Snort Install Linux: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) (→Test) |
||
| Zeile 4: | Zeile 4: | ||
=Test= | =Test= | ||
*snort -T -i eth0 -c /etc/snort/snort.conf | *snort -T -i eth0 -c /etc/snort/snort.conf | ||
| + | =Local Rules= | ||
| + | *cat /etc/snort/rules/local.rules | ||
| + | Alert icmp any any -> any any (msg:"Snort Test"; sid:1000000001;) | ||
| + | #Alert udp any any -> any any (msg:"Snort Test UDP"; sid:1000000002;) | ||
| + | #Alert tcp any any -> any any (msg:"Snort Test TCP"; sid:1000000003;) | ||
Version vom 24. August 2016, 10:05 Uhr
Install
- apt-get install snort
Test
- snort -T -i eth0 -c /etc/snort/snort.conf
Local Rules
- cat /etc/snort/rules/local.rules
Alert icmp any any -> any any (msg:"Snort Test"; sid:1000000001;) #Alert udp any any -> any any (msg:"Snort Test UDP"; sid:1000000002;) #Alert tcp any any -> any any (msg:"Snort Test TCP"; sid:1000000003;)