LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-15-2015, 09:34 AM   #1
whhs41
LQ Newbie
 
Registered: Feb 2015
Posts: 1

Rep: Reputation: Disabled
Linux - Snort


Hello everyone. I am attempting to get Snort to recognize a Portscan and have an alert pop up on the screen. I have successfully installed and run snort in multiple types of configurations. I have enabled the sfportscan preprocessor in my snort.conf Snort is running on Ubuntu and I am running nmap on a Kali box. Can anyone offer any insight on how to configure snort to have an alert pop up when it detects any type of portscan?

Thanks,
-Trevor
 
Old 02-15-2015, 11:24 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by whhs41 View Post
Hello everyone.
Welcome to LQ, hope you like it here.


Quote:
Originally Posted by whhs41 View Post
I am attempting to get Snort to (..) have an alert pop up on the screen.
First of all please ponder if your request is based on "the Windows mentality" of doing things (have one singing and dancing binary or suite that addresses everything including the proverbial kitchen sink), because this is not what you want in UNIX (please see The UNIX Philosophy).

Secondly, practically speaking, Snort is a daemon and has no concept of Desktop Environments let alone functionality for creating "popups". So what you want is an external process to:
0) efficiently notice (or continuously read) the log file or database was updated, then
1) parse the most recent entries for a "portscan" string, then
2) spawn a detached process to create a notice.

For #0 and #1 you've got the choice between using an inotify-based script that polls / greps logs and log readers that can perform actions themselves (see your distributions repos, SourceForge, the-now-defunct-site-Formerly-Known-As-Freshmeat, Berlios, Github et cetera) and #2 depends on the Desktop Environment you run.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort - Snort Report - mysql_pconnect() - errors mwx Linux - Software 1 02-10-2013 09:44 AM
1-snort Vs ntop-- 2- snort perfstat.exec PoleStar Linux - Newbie 1 09-06-2010 02:52 PM
[HELP]SNORT PROBLEMS(IDS)-service snort start JayCool Linux - Software 5 03-15-2009 01:34 PM
Snort - no portscan and tcp alerts in snort av.dubey Linux - Software 6 07-11-2008 10:56 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 03:59 PM


All times are GMT -5. The time now is 02:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration