Librenix
Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

Intrusion detection with Snort on RHEL 5

Up
vote
Down

Snort is a popular open source intrusion detection system (IDS). Learn how to install this security tool and configure it with MySQL on Red Hat Enterprise Linux 5. This is also applicable to Red Hat Enterprise Linux 4, CentOS 4 and 5 and Fedora Core 5 and 6.
It is fast and easy to set up and runs on most commercially available hardware, including platforms from IBM, HP, Sun and commodity PC hardware. It is a signature-based, [...] IDS engine that is easy to deploy and easy to tune. Rules are open and can be readily edited, and writing and adding your own rules requires only a little learning. Snort is also capable of outputting data in a variety of formats: binary (called "Unified"), syslog, to a file and to a SQL database (one of Oracle, PostgreSQL, MySQL or Microsoft SQL Server).
read more...
mail this link | permapage | score:8284 | -estride, June 20, 2007

Tutorial: Set up Snort, Base, PostgreSQL on Ubuntu LTS

Up
vote
Down

This tutorial describes how you can install and configure the Snort IDS (intrusion detection system) and BASE (Basic Analysis and Security Engine) on an Ubuntu 6.06 (Dapper Drake) system. With the help of Snort and BASE, you can monitor your system - with BASE you can perform analysis of intrusions that Snort has detected on your network. Snort will use a PostgreSQL database to store/log the data it gathers. read more...
permapage | score:8267 | -falko, April 28, 2007

Tutorial: Guide to basic Snort use

Up
vote
Down

This mini-tutorial is designed to get you running an intrusion detection system (IDS) quickly.
In the following essay I will tell you about writing rules and alerts for snort. I went through a lot of reading and nights of trying to configure it, and playing around with it, and I think that if material was presented in a slightly different fashion if could of made the life of snort users much easier, and so here is some basic information first.
(here are some starry night canvas prints) read more...
mail this link | permapage | score:8177 | -Ray, May 2, 2003 (Updated: April 26, 2012)

Intrusion Detection with Snort, ACIDBASE, MySQL, And Apache2 on Ubuntu 9.04

Up
vote
Down

This tutorial describes how to install and configure Snort intrusion detection system (IDS), ACIDBASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 9.04 using packages from Ubuntu’s Synaptic Package Manager. Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which ACIDBASE will use to display in a graphical interface in web browser. read more...
permapage | score:7971 | -falko, September 23, 2009

Snort on OpenWrt: Low cost security

Up
vote
Down

Consume almost no power, generate almost no heat... and you probably needed the little router anyway!
If you're edgy about security for your SOHO LAN, you might want to consider moving your first line of defense out past your firewall. How about on your router, for example? If your router runs OpenWrt, you can do exactly that, by running Snort, the open source intrusion detection system (IDS) project that has become the most widely deployed IDS in the world. Throw in the firewall that comes out of the box with OpenWrt White Russian, and suddenly the perimeter seems a lot more secure.
read more...
mail this link | permapage | score:7839 | -Ray, March 28, 2006

Tutorial: Install Snort, Base, MySQL, and Apache2 on Ubuntu 7.10

Up
vote
Down

In this tutorial I will describe how to install and configure Snort (an intrusion detection system (IDS)) from source, BASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 7.10 (Gutsy Gibbon). Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which BASE will use to display a graphical interface in a web browser. read more...
permapage | score:7197 | -falko, November 21, 2007

Tutorial: Snort-Setup for Statistics

Up
vote
Down

Good information on Snort and Network Intrusion Detection Systems (NIDS).
This HOWTO describes how to configure Snort version 1.8.3 to be used in conjunction with the statistical tools ACID (Analysis Console for Intrusion Databases) and SnortSnarf. It also intends to get some internal statistics out of snort, e.g. if there are packets dropped.
read more...
permapage | score:7089 | -Ray, January 6, 2002 (Updated: June 16, 2003)

IDS: Using Snort

Up
vote
Down

How to get started using the snort intrusion detection system...
Snort is the leading open source Network Intrusion Detection System and is a valuable addition to the security framework at any site. Even if you are employing lots of preventative measures, such as firewalling, patching, etc., a detection system can give you an assurance that your defences truly are effective, or if not, will give you valuable information about what you need to improve.
read more...
permapage | score:7032 | -Ray, December 27, 2005

Intrusion Detection with BASE and Snort

Up
vote
Down

This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network. read more...
permapage | score:7016 | -falko, July 10, 2006

Security: PortSentry vs. Snort Comparison

Up
vote
Down

Intrusion detection system (IDS) versus port scan detector.
Snort
Snort falls into the category of Network Intrusion Detection Systems (NIDS). It is the best open source program of this type that I am aware of. Port scan detection is a subset of NIDS so one can rightfully assume that snort handles this as well...

Port Sentry
A port scan detector that can be configured to bind to ports you want monitored, reporting scans made to these ports and optionally running a command to deal with the scanning host (usually in the form of routing that host to a blackhole or adding a firewall rule dealing with said host)...
read more...
mail this link | permapage | score:6833 | -Ray, March 20, 2001 (Updated: July 14, 2003)

Security: Book review: Three Snort Books

Up
vote
Down

The three Snort books are
  • Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID,
  • Intrusion Detection with Snort,
  • Snort 2.0 Intrusion Detection.
    This book review covers the three books on Snort currently available (we will see another two Snort books later this winter). It covers what is good about them, what is bad, and who the target audience is for each. If you are looking to learn intrusion detection the open source way, or simply do not have a million-dollar IT security budget, these books are a good starting point.

    Each of these three books serves a different purpose and consequently is appropriate for a different reader.
    read more...
mail this link | permapage | score:6812 | -Ray, August 14, 2003

Linux/Unix security: Intrusion detection with Snort

Up
vote
Down

A quick tutorial for setting up Snort.
Designed to fill the gap left by expensive, heavy-duty network intrusion detection systems, Snort is a free, cross-platform packet sniffer, logger, and intrusion detector for monitoring smaller TCP/IP networks. It runs on Linux/UNIX and Win32 systems. It takes mere minutes to install and start using it.
read more...
permapage | score:6629 | -Ray, July 17, 2002 (Updated: September 27, 2003)

Security: Intrusion Detection Systems: Snort

Up
vote
Down

An introduction to the IDS Snort...
Once you have snort installed, it's time to set it up in intrusion detection mode. First, I'll discuss your Snort configuration file. I'll assume that you're naming the file snort.conf, but as long as you use the -c config-file option, it doesn't really matter what you name the file. When you install snort, there should be a default/sample configuration file created. On Debian, the file is in /etc/snort/snort.conf.
read more...
permapage | score:6616 | -Ray, November 30, 2004

Improve Snort performance with Barnyard

Up
vote
Down

Increasing the speed and efficiency of intrusion-detection system application Snort means reduced false positives and more focus on actual threats. You can do this with Barnyard, a third-party application that leaves Snort with more capacity to scan/analyze anomalies and attacks. read more...
permapage | score:6594 | -estride, May 22, 2007

Book Review: Intrusion Detection with Snort

Up
vote
Down

An introduction to Snort and Intrustion Detection Systems for $40.
This is a fair book for getting started, and I'd recommend it to folks who prefer to have a book on hand for basic reference information. Rehman pulls together the necessary material to get you started with Snort, but doesn't provide many details beyond that. If you've already delved into Snort a little bit, this book is probably not going to take you the extra mile.
read more...
permapage | score:5948 | -Ray, November 30, 2003

Intrusion Detection Systems (IDS): Snort

Up
vote
Down

When you can't lock them out, at least you can find out they are in.
Snort is a versatile, lightweight and very useful intrusion detection system. In this article we will look at Snort as a backup Intrusion Detection System for your enterprise network and see whether it can really scale up to the requirements of your enterprise networks.
read more...
permapage | score:5900 | -Ray, February 14, 2001 (Updated: July 19, 2003)

Book review: Intrusion Detection with Snort

Up
vote
Down

The review starts out with a preemptive answer to the question, 'Why Snort?'.
What Koziol implies throughout Intrusion Detection with Snort, but never states outright, is that Snort holds an inherent advantage over closed source IDSs, in that the IDS itself can be tailored and customized for each individual deployment to a level not possible for closed source competitors. If you have had the displeasure of working with a rigid, uncustomizable, IDS you already know where this is going ...

In order for an IDS to be effective, or in some high-bandwidth cases, even usable, detailed network and business context must be applied to the IDS.
read more...
mail this link | permapage | score:5517 | -Ray, May 30, 2003

Introduction to Intrusion Detection with Snort

Up
vote
Down

This article starts with an overview of IDS, then goes into the Snort IDS package details.
Host-based intrusion detection systems, as the name implies, are installed on each end host and look for attacks directed directly at the host. Most HIDS employ automated checks of log files, file checksums, file and directory permissions, local network port activity, and other basic host security items. HIDS offer the benefit of being able to detect attacks local to the machine or on an encrypted or switched network where a NIDS might have issues. HIDS provide a wealth of forensic data and can often determine whether or not an attack, originating from the local host or the network, succeeded or failed.
read more...
mail this link | permapage | score:5077 | -Ray, September 20, 2005

Stop intruders with Snort and friends

Up
vote
Down

Angela Orebaugh, author of SNORT COOKBOOK, shares some tasty tips for using Snort and other free intrusion detection tools, including SnortCenter and ACID/BASE.
ACID/BASE is a PHP-based web GUI for log analysis. Its features include a search engine, packet viewer, alert management and graphing and statistics generation. Its Web front end is easy to use and makes the administrator's job of managing alerts and logs a lot easier.

SnortCenter manages remote sensors in a Web-based client-server method. It is written in PHP and Perl. Both the management console and sensor agents can be installed on Unix and Windows.
read more...
mail this link | permapage | score:5072 | -jstafford, May 26, 2005

Security: How to install Snort IDS on Mandrake (pdf)

Up
vote
Down

If you have a system or network connected to the Internet, you become a target. Your network is being scanned for vulnerabilities. This may happen only once a month or twice a day, regardless, there are people out there probing your network and systems for weaknesses. This documentation will show how you can protect yourself by installing an Intrusion Detection System with free available Software (Snort, PHP, MySQL, ACID) on a Linux Mandrake 9.2 System. read more...
permapage | score:4365 | -fn-eagle, December 15, 2003 (Updated: October 21, 2004)
More articles...
Decorate your home or office with Fine Art

Recent headlines

Tahoe Least-Authority File System for secure, distributed data storage

Dual-boot Windows 7 and Ubuntu 12.04 on a PC with UEFI board, SSD and HDD

Does disk encryption really protect your data?

Ubuntu Edge: Is there life after an unsuccessful crowd-funding campaign?

How to install Ajenti on Ubuntu 13.04 server

Hand of Thief trojan and your favorite Linux distribution

vsftpd: Local, Virtual users with bash script maintainance

LinSSID – Graphical wireless scanning for Linux

Tutorial: Fedora 19 Samba server with tdbsam

Tutorial: Debian 7 Samba Server with tdbsam

Tutorial: Automatically add a disclaimer to emails with alterMIME (Postfix on Debian 6)

StartOS 6 GNOME 3 and KDE preview

Encrypt mail with SSL certificates

Linux Iptables Examples

LG 8-inch G Pad 8.3 Android tablet

Plasma Media Center 1.1 and digiKam 3.3

OpenShift Online: a non-developer guide

Debian 6, Squid, Kerberos/LDAP authentication, Active Directory integration, Cyfin Reporter

Tutorial: Install SugarCRM CE on Fedora 10

How to replace Ufw with Firewalld in Linux Mint 15

4 third-party repositories for Fedora 19

Install Apache2, PHP5, MySQL on CentOS 5.7

Virtual Users/Domains with Postfix/Courier/MySQL/SquirrelMail (Debian 7)

Run Unity desktop on Linux Mint 12

PDNSD HowTo: A DNS Caching Personal Server

webOS: The latest Linux distribution

Tutorial: Run Joomla 1.7 on Nginx on Debian 6, Ubuntu 11.10

Using Multiple PHP Versions (PHP-FPM FastCGI) With ISPConfig 3 (Ubuntu 12.04)

GhostBSD 2.5 review

Set up Ubuntu PV DomU via xen-image-create at Xen 3.3 Ubuntu Dom0 with Novell kernel 2.6.27

Tutorial: Webcam streaming your desktop plus audio with ffmpeg, crtmpserver, Flowplayer

Tutorial: Replace Windows with Pinguy OS 11.10

Tutorial: Install Debian 7 (testing) with debootstrap from a Grml live Linux

The Coming HTML 5 Revolution in Linux

Linpus Lite 1.9 review

Tutorial: Install Postfix, Courier, MySQL, SquirrelMail on CentOS 6.2

Tutorial: USB-Over-IP server, Client on Ubuntu 10.04

Reviewing Kali Linux - the distro for security geeks

HowTo: HTTP Status: 206 Partial Content and Range Requests Using Curl

Giada – Audio tool for DJs, live performers and electronic musicians

 

Firefox sidebar

Site map

Site info

News feed

Features

Login
(to post)

Search

 
Articles are owned by their authors.   © 2000-2012 Ray Yeargin