70


Chapter 2     Installing Snort and Getting Started


2.8.7


Sending Alerts to Windows


Snort can send alerts to Microsoft Windows machines in the form of pop up windows. These


pop up windows are controlled by Windows Messenger Service. Windows Messenger Service


must be running on your Windows machine for pop up windows to work. You can go to Control


Panel and start the Services applet to find out if Windows Messenger Service is running. The


Services applet is found in the Administrative Tools menu on your Windows system. Depending


on your version of Microsoft Windows, it may be found in Control Panel or some other place. 


The SAMBA client package must be installed on your UNIX machine. SAMBA is an


open source software suite that allows UNIX file and printer sharing with Microsoft Windows


machines. SAMBA software runs on UNIX platforms. It can work with any other operating sys 


tem that understands Common Internet File System (CIFS) or Server Message Block (SMB)


protocol. More information about SAMBA is available from http://www.samba.org.


The Snort alert mechanism uses smbclient program on the UNIX machine to connect to


the Windows machines and send the alerts. Make sure that the SAMBA client is working prop 


erly before trying to use this service. SAMBA operations are dependent upon its configuration


file /etc/samba/smb.conf on a RedHat system. This file may be located at a different place on


other UNIX systems. Although detailed discussion on SAMBA is beyond the scope of this book,


a sample SAMBA configuration file is listed below. This file can be used to jump start SAMBA.


The file creates a workgroup REHMAN which you can view from  Network Neighborhood 


part of your Windows machines.


2.8.7.1


Sample Samba Configuration File


A sample /etc/samba/smb.conf file is as follows:


[global]


    workgroup = REHMAN


    server string = REHMAN file server


    log file = /var/log/samba/log.%m


    max log size = 50


    security = user


    encrypt passwords = yes


    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192


    dns proxy = no


    domain logons = no


    unix password sync = no


    map to guest = never


    password level = 0


    null passwords = no


    os level = 0


    preferred master = yes


    domain master = yes


    wins support = yes


    dead time = 0








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved