setting up an IDS box
i want to set up an IDS box--most of this is completely new to me. i'd like to use Slackware, although other than that i really don't care. i'm looking into snort, but i'm open to other options. i have a ton of questions, although i'm trying to find the answers to as many of them as possible myself. what are the basic software components that i need to install? obviously i need snort, but what else? it appears i need MySQL for the log files. do i need apache? what exactly is Acid? the hardest part for me will be setting up the 2 NICs, cause i only know enough about networking to be dangerous. how should i set up my NICs? i don't want to create another subnet (i guess that's the right term)--i am just going to hook the snort box up before a switch on the LAN. i would like everything on that switch to operate as it did before; i don't want the snort box assigning IP's or anything, i want all the boxes on the switch to still get their IP's from the DHCP server. do i need to set the IDS box up as a gateway or possibly a bridge?Basically i'm pretty much clueless. i'd appreciate any advice, or a link to a how-to, or anything. thanks.
|
All times are GMT -5. The time now is 08:26 AM. |