Topic: Snort / Acid / Guardian updates

[Ari Novikoff]

I've just released the latest version of the ari-mitel-acid rpm, now at 1.0-11

Both noarch.RPM and src.RPM are available at:

http://www.marari.net/downloads/snort/ari-mitel-acid-1.0-11.noarch.rpm
http://www.marari.net/downloads/snort/ari-mitel-acid-1.0-11.src.rpm

Thanks to Keith Woody for his help with the perl code for the local IP range in
the snort.conf template.

In this version, the HOME_NET variable is properly defined so that snort now
scans both the internal and external interfaces, and ACID sees both sensors
(yay!).

Also, I've defined the portscan section to scan the external interface only for
the time being.

The updated howto is available at:
http://www.marari.net/downloads/snort/acid-howto.htm

As always, your comments are welcome.

Cheers!
Ari

[hanscees]

is there a snort rpm also then? I have just been compiling it in:-(

[Ari Novikoff]

There is a snort RPM available from snort's website.
Check my howto and you'll see it.

[hanscees]

thanks,
I had some trouble with you rpm : it does not see portscans in acid.

But I had a non-standard system. So I will re-install the system and see if it works then

hc

[Tom Veitch]

Tryed to install as per the how to

this iis the error i get when i get to the
Step 1
# rpm -Uvh libpcap-0.6.2-10.7.i386.rpm
# rpm -Uvh snort-1.8.4-1snort.i386.rpm snort-mysql-1.8.4-1snort.i386.rpm
this line here
# rpm -Uvh ari-mitel-acid-1.0-11.noarch.rpm

Preparing...                ########################################### [100%]
package libpcap-0.6.2-10.7 is already installed

And if you've decided to install the Guardian Add-On, then run the following:
# rpm -Uvh ari-mitel-guardian-1.0-2.noarch.rpm

what do you do from here

Regards

Tom

[Ari Novikoff]

-11.noarch.rpm
>
> Preparing...              
> ########################################### [100%]
> package libpcap-0.6.2-10.7 is already installed
>

Then skip to the next command in install the snort and snort-mysql rpms

Ari