Installing Snort


51


This script does a number of things when you run it. First of all it sets values of


some variables using lines from line number 36 to 42.


After setting these variables, the script goes through the following steps:


  Lines 66 to 77 are used to check for the presence of $LOG_DIR directory. The


variable LOG_DIR defined in line 39 shows that this directory is /tmp. If the


directory does not exist, the script creates it.


  Lines 79 to 89 are used to check for the presence of $ALERT_FILE, which is


/tmp/alert. If the file exists, the scripts renames it as /tmp/alert.old.


  Lines 91 to 96 are used to check for the presence of Snort binary file  $SNORT,


which is /opt/snort/bin/snort. If the file is not present, execution is


stopped.


  Lines 98 to 103 are used to check for the presence of $SNORT_CONFIG file,


which is /opt/snort/etc/snort.conf. If the file does not exist,


execution is stopped.


  Lines 105 to 110 make sure that the Snort binary file is indeed executable.


  Line number 113 starts Snort.


  Lines 115 to 120 check that Snort was started successfully.


  Line 125 generates alerts as described in the previous section. These alerts are


sent to broadcast address.


  Lines 127 to 136 are used to make sure that the alert generation process was


successful.


  Line 140 checks the last eighteen lines of the alert file to verify that alerts were


generated and log entries are created successfully.


  Lines 142 to 147 display an error message if the test in line 140 failed.


  Line 150 stops Snort.


  Line 160 displays a message showing that the test generation process was


successful.


2.2.5


Running Snort on a Non Default Interface


On Linux systems, Snort starts listening to network traffic on Ethernet interface


eth0. Many people run Snort on multi interface machines. If you want Snort to listen


to some other interface, you have to specify it on the command line using the  i option.


The following command starts Snort so that it listens to network interface eth1.


snort  c /opt/snort/etc/snort.conf  i eth1








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved