Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
That is a file permission. Programs need permissions depending on what they are trying to access while running. Ie: snort is trying to control the network interfaces,.
You are right! sudo does it. I'll just switch to root then. But why is this the case if file permissions for snort are rwxrwxrwx ?
Thanks
Don't switch to root, and continue to use sudo. Reason being is logged in as root you can inadvertently do stuff like remove files with a wildcard and thus remove critical system files. Yeah ... I know ... we all say "But I wouldn't do THAT!" Somewhere, there's a LQ thread about the latest stupid thing each of us has done.
Quote:
Originally Posted by szboardstretcher
That is a file permission. Programs need permissions depending on what they are trying to access while running. Ie: snort is trying to control the network interfaces,.
Yes, this is the reason, to control the network interfaces you need to have root privileges, but you don't need to be root.
-Snort will have no effect whatsoever unless it is actually RUNNING actively on the target system (The system that is to be attacked). Right?
-Snort running with no rules at all will also have no effect also, right?
By effect I mean protecting the system or giving alerts
-From the looks of it, Snort has some standard rules that can be downloaded with it in addition to the rules that you can configure yourself. I presume standard rules or pre-configured snort or whatever they are called will give alerts/prevent against common pen tests or scanners like nmap for example; again right or wrong? I think using existing rules will be easier than configuring new ones for me and will save me some time since time is very limited.
I'm not done yet with what I'm trying, but I came back with more questions.
In Snort website (and like explained before by), if you register you will have access to subscriber rules one month after they are created. You can download them by entering the wget command found in the website, but you need a code for that. I didn't get a code when I signed up. My account is active I think because I can successfully sign in. Where do you really get the code from?
For now, I downloaded the community rules but there is also a problem. When I try to use it I get the following error message:
I couldn't get community rules to work but at at least got something to work. I was able to get snort to give alerts about icmp packets. I recorded a video about it:
Where is everybody? Please don't leave me alone on this, I need help. Should I move this to the linux security forum?
Okay, in addition to the icmp alert rule above, I was also able to get snort to reject icmp packets, give alerts when a certain website is visited, prevent access to this specific website. But I have some issues:
When I try to run snort as a Daemon, it fails and I get an error message:
I couldn't fix that.
Also, when I try to view the log files, they don't open correctly:
Anybody has an idea why is that happening? Note: I can see the website that I was preventing access to in the green circle, which means logging is working but I can't read the log file correctly.
Where is everybody? Please don't leave me alone on this, I need help. Should I move this to the linux security forum?
Okay, in addition to the icmp alert rule above, I was also able to get snort to reject icmp packets, give alerts when a certain website is visited, prevent access to this specific website. But I have some issues:
When I try to run snort as a Daemon, it fails and I get an error message:
I couldn't fix that.
Also, when I try to view the log files, they don't open correctly:
Anybody has an idea why is that happening? Note: I can see the website that I was preventing access to in the green circle, which means logging is working but I can't read the log file correctly.
I have been told that the special log files (One example shown above)are to be read only by something like wireshark.
Hello again. It sounds like this thread has been left out. Anyways, I'm trying to fix my snort installation and make it perfect, so I started all over again. In one of the steps in page 6 of the 15 pages installation manual, it says that I need to place a shell script in the /etc/init.d directory. How do I place it in there? As a text file?
You should be doing that at the cli, in which case you just copy the script from wherever it is now to /etc/init.d .
(As it happens, shell scripts are just text ).
Don't forget to ensure it has the correct ownerships and permissions as well.
You should be doing that at the cli, in which case you just copy the script from wherever it is now to /etc/init.d .
(As it happens, shell scripts are just text ).
Don't forget to ensure it has the correct ownerships and permissions as well.
Can you please clarify more?
I should go to /etc/init.d then create a new file by using touch command, open a text editor, put the script on it, save it and exit and leave the text file in the /etc/init.d directory ?
PS: I strongly recommend writing it on the Linux box; don't use MSwin then copy it over or you'll have to use unix2dos to fix the line endings.
Just use vi / vim - you need to know this anyway.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.