Displaying 20 results from an estimated 2000 matches similar to: "CentOS 6: snort, fwlogwatch"
2002 Jul 01
3
Shorewall connection logging question
I have a perferctly working shorewall system, with basic configuration
(external real IP, one private address internal network with some
forwarded services), and log handling with fwlogwatch.
My problem is that I can''t find out how to make something like this
with shorewall (TCP-connections only):
- Allow protocol x connections from IP x.x.x.x without logging
- Allow protocol x
2011 Sep 08
1
Centos6: missing link for mysqlclient
Hallo,
I am installing snort from source.
Besides of a lot of additional libraries, I needed a link
ln -vfs /usr/lib64/mysql/libmysqlclient.so.16 /usr/lib64/libmysqlclient.so
Are there reasons not to install with yum install mysql-devel ?
I have found many discussions to add this link in context of installing from source, nor only for snort.
Best regards
Helmut
-------------- next
2003 Apr 17
0
[kris@FreeBSD.org: cvs commit: ports/security/snort Makefile distinfo pkg-plist ports/security/snort/files patch-snort.c]
FYI
Kris
----- Forwarded message from Kris Kennaway <kris@FreeBSD.org> -----
X-Original-To: kkenn@localhost
Delivered-To: kkenn@localhost.obsecurity.org
Delivered-To: kris@freebsd.org
Delivered-To: ports-committers@freebsd.org
From: Kris Kennaway <kris@FreeBSD.org>
Date: Thu, 17 Apr 2003 14:45:03 -0700 (PDT)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,
2006 Dec 19
0
Bug#403758: Logcheck rules for Snort
Package: logcheck-database
Hey,
I created a logcheck ignore file for Snort with stuff I don't
particularly want to see every day. The one line with the warning in it is
questionable, so leave it in or out at your discretion. Also, my regex
skills are not as good as they could be, so there are probably mistakes, or
things that could be simplified more. Rules are below:
^\w{3} [
2012 Aug 07
0
Snort: Problems configuring for init/start upon bootup rc.conf not working
Ladies/Gents,
/etc/init.d/snortd
more snortd
#!/bin/sh
# Description: start up script for snort
# chkconfig: 2345 40 60
#
# Source function library.
. /etc/rc.d/init.d/functions
#
case "$1" in
#
'start')
echo "Starting up Snort..."
/prod/snort/bin/snort -c /prod/snort/etc/snort.conf -D -g snort -u snort -i
eth0 -l /var/log/snort
echo "Done."
;;
#
2003 Aug 28
1
snort, postgres, bridge
I've been prowling through the FreeBSD and Snort list archives in
search of information on setting up snort on a FreeBSD bridge(4)
that logs to a remote postgres box via a third interface (hme0)
Snort is being started with the following command:
/usr/local/bin/snort -A full -D -e -d -s -i fxp0 -c /usr
/local/etc/snort.conf
Where fxp0 and fxp1 are in the bridge
output from sysctl:
2003 Apr 17
1
[Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors]
I figured that someone reading this list might want to take a look at
the proceeding, considering that the version of Snort in FreeBSD ports
-is- affected.
-----Forwarded Message-----
> From: CERT Advisory <cert-advisory@cert.org>
> To: cert-advisory@cert.org
> Subject: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors
> Date: 17 Apr 2003 11:30:47 -0400
2006 Mar 31
0
ULOGD and Snort Inline
Hi All,
I am facing a problem when using ULOG daemon and SNORT (inline mode)
with iptables.
My set up is like this.
1. I need ULOG daemon to log firewall logs to MYSQL database.
2. I need SNORT in inline mode for intrusion prevention.
Both can work fine induvidually with iptables. But ULOG daemon cannot work
when SNORT is also running.
Probably the reason is that snort also hooks to
2005 Mar 30
1
RE: Shorewall and an inline IDS(snort-inlineorhogwash)
Plus I would like to let you know that it works like a charm.
Snort can now see those packets.
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of
Thibodeau, Jamie L.
Sent: Wednesday, March 30, 2005 9:25 AM
To: Mailing List for Shorewall Users
Subject: RE: [Shorewall-users] Shorewall and an inline
2005 Jun 15
1
shorewall and snort inline
hello list,
i''ve set up shorewall and snort inline on a linux box. it works, but
snort only sees traffic from new connections. and this is because
shorewall automatically generates rules to accept established and
related connections. how can i force shorewall to queue everything, so
that snort can scan the hole traffic like in IDS mode. The setup i have
now is really simple, just 2 zones
2003 Mar 23
0
Shorewall and snort-inline
Hi, I''m new to the list, but have been through the documentation,
archives, etc. looking for more info...
I''ve been using shorewall 1.3.14 for a few months now, has been working
well from day one. I''m also using it with dshield (submitting logs and
using the block list).
I''m thinking of adding snort-inline to the mix (I run apache and postfix
on the same box,
2013 Aug 29
2
shorewall and snort - recommendation
Dear all,
I''m setting up a new gateway for a small network (under 30 users)Gw will host the following services:shorewalldnsproxy
i''m considering installing snort.can i do so on the same exact box ? is there any security risk of doing so ?
box would have 4 ISPs and two internal interfaces.
Any recommendation about the optimal setup of snort and shorewall (or if you suggest
2003 Aug 28
0
[louisk@bend.com: snort, postgres, bridge]
----- Forwarded message from Louis Kowolowski <louisk@bend.com> -----
Date: Thu, 28 Aug 2003 11:37:42 -0700
From: Louis Kowolowski <louisk@bend.com>
To: freebsd-security@freebsd.org
Subject: snort, postgres, bridge
User-Agent: Mutt/1.5.4i
I've been prowling through the FreeBSD and Snort list archives in
search of information on setting up snort on a FreeBSD bridge(4)
that logs
2008 May 27
4
freebsd and snort
Hello all:
I tried to install snort under /usr/ports/security and have some problems. with "make all", I checked every item on the menu but I got error messages:
//////////////////////////////
laptop# make all
===> snort-2.8.1_1 is marked as broken: FLEXRESP2 patch file does not incorporate cleanly.
*** Error code 1
Stop in /usr/ports/security/snort.
2005 Mar 30
7
RE: Shorewall and an inline IDS (snort-inline orhogwash)
I made an atempt to run snort_inline and shorewall on the same system
but I could not get snort to see the packets.
Maybe someone with a little more iptables knowledge could tell me what
I''m doing wrong or if its possible to have the systems setup so that it
places packets that the firewall would allow into QUEUE.
After setting up and starting shorewall I then issue the following
2007 Sep 26
4
Intrusion Detection Systems
Situation: We are providing hosting services.
I've grown tired of the various kiddie scripts/dictionary attacks on
various services. The latest has been against vsftpd, on systems that I
can't easily control vs. putting strict limits on ssh. We simply have
too many users entering from too many networks many with dynamic IP
addresses.
Enter.... thinking about LIDS or Log Based
2005 Mar 30
1
RE: Shorewall and an inline IDS (snort-inlineorhogwash)
You are awesome!!!!
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom
Eastep
Sent: Wednesday, March 30, 2005 9:11 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] Shorewall and an inline IDS
(snort-inlineorhogwash)
Tom Eastep wrote:
> Thibodeau, Jamie L. wrote:
>
2013 Mar 01
0
XCP 1.6 don’t pass throug all traffic to (tpcdump) snort
Hi all,
I have been troubled with the traffic flow on the XCP 1.6 and XCP 0.5.
- I have 4 servers in VLAN2 on port b12,b13,b14,b15 (these servers work
on a XCP 0.5)
- on port a3 have have mirrort al ports from a1,a2,a4-b24
- have a other HP server with XCP1.6 with (Debian 6.0.6 as host) and
install snort. this has 2 eth carts in it. Eth0 is plugt in the VLAN2
network and
2005 Mar 31
1
CentOS as an internet gateway
I would add the below:
-Recommend using CentOS 4.0
-Use squid rpm, no tar (this is for new users I'm guessing).
-Recommend using etherape and iptraf (available as rpms) for a graphical
overview of traffic. http://etherape.sourceforge.net/
-Recommend the use of chkrootkit, and TCP Wrappers (at the least put
ALL: ALL EXCEPT PARANOID in /etc/hosts.allow) to protect servers.
-Provide some
2007 May 15
1
Running snort on dom0
Hi all,
I need to monitor all traffic and block bad requests on my guest machines and
also on my xen host. To accomplish this I think to install snort on my dom0 host
(rhel5). Somebody have tried this? What about performance on guests??
Many thanks ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
_______________________________________________
Xen-users mailing list