I consider myself more knowledgable than a newbie, but still far from an expert - thanks largely to the wealth of information on the site.
Almost every question I've had, from installing the OS to fine-tuning the fs, I've found the answers here. Except this one.
This is my first posting here. I hope I include everything you need.
I have a headless box that I use as a masqdial server for my 56K dial-up connection. It's a P233 with 64MB RAM running Slackware 9.1, CL only, and the 2.4.24 kernel that came with it, customized only once to adjust netfiltering (IIRC). It's part of a small 802.11b network with no WEP. For networking it's running c-mserver-0.5.5 for masqdialing and samba-2.2.8 for sharing files. It runs an iptables firewall script created with Guarddog on another machine, then copied to this one. Because it's headless I use ssh when I need to access more than just a samba share. It's been running like this for almost a year with almost no problems - for days or weeks at a time.
Now the problem at hand: Because I haven't set WEP, and the fact that in my environment I can see nearby wireless routers, I want to boost my security. I intend to set WEP , but I also want to setup an IDS. Just this past weekend I downloaded and installed snort-2.3.3-i486-1stb.tgz from linuxpackages.net Then I installed the latest snort rules. When I run snort as a daemon the kernel panics within an hour. I get some logs for individual IP addresses, but the alert log stays empty.
Some Googling suggests that I might need to adjust a couple of lines in the iptables script to send packets to the queue. Is there more I need to do to configure snort? What could be causing the kernel panic?
Thanks in advance.