Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.0.2 install location

From: Erek Adams <erek () snort org>
Date: Tue, 7 Oct 2003 10:34:09 -0400 (EDT)
On Tue, 7 Oct 2003, Derek Fairley wrote:


I am working through the "Snort 2.0: Intrusion Detection" book and have a
question regarding installing Snort. I downloaded the newest version
(snort-2.0.2.tar.gz), copied this file to /tmp, typed tar -zxvf
snort-2.0.2.tar.gz, and then in the new snort-2.0.2 directory I issued the
./configure, make, make install commands.

Everything seems to have gone according to plan and I tested it by running
"snort -v" (just to check some kind of normal output). The book suggests now
looking at the "snort.conf" file, located at /etc/snort. I do not see a
directory called snort within /etc. I searched my system (RH8) for the
snort.conf file and the results show it located at /tmp/snort-2.0.2/etc. Is
this normal? I am used to Windows where most applications install to a
common directory. To me, a temporary directory is meant to be volatile. I'm
trying to get my head wrapped around where things are likely to get
installed to.


The install script only installs the binary (/usr/local/bin/snort) and the
manual page.  It doesn't create anything else.  This allows for more user
flexibility.

A good layout that works well for me is something like this:

        mkdir -p /etc/snort/rules
        cp rules/* /etc/snort/rules
        cp etc/* /etc/snort/
        ln -s /etc/snort/snort.conf /etc/snort.conf

The reason for the symlink is that when Snort starts, it looks for
/etc/snort.conf (and others) by default.  That saves me having to place
the config file on the command line, unless I want to for some specific
reason.

Then edit snort.conf and change the RULES_PATH to a fully qualified
pathname (/etc/snort/rules), and whatever config changes you need to make
(HOME_NET, EXTERNAL_NET, etc...).

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: