found interesting was that it provided a list of other commands I may have meant to use, ie. ifconfig. So what's the algorithm used to determine the commands? Is it SOUNDEX or something else?
Unzipped the folder in home/folder wordpress-3.0.2.tar.gz and now have a file called 'wordpress' Can someone walk me through the terminal commands to install from here.
I upgraded to 11.04 today and wanted to reconfigure so that I could have the desktop cube again. Once I started trying to switch my settings for the cube configuration compiz asked whether I wanted to turn off various features and apparently among them was the control bar on the side and top of the screen. Now I log in to Ubuntu and I get my workspace and that's it. No control bars, just the workspace. I need to know a few things:
1) Has anyone else had this problem?
2) How do I get into the terminal from keyboard commands?
3) What terminal commands do I need to bring back at least the main toolbar so I can access programs.
I have a question regarding terminal. I try to launch it from the "Startup Applications" by entering a script.Code: sh -c '/usr/bin/gnome-terminal'but it does not start.Also, when it does start I would like it to auto run certain commands: navigate to my project folder run "play test" open a new tab run "top".how can I achieve this?
I was wondering if there was a way to show all current actions I am doing in a terminal window? For example if I left a terminal window open on one of my desktops, could I make it display everything I am doing so that when I receive some general error in a program, I could jump over and get some more details. I could also use it to see what commands are actually run when I do certain things.
to the bottom of my .profile expecting a cow to tell me a fun quote whenever i pull up a terminal. It hasn't done anything, however. How do I achieve my desired effect?
