Help with a mini linux project
 

Hi guys

This is related to this:

http://www.linuxquestions.org/questi...ea-4175553476/

It is decided, my instructor approved my snort idea.

I have installed snort on one of my fedora machines, and I'll start reading about it soon. I want you to get me started on this...

What penetration test do you recommend me to use ?

How do you get to the snort configuration page?

In snort, how do I know my system wasn't penetrated?

I'll try to get answers for the above by doing my homework(Reading), but I'm also greedy for your help.

Many thanks...

Sorry, but get less greedy and do the reading you state you're going to do first.

Just up and asking those questions, many of which can be answered by reading the manual, is in very poor taste.

Better yet, ask those questions of your instructor and see what answers they offer.

Fine, no problem. I respect your reply. The instructor isn't the best person to ask actually. Somebody else should have taught us the course, so he is like a substitute instructor and the material wasn't designed by him. I already tried asking him, he isn't of a much help. I'm already trying hard, and if it wasn't for help from others with this course, we all would have been doomed.

I'm just trying to gather as much information as I can before I actually start working with the project next Friday after I finish other assignments.

Thanks.

Most of the penetration testing tools (commands from terminal) already exist in most distros or easily downloadable and free. All you need is some guidance from articles on the web or a good network testing book. Example - Linux Journal - Testing

If you prefer it all in one comprehensive package these are available in many forms. There are LiveCD distros devoted to pen-testing such as Kali Linux. There are also many suites and back in the day Nessus was amazing. It's still amazing ... actually even more amazing but they offer a little less for Free than they used to. Check Nessus out

Nessus Suites

Nessus is especially good if you have any designs on entering the field professionally.

Thanks for your reply. It is really helpful. I'm actually planning to use Kali linux.

I'll come back to your post later. I now have other questions:

I actually installed snort few days ago on my fedora 22 by simply running the command yum install snort or something similar. It is working and I check its version by running the snort -V command. However, when I go and check the installation guide for fedora 22 on their website, I'm faced with 15 pages in instructions on how to install snort !!!

https://www.snort.org/documents/snor...x-on-fedora-22

Why all that? Do I really need to follow and do everything in there?

That is a very inclusive set of instructions which shows you not just how to install snort, but also how to get it up and running and configured, in one example form.

To answer your question, you do not need to follow everything in that document since you feel you have snort installed already, but you may wish to review the instructions and evaluate whether or not some of the added information there is helpful to you. I suspect a moderate amount of it actually is.

And note also that it is not just "how to install" but "how to get it running". Meaning the author discusses installing, but also how to configure and start using snort.

Regarding something you were asking earlier:This is shown in the part of the document where the author discusses the snort.conf file and monitoring an example address of 192.168.1.0.

It also discusses the differences between a Registered user and a Paid subscriber of snort. You may wish to read their guidance on that matter so as to understand the benefits, or restrictions you might face, based on your choice. I'm assuming you'd want the free option which would be a Registered user. And given that, you should recognize that becoming a Registered user is probably important, if you wish to download rules. However, that's your choice if you decide to read and consider that option.

Thank you very much. What's DAQ exactly? It says data acquisition in their website. Do you need that for snort to fight against a penetration test?

Go to their website and search their documents. I did and in about 4 or 5 clicks I found a document explaining exactly what DAQ is.

You're showing ZERO effort on your part. Given that, people are not likely going to answer your questions, they may give hints, eventually they will probably stop giving hints unless you show some initiative on your own.

Telling us the instructor is not a good instructor, is not initiative.

Finding an actual helpful link, not reading it, exasperating at the length of it, and then asking your same questions once again, is not initiative.

EDIT: Bad comment about OP's username removed

My username aside(it is just a username), how do you know I'm doing ZERO effort? Regarding that 15 pages document, I actually read the whole thing, but couldn't really come to conclusion whether It is really needed or not for my purposes. That's why I asked the question. I was actually surprised because you can install snort just like any other package by executing only one command. At first glance(when I opened that doc), I thought installing snort was much more involved and what I actually installed previously is some other similar program (Called smort maybe?)

I'm all new to linux, not to mention snort which proves to be very complex and comprehensive.

From this coming Friday, I'll have only 2 weeks to finish everything. I don't have time, and I'm trying to get ahead of things. Maybe my project selection is bad but I'll try my best.

If you don't want to help, and you think I'm lazy, that's fine, but don't tell others I'm doing ZERO effort. You can call me stupid, crazy, foolish, lost, or maybe change my username to iamdumb....but i'm actually trying my best and asking questions left and right and trying to save time by doing only the necessary.

My apologies for insulting your username. And I'm not calling you other names. And I'll remain mute beyond this, however I do feel that you are not putting in much effort and instead asking fully inclusive questions where with a little effort you can find the answers. The www.snort.org website has a great amount of documentation, and they give examples.

You've said your instructor thought your project was a good idea, you may wish to continue to discuss your progress on it with them to see if you've gone away from their impressions of what you would be doing, or something else.

I have to agree with rtmistler's assessment. You say you're doing things, and say you've read the documentation...then ask questions which are ANSWERED in the documentation. That points to it not being read. And yes, snort can be INSTALLED easily, as can sendmail, firewalls, etc. The CONFIGURATION of such things is what's difficult.
That's all anyone can ask.
Sorry to say this, but based on your posts, it would seem that you're telling us you're not trying very hard. You say you are, then say you only want to do "the necessary", and balk at reading 15 pages.

We are always happy to help, but can only do so when you meet us half-way. From what's been posted here, it seems like you're asking us to read the documentation for you.

Fine, no problem. Maybe I don't know how to explain myself. Only time will tell me, I'll keep trying. Please bear with me.

Thanks to both of you.

I started from the begging again and successfully installed snort as per the instructions found in their website. It worked find and I played a little with it. However, I had to reboot my virtual machine and then snort stopped working giving me "can't start DAQ" message. This happened two times with another virtual machine as well. I googled it but couldn't really find a solution.

This is the message:

http://i.imgur.com/whm6qwE.jpg

Why is this happening all the time?

Try using sudo, you probably need superuser privileges to control the network interfaces.

You are right! sudo does it. I'll just switch to root then. But why is this the case if file permissions for snort are rwxrwxrwx ?

Thanks