Does anyone know and basic guide for them, or any tips for someone who has no idea what he's doing?
Basic docs are in the tarball or at Snort.org. Basically you install the app, insert your network and interface details in the config, tweak the rulesets to comment out stuff that's either CPU intensive or services you don't run and update the rulesets regularly. Make sure you process the logs regularly to make use of Snort as an early warning system for your network/systems. If you want blocking capabilities it's possible to add third party apps that react by adding blocking rules to your fw like Guardian. If you need GUI level logcollection, sensor management and such look for stuff like ACID, Midas, Sguil SPADE or Demarc. IIRC Webmin also has a GUI for Snort. One alternative I know for Snort is Prelude, but I haven't tested that one.
Don't ask me about tripwire, I turned to Aide yrs ago as it's much easier to deploy. One alternative you might want to look at is Samhain.
More nfo about IDS'es and host integrity scanners at the
LQ FAQ: Security references, post #3.
