Mandrake and Snort

rrfield

rrfield

New Member
I am installing Mandrake 9.1 on a PC so I can run SNORT on it. Has anyone here done this before? Any tips or suggestions?

I'm a network guy and I am a Linux novice (I can go months without doing any actual work on a computer) so any other suggestions would be welcome as well :)

rrfield
 
I'm not familiar with SNORT, rr, what is it? Note that you'll want it as an RPM if available.

As long as all your peripherals are more or less mainstream, Mandrake pretty much installs itself. I always run the install in manual mode, but I accept all the defaults except for drive partitions. I tell it to put a usr partition in (that's what I'm used to, I don't think the auto-install does it) and than let it allocate the space automatically. I think you'll find Mandrake pretty easy to configure.
 
chcr said:
I'm not familiar with SNORT, rr, what is it? Note that you'll want it as an RPM if available.
Click to expand...

Snort is a free intrusion detection system (IDS) program. It CAN run under windows, but since this is a security device, what would the point of running it under windows be?

The Snort/Mandrake box is a temporary solution for me, after the new year, with new budgets and whatnot, we will be getting a Cisco 4235 IDS. The guys who sit up in the Ivory Tower are paranoid that Osama is going to launch a cyber-attack on a small, rural electric cooperative, so I gets to deploy lots of securty measures, whether they be real or perceived :)

rrfield
 
rrfield said:
The Snort/Mandrake box is a temporary solution for me, after the new year, with new budgets and whatnot, we will be getting a Cisco 4235 IDS. The guys who sit up in the Ivory Tower are paranoid that Osama is going to launch a cyber-attack on a small, rural electric cooperative, so I gets to deploy lots of securty measures, whether they be real or perceived :)

rrfield
Click to expand...
Cool, you gt new stuff to play with. The folks I work for look at what something costs and want me to do it cheaper.
 
i've done some puttering around with snort. I'm not running it now because it sucks up a lot of resources on my gateway and i don't really have the time or resources to really dig in to the guts of it.

it's a pretty cool program, although it seems to be over-sensitive to certain events in it's default state. i would definately play with it in a test setup before deploying it, get a feel for it so you know what you're looking at when/if you decide to put it into production.
 
chcr said:
Cool, you gt new stuff to play with. The folks I work for look at what something costs and want me to do it cheaper.
Click to expand...

The place I work isn't shy about spending money. You ever wonder why your electric bills keep going up? ;)

Tommy, I have done some work with IDS (a retired Cisco 1720 router on which I loaded the FW/IDS image), I know what you are talking about with the over sensitivity :) I hear Snort is even worse about that though....but it's better to have too much info then not enough!
 
snort is very configurable, the rulesets shmoo releases are huge and have lots of stuff you may or may not want to use. the pr0n ruleset is funny, the log entries state something like "Woohoo! Grab the hand lotion!"
 
tommyj27 said:
it's a pretty cool program, although it seems to be over-sensitive to certain events in it's default state. i would definately play with it in a test setup before deploying it, get a feel for it so you know what you're looking at when/if you decide to put it into production.
Click to expand...
exactly what I've heard :D
 
You must log in or register to reply here.
Back
Top