[Snort-users] Newbie Cant run rules and needs config help Please
This is a discussion on [Snort-users] Newbie Cant run rules and needs config help Please within the Snort forums, part of the System Security and Security Related category; Newbie Cant run rules and needs config help Please I am glad I found this list. Hello every one. I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-15-2003
|
|||
|
|||
[Snort-users] Newbie Cant run rules and needs config help Please
Newbie Cant run rules and needs config help Please I am glad I found this list. Hello every one. I hate to start with a problem. But I was looking for help online. And found this list.I Hope you can help.so here it goes. I am on a Mandrake 9.1.System and new to Linux,and snort. But I have a A+Cert and have been heavily into computers for about 7 years so I thought I would try it. I used the Configuration,Packaging,Install method of installing snort-1.9.1mdk,snort-plain+flexresp-1.9.1-mdk,SnortSnarf-020516.1-mdk. I cant run SQL because I think it is a violation of my ISP'S TOS. So I am not running that.But the install did'nt ask for any SQL packages. So I guess I am OK there. But snort will not run except from the root account. I am OK with that. 'The real problem is that I can not run the rules files. When I try to run (snort -T) from a terminal as root I get this error. rootblaBlabla# snort -T Log directory /var/log/snort Initializing Network Interface eth0 using config file /root/.snortrc Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /root/.snortrc ++++++++++++++++++++++++++++++++++++++++++++++++++ + Initializing rule chains... ERROR: Unable to open rules file: /root/.snortrc or /root//root/.snortrc Fatal Error, Quitting.. rootblaBlabla# I did a search on my system for .snortrc through,Applications,FileTools,Find files. And could not find snortrc. The only rules files I could find were in /etc/snort/rules. Also var has the permissions of Ownership root group root User Show,Write,Enter, Group,Show,Enter,Others, Show enter. Inside of var there is a log dir with the permissions the same asstated above. Inside of that is a snort dir set to User Show,Write,Enter Group Show,Enter Others no writes. From opening a terminal as root from inside the snort dir. Is the only place I can get it to run properly. What is the best way to set up the permission writes for snort. That is also secure. I only want root to be able to run it. Oh also when I run netstat-a. It looks alot different running it in Linux.Than it does in Windows. What is the best way to map out my network? This system has two NIC cards one that goes to hub that has nothing else connected to it. (Trying to use that as a firewall connection). A externall Belkin Router that the other NIC plugs into. There is another Win98SE system pluged into the router. Thanks appreciate any help . T ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/...=mm/g22lp.tmpl _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
