Installing Snort


47


If all goes well, line 95 shows output of alerts generated by displaying the last


eighteen lines in the /var/log/snort/alert file.


2.2.4.2


Generating Test Alerts with Automatic Snort Startup


If you installed Snort in the /opt/snort directory, you can also use the follow 


ing script that will start and stop Snort by itself and verify that it is working properly.


Make sure that Snort is NOT already running before starting this script because the


script starts Snort by itself. This script is found as snort test auto.sh file on the


website http://authors.phptr.com/rehman/.


     1  #!/bin/sh


     2  #


     3  ###############################################################


     4  # You are free to copy and distribute this script under       #


     5  # GNU Public License until this part is not removed           #


     6  # from the script.                                            #


     7  ###############################################################


     8  #                         HOW TO USE                          #


     9  #                                                             #


    10  # Right after installation of Snort, run this script.         #


    11  # It is assumed that snort executable is present in the       #


    12  # /opt/argus/bin directory and all rules and configuration    #


    13  # files are present under /opt/argus/etc/snort directory.     #


    14  # If files are in other locations, edit the following location#


    15  # of variables. If you used the installation script provided  #


    16  # along with this script, the files will be automatically     #


    17  # located in appropriate directories.                         #


    18  #                                                             #


    19  # Note that the script starts and stops Snort by itself and   #


    20  # you should make sure that Snort is not running at the time  #


    21  # you run this script.                                        #


    22  #                                                             #


    23  # It will generate alerts in /tmp/alert file similar          #


    24  # to the following:                                           #


    25  #                                                             #


    26  # [**] [1:498:3] ATTACK RESPONSES id check returned root [**] #


    27  # [Classification: Potentially Bad Traffic] [Priority: 2]     #


    28  # 08/31 15:56:48.188882 255.255.255.255  > 192.168.1.111      #


    29  # ICMP TTL:150 TOS:0x0 ID:0 IpLen:20 DgmLen:84                #


    30  # Type:0  Code:0  ID:45596  Seq:1024  ECHO REPLY              #


    31  #                                                             #


    32  # These alerts are displayed at the end of the script.        #


    33  ###############################################################


    34  #


    35


    36  PREFIX=/opt/snort


    37  SNORT=$PREFIX/bin/snort


    38  SNORT_CONFIG=$PREFIX/etc/snort.conf


    39  LOG_DIR=/tmp


    40  ALERT_FILE=$LOG_DIR/alert








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved