That is a file permission. Programs need permissions depending on what they are trying to access while running. Ie: snort is trying to control the network interfaces,.

Don't switch to root, and continue to use sudo. Reason being is logged in as root you can inadvertently do stuff like remove files with a wildcard and thus remove critical system files. Yeah ... I know ... we all say "But I wouldn't do THAT!" Somewhere, there's a LQ thread about the latest stupid thing each of us has done.Yes, this is the reason, to control the network interfaces you need to have root privileges, but you don't need to be root.

Understood.

I appreciate all the help...Please bear with me a little more.

Very quick and simple questions:

-Snort will have no effect whatsoever unless it is actually RUNNING actively on the target system (The system that is to be attacked). Right?

-Snort running with no rules at all will also have no effect also, right?

By effect I mean protecting the system or giving alerts

-From the looks of it, Snort has some standard rules that can be downloaded with it in addition to the rules that you can configure yourself. I presume standard rules or pre-configured snort or whatever they are called will give alerts/prevent against common pen tests or scanners like nmap for example; again right or wrong? I think using existing rules will be easier than configuring new ones for me and will save me some time since time is very limited.

I'll go try this:

http://insidetrust.blogspot.ae/2010/...k-4-basic.html

and something else and will probably come back with more questions.


Thanks again

I'm not done yet with what I'm trying, but I came back with more questions.

In Snort website (and like explained before by), if you register you will have access to subscriber rules one month after they are created. You can download them by entering the wget command found in the website, but you need a code for that. I didn't get a code when I signed up. My account is active I think because I can successfully sign in. Where do you really get the code from?

For now, I downloaded the community rules but there is also a problem. When I try to use it I get the following error message:



What does that mean?

I couldn't get community rules to work but at at least got something to work. I was able to get snort to give alerts about icmp packets. I recorded a video about it:

View My Video

I need to make a rule now that will prevent nmap/metasploit work.

Where is everybody? Please don't leave me alone on this, I need help. Should I move this to the linux security forum?

Okay, in addition to the icmp alert rule above, I was also able to get snort to reject icmp packets, give alerts when a certain website is visited, prevent access to this specific website. But I have some issues:

When I try to run snort as a Daemon, it fails and I get an error message:



I couldn't fix that.

Also, when I try to view the log files, they don't open correctly:




Anybody has an idea why is that happening? Note: I can see the website that I was preventing access to in the green circle, which means logging is working but I can't read the log file correctly.

I have been told that the special log files (One example shown above)are to be read only by something like wireshark.

Hello again. It sounds like this thread has been left out. Anyways, I'm trying to fix my snort installation and make it perfect, so I started all over again. In one of the steps in page 6 of the 15 pages installation manual, it says that I need to place a shell script in the /etc/init.d directory. How do I place it in there? As a text file?

Any help is appreciated.

You should be doing that at the cli, in which case you just copy the script from wherever it is now to /etc/init.d .
(As it happens, shell scripts are just text ).
Don't forget to ensure it has the correct ownerships and permissions as well.

Can you please clarify more?

I should go to /etc/init.d then create a new file by using touch command, open a text editor, put the script on it, save it and exit and leave the text file in the /etc/init.d directory ?


Thanks.

That's one way if you don't already have the script written elsewhere.
NB: no need for 'touch'; the editor will create the file.

Read this
http://rute.2038bug.com/index.html.gz

PS: I strongly recommend writing it on the Linux box; don't use MSwin then copy it over or you'll have to use unix2dos to fix the line endings.
Just use vi / vim - you need to know this anyway.