Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Ari Novikoff on May 02, 2002, 03:18:20 AM
-
I've just released the latest version of the ari-mitel-acid rpm, now at 1.0-11
Both noarch.RPM and src.RPM are available at:
http://www.marari.net/downloads/snort/ari-mitel-acid-1.0-11.noarch.rpm
http://www.marari.net/downloads/snort/ari-mitel-acid-1.0-11.src.rpm
Thanks to Keith Woody for his help with the perl code for the local IP range in
the snort.conf template.
In this version, the HOME_NET variable is properly defined so that snort now
scans both the internal and external interfaces, and ACID sees both sensors
(yay!).
Also, I've defined the portscan section to scan the external interface only for
the time being.
The updated howto is available at:
http://www.marari.net/downloads/snort/acid-howto.htm
As always, your comments are welcome.
Cheers!
Ari
-
is there a snort rpm also then? I have just been compiling it in:-(
-
There is a snort RPM available from snort's website.
Check my howto and you'll see it.
-
thanks,
I had some trouble with you rpm : it does not see portscans in acid.
But I had a non-standard system. So I will re-install the system and see if it works then
hc
-
Tryed to install as per the how to
this iis the error i get when i get to the
Step 1
# rpm -Uvh libpcap-0.6.2-10.7.i386.rpm
# rpm -Uvh snort-1.8.4-1snort.i386.rpm snort-mysql-1.8.4-1snort.i386.rpm
this line here
# rpm -Uvh ari-mitel-acid-1.0-11.noarch.rpm
Preparing... ########################################### [100%]
package libpcap-0.6.2-10.7 is already installed
And if you've decided to install the Guardian Add-On, then run the following:
# rpm -Uvh ari-mitel-guardian-1.0-2.noarch.rpm
what do you do from here
Regards
Tom
-
-11.noarch.rpm
>
> Preparing...
> ########################################### [100%]
> package libpcap-0.6.2-10.7 is already installed
>
Then skip to the next command in install the snort and snort-mysql rpms
Ari