I have a Magento website setup on a linux machine that is based on a Bitnami ready-made image.
The main goal is to be notified by email whenever there might be a potential attack on the site.
To achieve that I decided to install Snort IDS and email the alerts coming to the syslog using Swatch.
I've installed snort by following
this tutorial from Snort's official website.
I've just finished section 9 of that tutorial which means:
Installed all the perquisites.
Installed Snort IDS on the machine.
Setup a test rule to alert when ICMP requests (ping) occurs.
Next to allow Snort to log alerts to syslog I've uncommented this line in the snort.conf file: output alert_syslog: LOG_AUTH LOG_ALERT
I've tested the installation by running this command:
sudo /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
while Snort is running I've made a ping request from another system. I can see alerts registering in Snort's log file but nothing was added to the syslog.
Trail and errors:
1. Run snort as user root.
2. Set syslog to bounce logs to another server (remote syslog).
I don't have great deal of experience with linux so any help to point me to the right direction will be very much appreciated.
Some facts:
- Bitnami Magento Stack 1.9.1.0-0
- Ubuntu 14.04.3 LTS
- Snort 2.9.7.5