#
# 30-Dec-00 amo Added Snort
# 12-Apr-01 amo added vision.rules and var/log/snort
#
#
# http://www.snort.org/
# http://com.pp.asu.edu/support/nmc/nmcdocs/nmc.html
#
# http://com.pp.asu.edu/support/nmc/snort.sh
#
# http://www.whitehats.com/ids/snort_stat-1.11.pl
#
# http://www.whitehats.com/ids/
#
# http://staff.washington.edu/dittrich/misc/snort-stuff.tar
#
#
redhat:/usr/local/src# tar zxvf /tmp/snort-1.6.3.tar.gz 

redhat:/usr/local/src/snort-1.6.3# ./configure

redhat:/usr/local/src/snort-1.6.3# make

redhat:/usr/local/src/snort-1.6.3# make install

op   /tmp/snortfull.conf  /etc
	- fix IP# ( HOME_NET )
#
#
cp  snort-lib  snort-lib.org
cp -p  ../src/snort-1.6.3/*lib /usr/local/etc/snort-1.6.3/
#
#
vi  snort-lib
#	- DNS and IP# ( HOME_NET )
#
cp snort-lib /usr/local/etc   
#
#
#
# Startup scripts
#
http://com.pp.asu.edu/support/nmc/snort.sh
#	fix /var/log/snort directory
#
#	/etc/rc.d/init.d/snortd  stop - start
#
#
sh -x snort.sh
#
# check /var/log/messages
#	webcgi-lib
#
#
ps axuw | grep snot
#
#
crontab -e
	...
	0 7,12,16,22 * * * /bin/cat /var/log/secure | grep -v "125.85" | /usr/local/bin/snort-stat | mail -s "snort stats" root
	#
#
# snort -D -v
#
#
# /usr/sbin/snort -s -d -D -i eth0 -l /var/log/snort -c /etc/snort/rules.bas
#
#
# =============================================================================
#
# snort-1.6.3-2.src.rpm 
#
#
redhat:/usr/local/src# rpm -ivh  /tmp/snort-1.6.3-2.src.rpm
#
redhat:/usr/local/src# cd  /usr/src/redhat/SOURCES/
#
redhat:/usr/src/redhat/SOURCES# cp rules.base /usr/local/etc/rules.base
redhat:/usr/src/redhat/SOURCES# vi /usr/local/etc/rules.base
#
redhat:/usr/src/redhat/SOURCES# mkdir /var/log/snort
#
redhat:/etc/snort# ln -s /usr/local/etc/vision.rules .
#
redhat:/usr/src/redhat/SOURCES# wget --output-document=/usr/local/etc/vision.rules http://dev.whitehats.com/ids/vision.rules
#
# From Cron  --- MISSING check-snort
#	 0 0 * * *       sh /usr/local/etc/check-snort
#
#
# end of file