Installing Snort
47
If all goes well, line 95 shows output of alerts generated by displaying the last
eighteen lines in the /var/log/snort/alert file.
2.2.4.2
Generating Test Alerts with Automatic Snort Startup
If you installed Snort in the /opt/snort directory, you can also use the follow
ing script that will start and stop Snort by itself and verify that it is working properly.
Make sure that Snort is NOT already running before starting this script because the
script starts Snort by itself. This script is found as snort test auto.sh file on the
website http://authors.phptr.com/rehman/.
1 #!/bin/sh
2 #
3 ###############################################################
4 # You are free to copy and distribute this script under #
5 # GNU Public License until this part is not removed #
6 # from the script. #
7 ###############################################################
8 # HOW TO USE #
9 # #
10 # Right after installation of Snort, run this script. #
11 # It is assumed that snort executable is present in the #
12 # /opt/argus/bin directory and all rules and configuration #
13 # files are present under /opt/argus/etc/snort directory. #
14 # If files are in other locations, edit the following location#
15 # of variables. If you used the installation script provided #
16 # along with this script, the files will be automatically #
17 # located in appropriate directories. #
18 # #
19 # Note that the script starts and stops Snort by itself and #
20 # you should make sure that Snort is not running at the time #
21 # you run this script. #
22 # #
23 # It will generate alerts in /tmp/alert file similar #
24 # to the following: #
25 # #
26 # [**] [1:498:3] ATTACK RESPONSES id check returned root [**] #
27 # [Classification: Potentially Bad Traffic] [Priority: 2] #
28 # 08/31 15:56:48.188882 255.255.255.255 > 192.168.1.111 #
29 # ICMP TTL:150 TOS:0x0 ID:0 IpLen:20 DgmLen:84 #
30 # Type:0 Code:0 ID:45596 Seq:1024 ECHO REPLY #
31 # #
32 # These alerts are displayed at the end of the script. #
33 ###############################################################
34 #
35
36 PREFIX=/opt/snort
37 SNORT=$PREFIX/bin/snort
38 SNORT_CONFIG=$PREFIX/etc/snort.conf
39 LOG_DIR=/tmp
40 ALERT_FILE=$LOG_DIR/alert
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved