Linux Today: Linux News On Internet Time.

Run a Business Network on Linux: Intrusion Detection (Part 4)

Jun 12, 2008, 22:00 (0 Talkback[s])
(Other stories by Carla Schroder)

"This is a quick and easy way to test Snort and make sure it's doing something. Enter this rule in /etc/snort/rules/local.rules:

alert tcp any any -> $HOME_NET any (msg:"this is only a test"; sid:99887766;)

It means "alert on any TCP packet from any IP address and any port number entering my local network; print the message "this is only a test" in the logfile, and give this rule a made-up ID number that hopefully doesn't conflict with any of the rule SIDs that already exist in /etc/snort/rules. "

Complete Story

Related Stories: