Page 11 of 31 FirstFirst ... 91011121321 ... LastLast
Results 101 to 110 of 309

Thread: Intrusion Detection

  1. #101
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by wmmccoy View Post
    I am so sorry for being dense, but I configured my rc.local file per your instructions in your tutorial and snort doesn't start. I edited my cron file to match yours as well. I don't have to start manually every time I restart do I?

    Signed,
    Truly a noob
    Perhaps it would help if you were to provide a more detailed description of the problem.

    For example the command you start snort is .....

    you have what in rc.local .....

    you have what as a cron job ....

    what makes you think snort is not running ? what is the output of

    Code:
    ps aux | grep snort
    simply stating that it is not working does not seem to be an effective means of communication.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #102
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by TheRoot View Post
    BTW: bodhi.zazen

    I think the current setup shall only monitor the traffic going into the IDS system, or going out of the IDS system, if we are in a switched network. If we want to monitor the whole network? then we need a TAP, or a switch with monitoring ports enabled.

    If the network is built on HUBs then there is no problem, everything shall be monitored weather destined to the system holding the IDS or not.

    yes, easiest way is to use a switch with a monitoring port.

    Q: Does the white list mean: don't monitor these systems? IF yes? then I think it is wrong to assign such an IP, because SNORT shall not monitor it.
    yes a white list , as with other white lists, basically means do not monitor traffic from ip address. White lists have their uses

    In terms of your previous question re: snort info : Either buy a book on snort or google.

    After you run snort for a while though you should be good to go.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #103
    Join Date
    May 2008
    Location
    Philadelphia 'Burbs
    Beans
    17
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Intrusion Detection

    Quote Originally Posted by bodhi.zazen View Post

    Code:
    ps aux | grep snort
    Is "ps aux" equivalent to "ps -ef"?

    Thanks,
    John

  4. #104
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    yes. man ps goes into some gory details
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #105
    Join Date
    Apr 2009
    Beans
    7

    Re: Intrusion Detection

    Quote Originally Posted by bodhi.zazen View Post
    Perhaps it would help if you were to provide a more detailed description of the problem.

    For example the command you start snort is ..... snort -c /etc/snort/snort.conf

    you have what in rc.local ..... /etc/init.d//snort boot

    you have what as a cron job /etc/init.d/snor....t restart

    what makes you think snort is not running ? what is the output of

    Code:
    ps aux | grep snort
    this command returns nothing

    simply stating that it is not working does not seem to be an effective means of communication.
    I thought I was a little clearer than that, but my apologies for making things hard for you.

  6. #106
    Join Date
    Apr 2009
    Beans
    7

    Re: Intrusion Detection

    In my haste to get a message to you, I noticed a couple of things that are obvious typos - please ignore them...

    MM

  7. #107
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by wmmccoy View Post
    In my haste to get a message to you, I noticed a couple of things that are obvious typos - please ignore them...

    MM
    No problem . Did you get it working ?
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  8. #108
    Join Date
    Feb 2008
    Beans
    821

    Re: Intrusion Detection

    can someone help me how to remove snort and all it's little bugs...i cant install anything or update linux intrepid anymore =(
    Code:
    E: snort: subprocess post-installation script returned error exit status 1
    details here -->
    Code:
    Setting up snort (2.7.0-19ubuntu)...
    update-rc.d: warning: /erc/init.d/snort missing LSB style header
    invoke-rc.d: initscript snort, action “stop” failed.
    Dpkg: error processing snort (--configure):
     subprocess post-installation script returned error exit status 1 
    Setting uplibsdl-net1.2.7-2)...

  9. #109
    Join Date
    Feb 2008
    Beans
    821

    Re: Intrusion Detection

    Quote Originally Posted by KEE View Post
    can someone help me how to remove snort and all it's little bugs...i cant install anything or update linux intrepid anymore =(
    Code:
    E: snort: subprocess post-installation script returned error exit status 1
    details here -->
    Code:
    Setting up snort (2.7.0-19ubuntu)...
    update-rc.d: warning: /erc/init.d/snort missing LSB style header
    invoke-rc.d: initscript snort, action “stop” failed.
    Dpkg: error processing snort (--configure):
     subprocess post-installation script returned error exit status 1 
    Setting uplibsdl-net1.2.7-2)...
    i think i got it, i have to try to install something to see if works =D
    Code:
    $sudo -i
    $cd /usr/src/snort-2.8.3.2
    $make uninstall

  10. #110
    Join Date
    Feb 2008
    Beans
    821

    Re: Intrusion Detection

    Quote Originally Posted by KEE View Post
    i think i got it, i have to try to install something to see if works =D
    Code:
    $sudo -i
    $cd /usr/src/snort-2.8.3.2
    $make uninstall
    well heck i cant remove it xD cant remove it in the repositories ?!?! is this malicious software!?!?!

Page 11 of 31 FirstFirst ... 91011121321 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •