---

Run a Business Network on Linux: Intrusion Detection (Part 4)

“This is a quick and easy way to test Snort and make sure it’s
doing something. Enter this rule in
/etc/snort/rules/local.rules:

alert tcp any any -> $HOME_NET any (msg:”this is only a
test”; sid:99887766;)

It means “alert on any TCP packet from any IP address and any
port number entering my local network; print the message “this is
only a test” in the logfile, and give this rule a made-up ID number
that hopefully doesn’t conflict with any of the rule SIDs that
already exist in /etc/snort/rules. “


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis