Use the Snort software package to monitor light intrusion

Snort is designed to fill the gaps left by systems that are designed to detect expensive and heavy network intrusions. Snort is a free, cross-platform software package that monitors small TCP/IP network sniffer, logging, and intrusion detectors. It can run on Linux/UNIX and Win32 systems. You only need to install it in a few minutes and start using it.

Some functions of Snort:

-Real-time communication analysis and information package records

-Packaging payload check

-Protocol Analysis and Content Query matching

-Detects buffer overflow, secret port scanning, CGI attacks, SMB detection, and operating system intrusion attempts

-Real-Time alerts for system logs, specified files, Unixsocket, or WinPopus through Samba

Snort has three main modes: information packet sniffer, information packet recorder or mature intrusion detection system. Following the most important practices of development/Free Software, Snort supports various forms of plug-ins, extensions and customization, including database or XML records, small frame detection, and statistical exception detection. Information Package payload detection is one of the most useful features of Snort, which means that many additional types of hostility can be detected.

Snort.org provides RPM and tarball. I usually recommend that you set up it as needed, but I encountered a problem on the latest stable version of tarball. When the final term of use of this version is approaching, I don't have time to describe whether it is too stupid or Snort. There is no problem with RPM installation.

To make Snort work, libpcap must be installed in your system. Use locate to check:

$ Locatelibpcap

This will output the following content:

/Usr/lib/libpcap. so.0

/Usr/lib/libpcap.

/Usr/lib/libpcap. so

/Usr/lib/libpcap. so.0.6.2

If you do not have these, go to tcpdump.org or your Linux installation disk.

It is unwise to install a security software without verifying the signature. Verify the checksum you downloaded:

Export md5snort-1.8.6.tar.gz

Or

# Md5snort-1.8.6-1snort.i386.rpm

Decompress the tarball:

$Tar-xvzfsnort-1.8.6.tar.gz

Install as root

#./Configure

# Make

# Makeinstall

This is a simple installation process. Some options are selected to run the Snort pre-installation for self-testing; the binary and target files are cleared from the installation directory, and the clear operation also has a unload option.

Other installation options and required configurations:

-- With-snmp

Allow SNMP alarm code

-- With-mysql = DIR

Support for mysql

-- With-postgresql = DIR

Support for Postgresql databases

-- With-openssl = DIR

Support openssl

For more options, see your tarball document.

Installing RPM is very simple:

# Rpm-ivhsnort-1.8.6-1snort.i386.rpm

On the Snort download page, you can see that pre-compiled binary files have been encapsulated to maintain compatibility with other programs, such as mySQL and PostgreSQL.

# Snort -?

Print out the most common options

Test-drive is used to ensure correct installation. Only monitor local machines.-I = interface:

# Snort-vdeieth0

Use CTRL + C to stop the test. Do not forget to set your network card to the hybrid mode. The Snort program runs in the form of a later program and appears in the form of an enabled stop.

PacketSniffer Mode

In this mode, only the TCP/IP header is printed.

# Snort-v

View application layer data

# Snort-vd

Data Connection layer Header

# Snort-vde

1 2 Next Page

[Content navigation]
Page 1st: Use the Snort software package to monitor light intrusion	Page 2nd: Use the Snort software package to monitor light intrusion