LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 07-18-2002, 01:22 AM   #1
crealkillerI75
Member
 
Registered: Jul 2002
Location: new york
Distribution: Slackware
Posts: 40

Rep: Reputation: 15
snort (ids) not working please help!!!


iv just installd snort on my slackware 8.0 and i had to move couple rule files and create a dir here and there,ect...im trying get the snort (IDS) up and runing but i keep geting errors so ovisouly iv don somthing wrong or havnt configured snort right ? and yes i have read all docs that came inside wit snort but it wasnt writin for a newbie like me?!...cant fallow them so good, anywayz

here my latest error that im geting?

Log directory = /var/log/snort

Initializing Network Interface eth0
ERROR: OpenPcap() device eth0 open:
socket: Operation not permitted
Fatal Error, Quitting..???

thanx inadvanc
CRK175
 
Old 07-18-2002, 06:28 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,524
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
Some things to check since you don't offer your Snort, libpcap and libnet versions and snort config options:
make and install w/o problems?
all configs, rulesets, logdirs and logfiles in place and correct permissions?
libpcap and libnet correct version for Snort?
running under an unprivileged user/running chrooted?
 
Old 07-18-2002, 08:25 AM   #3
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,170

Rep: Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585Reputation: 2585
Are you starting snort as root?

--jeremy
 
Old 07-18-2002, 08:31 AM   #4
fafaforza
LQ Newbie
 
Registered: Jul 2002
Posts: 5

Rep: Reputation: 0
yeah, most likely needs to be run as root.
 
Old 07-18-2002, 02:40 PM   #5
crealkillerI75
Member
 
Registered: Jul 2002
Location: new york
Distribution: Slackware
Posts: 40

Original Poster
Rep: Reputation: 15
basicly i need to know is this the hell i wit that error i can figure it out but it was just bugin me, anyways wat i want to know is how do i check if the snort (IDS) works right or do ya think LIDS is a better (ids)?

or

should i install threw RPM to make things easyer?
 
Old 07-18-2002, 03:39 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,524
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
Just throw some online (nmap) scan against your box, try to xploit your local RPC services or try to login to a remote POP3 server using my plaintext "login" rule:
Code:
alert TCP $HOME_NET any -> $EXTERNAL_NET any (msg: "LOG Plaintext LOGIN snd"; content: "|6f 67 69 6e|";)
You can't compare Snort to LIDS. If you do, at least put some effort into making a case why you would do so.
Installing through RPM makes things easier for some people, at some times of day under some weather conditions, when the planets near a good conjunction. YMMVVM. Especially since you stated using Slackware.

Maybe do a bit RTM on IDSes :-]

Last edited by unSpawn; 07-18-2002 at 03:41 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions regarding the use of Snort (IDS) and security nasty_daemon Linux - Security 8 09-09-2005 10:48 PM
snort fails ids mode in sarge mofungo Debian 1 05-25-2005 12:35 PM
wireless ids with snort and kismet evilchild Linux - Security 1 01-26-2005 04:03 PM
Snort/ACID as an IDS WeNdeL Linux - Security 4 09-10-2004 12:14 PM
snort ids implementation queries nms Linux - Security 3 05-27-2003 07:53 AM


All times are GMT -5. The time now is 01:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration