Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
09-21-2015, 10:55 AM
|
#1
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Rep:
|
Help with a mini linux project
Hi guys
This is related to this:
http://www.linuxquestions.org/questi...ea-4175553476/
It is decided, my instructor approved my snort idea.
I have installed snort on one of my fedora machines, and I'll start reading about it soon. I want you to get me started on this...
What penetration test do you recommend me to use ?
How do you get to the snort configuration page?
In snort, how do I know my system wasn't penetrated?
I'll try to get answers for the above by doing my homework(Reading), but I'm also greedy for your help.
Many thanks...
Last edited by iamgenius; 09-21-2015 at 10:56 AM.
|
|
|
09-21-2015, 11:57 AM
|
#2
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,895
|
Quote:
Originally Posted by iamgenius
Hi guys
This is related to this:
http://www.linuxquestions.org/questi...ea-4175553476/
It is decided, my instructor approved my snort idea.
I have installed snort on one of my fedora machines, and I'll start reading about it soon. I want you to get me started on this...
What penetration test do you recommend me to use ?
How do you get to the snort configuration page?
In snort, how do I know my system wasn't penetrated?
I'll try to get answers for the above by doing my homework(Reading), but I'm also greedy for your help.
Many thanks...
|
Sorry, but get less greedy and do the reading you state you're going to do first.
Just up and asking those questions, many of which can be answered by reading the manual, is in very poor taste.
Better yet, ask those questions of your instructor and see what answers they offer.
|
|
2 members found this post helpful.
|
09-21-2015, 12:28 PM
|
#3
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
Quote:
Originally Posted by rtmistler
Sorry, but get less greedy and do the reading you state you're going to do first.
Just up and asking those questions, many of which can be answered by reading the manual, is in very poor taste.
Better yet, ask those questions of your instructor and see what answers they offer.
|
Fine, no problem. I respect your reply. The instructor isn't the best person to ask actually. Somebody else should have taught us the course, so he is like a substitute instructor and the material wasn't designed by him. I already tried asking him, he isn't of a much help. I'm already trying hard, and if it wasn't for help from others with this course, we all would have been doomed.
I'm just trying to gather as much information as I can before I actually start working with the project next Friday after I finish other assignments.
Thanks.
|
|
|
09-22-2015, 02:45 PM
|
#4
|
Senior Member
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 4,929
|
Most of the penetration testing tools (commands from terminal) already exist in most distros or easily downloadable and free. All you need is some guidance from articles on the web or a good network testing book. Example - Linux Journal - Testing
If you prefer it all in one comprehensive package these are available in many forms. There are LiveCD distros devoted to pen-testing such as Kali Linux. There are also many suites and back in the day Nessus was amazing. It's still amazing ... actually even more amazing but they offer a little less for Free than they used to. Check Nessus out
Nessus Suites
Nessus is especially good if you have any designs on entering the field professionally.
|
|
1 members found this post helpful.
|
09-23-2015, 06:35 AM
|
#5
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
Quote:
Originally Posted by enorbet
Most of the penetration testing tools (commands from terminal) already exist in most distros or easily downloadable and free. All you need is some guidance from articles on the web or a good network testing book. Example - Linux Journal - Testing
If you prefer it all in one comprehensive package these are available in many forms. There are LiveCD distros devoted to pen-testing such as Kali Linux. There are also many suites and back in the day Nessus was amazing. It's still amazing ... actually even more amazing but they offer a little less for Free than they used to. Check Nessus out
Nessus Suites
Nessus is especially good if you have any designs on entering the field professionally.
|
Thanks for your reply. It is really helpful. I'm actually planning to use Kali linux.
I'll come back to your post later. I now have other questions:
I actually installed snort few days ago on my fedora 22 by simply running the command yum install snort or something similar. It is working and I check its version by running the snort -V command. However, when I go and check the installation guide for fedora 22 on their website, I'm faced with 15 pages in instructions on how to install snort !!!
https://www.snort.org/documents/snor...x-on-fedora-22
Why all that? Do I really need to follow and do everything in there?
Last edited by iamgenius; 09-23-2015 at 06:38 AM.
|
|
|
09-23-2015, 07:59 AM
|
#6
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,895
|
Quote:
Originally Posted by iamgenius
|
That is a very inclusive set of instructions which shows you not just how to install snort, but also how to get it up and running and configured, in one example form.
To answer your question, you do not need to follow everything in that document since you feel you have snort installed already, but you may wish to review the instructions and evaluate whether or not some of the added information there is helpful to you. I suspect a moderate amount of it actually is.
And note also that it is not just "how to install" but "how to get it running". Meaning the author discusses installing, but also how to configure and start using snort.
Regarding something you were asking earlier:
Quote:
Originally Posted by iamgenius
How do you get to the snort configuration page?
|
This is shown in the part of the document where the author discusses the snort.conf file and monitoring an example address of 192.168.1.0.
It also discusses the differences between a Registered user and a Paid subscriber of snort. You may wish to read their guidance on that matter so as to understand the benefits, or restrictions you might face, based on your choice. I'm assuming you'd want the free option which would be a Registered user. And given that, you should recognize that becoming a Registered user is probably important, if you wish to download rules. However, that's your choice if you decide to read and consider that option.
Last edited by rtmistler; 09-23-2015 at 08:01 AM.
|
|
1 members found this post helpful.
|
09-23-2015, 08:25 AM
|
#7
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
Quote:
Originally Posted by rtmistler
That is a very inclusive set of instructions which shows you not just how to install snort, but also how to get it up and running and configured, in one example form.
To answer your question, you do not need to follow everything in that document since you feel you have snort installed already, but you may wish to review the instructions and evaluate whether or not some of the added information there is helpful to you. I suspect a moderate amount of it actually is.
And note also that it is not just "how to install" but "how to get it running". Meaning the author discusses installing, but also how to configure and start using snort.
Regarding something you were asking earlier:This is shown in the part of the document where the author discusses the snort.conf file and monitoring an example address of 192.168.1.0.
It also discusses the differences between a Registered user and a Paid subscriber of snort. You may wish to read their guidance on that matter so as to understand the benefits, or restrictions you might face, based on your choice. I'm assuming you'd want the free option which would be a Registered user. And given that, you should recognize that becoming a Registered user is probably important, if you wish to download rules. However, that's your choice if you decide to read and consider that option.
|
Thank you very much. What's DAQ exactly? It says data acquisition in their website. Do you need that for snort to fight against a penetration test?
|
|
|
09-23-2015, 08:49 AM
|
#8
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,895
|
Quote:
Originally Posted by iamgenius
Thank you very much. What's DAQ exactly? It says data acquisition in their website. Do you need that for snort to fight against a penetration test?
|
Go to their website and search their documents. I did and in about 4 or 5 clicks I found a document explaining exactly what DAQ is.
You're showing ZERO effort on your part. Given that, people are not likely going to answer your questions, they may give hints, eventually they will probably stop giving hints unless you show some initiative on your own.
Telling us the instructor is not a good instructor, is not initiative.
Finding an actual helpful link, not reading it, exasperating at the length of it, and then asking your same questions once again, is not initiative.
EDIT: Bad comment about OP's username removed
Last edited by rtmistler; 09-23-2015 at 11:36 AM.
|
|
1 members found this post helpful.
|
09-23-2015, 10:31 AM
|
#9
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
Quote:
Originally Posted by rtmistler
Go to their website and search their documents. I did and in about 4 or 5 clicks I found a document explaining exactly what DAQ is.
You're showing ZERO effort on your part. Given that, people are not likely going to answer your questions, they may give hints, eventually they will probably stop giving hints unless you show some initiative on your own.
Telling us the instructor is not a good instructor, is not initiative.
Finding an actual helpful link, not reading it, exasperating at the length of it, and then asking your same questions once again, is not initiative.
EDIT: Nasty sidebar is that I'm really questioning your username ...
|
My username aside(it is just a username), how do you know I'm doing ZERO effort? Regarding that 15 pages document, I actually read the whole thing, but couldn't really come to conclusion whether It is really needed or not for my purposes. That's why I asked the question. I was actually surprised because you can install snort just like any other package by executing only one command. At first glance(when I opened that doc), I thought installing snort was much more involved and what I actually installed previously is some other similar program (Called smort maybe?)
I'm all new to linux, not to mention snort which proves to be very complex and comprehensive.
From this coming Friday, I'll have only 2 weeks to finish everything. I don't have time, and I'm trying to get ahead of things. Maybe my project selection is bad but I'll try my best.
If you don't want to help, and you think I'm lazy, that's fine, but don't tell others I'm doing ZERO effort. You can call me stupid, crazy, foolish, lost, or maybe change my username to iamdumb....but i'm actually trying my best and asking questions left and right and trying to save time by doing only the necessary.
|
|
|
09-23-2015, 11:40 AM
|
#10
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,895
|
Quote:
Originally Posted by iamgenius
My username aside(it is just a username), how do you know I'm doing ZERO effort? Regarding that 15 pages document, I actually read the whole thing, but couldn't really come to conclusion whether It is really needed or not for my purposes. That's why I asked the question. I was actually surprised because you can install snort just like any other package by executing only one command. At first glance(when I opened that doc), I thought installing snort was much more involved and what I actually installed previously is some other similar program (Called smort maybe?)
I'm all new to linux, not to mention snort which proves to be very complex and comprehensive.
From this coming Friday, I'll have only 2 weeks to finish everything. I don't have time, and I'm trying to get ahead of things. Maybe my project selection is bad but I'll try my best.
If you don't want to help, and you think I'm lazy, that's fine, but don't tell others I'm doing ZERO effort. You can call me stupid, crazy, foolish, lost, or maybe change my username to iamdumb....but i'm actually trying my best and asking questions left and right and trying to save time by doing only the necessary.
|
My apologies for insulting your username. And I'm not calling you other names. And I'll remain mute beyond this, however I do feel that you are not putting in much effort and instead asking fully inclusive questions where with a little effort you can find the answers. The www.snort.org website has a great amount of documentation, and they give examples.
You've said your instructor thought your project was a good idea, you may wish to continue to discuss your progress on it with them to see if you've gone away from their impressions of what you would be doing, or something else.
|
|
2 members found this post helpful.
|
09-23-2015, 12:28 PM
|
#11
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,192
|
Quote:
Originally Posted by iamgenius
My username aside(it is just a username), how do you know I'm doing ZERO effort? Regarding that 15 pages document, I actually read the whole thing, but couldn't really come to conclusion whether It is really needed or not for my purposes. That's why I asked the question. I was actually surprised because you can install snort just like any other package by executing only one command. At first glance(when I opened that doc), I thought installing snort was much more involved and what I actually installed previously is some other similar program (Called smort maybe?)
I'm all new to linux, not to mention snort which proves to be very complex and comprehensive.
|
I have to agree with rtmistler's assessment. You say you're doing things, and say you've read the documentation...then ask questions which are ANSWERED in the documentation. That points to it not being read. And yes, snort can be INSTALLED easily, as can sendmail, firewalls, etc. The CONFIGURATION of such things is what's difficult.
Quote:
From this coming Friday, I'll have only 2 weeks to finish everything. I don't have time, and I'm trying to get ahead of things. Maybe my project selection is bad but I'll try my best.
|
That's all anyone can ask.
Quote:
If you don't want to help, and you think I'm lazy, that's fine, but don't tell others I'm doing ZERO effort. You can call me stupid, crazy, foolish, lost, or maybe change my username to iamdumb....but i'm actually trying my best and asking questions left and right and trying to save time by doing only the necessary.
|
Sorry to say this, but based on your posts, it would seem that you're telling us you're not trying very hard. You say you are, then say you only want to do "the necessary", and balk at reading 15 pages.
We are always happy to help, but can only do so when you meet us half-way. From what's been posted here, it seems like you're asking us to read the documentation for you.
|
|
1 members found this post helpful.
|
09-23-2015, 07:13 PM
|
#12
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
Fine, no problem. Maybe I don't know how to explain myself. Only time will tell me, I'll keep trying. Please bear with me.
Thanks to both of you.
Last edited by iamgenius; 09-23-2015 at 09:00 PM.
|
|
|
09-30-2015, 07:26 AM
|
#13
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
I started from the begging again and successfully installed snort as per the instructions found in their website. It worked find and I played a little with it. However, I had to reboot my virtual machine and then snort stopped working giving me "can't start DAQ" message. This happened two times with another virtual machine as well. I googled it but couldn't really find a solution.
This is the message:
Why is this happening all the time?
|
|
|
09-30-2015, 07:28 AM
|
#14
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,895
|
Try using sudo, you probably need superuser privileges to control the network interfaces.
|
|
|
09-30-2015, 10:32 AM
|
#15
|
LQ Newbie
Registered: Sep 2015
Posts: 19
Original Poster
Rep:
|
Quote:
Originally Posted by rtmistler
Try using sudo, you probably need superuser privileges to control the network interfaces.
|
You are right! sudo does it. I'll just switch to root then. But why is this the case if file permissions for snort are rwxrwxrwx ?
Thanks
|
|
|
All times are GMT -5. The time now is 08:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|