Might help (haven't tried personally) - one of my goals to test once I get the new CD Set - maybe today....:) http://parvinderbhasin.blogspot.com/2007/12/openbsd-42-ids-solution-snor t-and-base.html
Read through the posts at the end. There are a few others, but they are older. Thanks, Brian -----Original Message----- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Richard Brooks Sent: Thursday, October 08, 2009 7:28 AM To: misc@openbsd.org Subject: Snort on OpenBSD Hello, I am trying to get some up to date information on how to install and configure Snort on a modern OpenBSD box. At the moment it seems that Snort has only limited functionality for OpenBSD, and in general seems to prefer either Linux or Windows. I have tried downloading and installing various Snort related packages/ports from OpenBSD's ftp sites to my OpenBSD 4.5 box. But have had to disable various pre-processor's and dynamic rules as the libraries (shared objects) don't seem to be available for OpenBSD, also Snort seems to prefer access control lists which currently are not a feature of OpenBSD, am also having issues running Snort from the command line and have to keep rebooting to see if a modification to Snort's configuration has worked. I feel that I must surely be missing something. The OpenBSD OS was written with security in mind. It's primary use must surely therefore be in the field of network security devices? So why am I having such a hard time finding information on how to use OpenBSD with Snort (the defacto open source standard for IDS's and IPS's)? Surely OpenBSD must be good for more security uses than just a firewall? I tried looking at FreeBSD, but it seemed to have limited support for PF which I am now very fond of (if I can put it that way). It's beginning to look like I need to start thinking about using Linux, which I very much see as a compromise. Any pointers as to where I should look for up to date information on using OpenBSD as a Snort box would be much appreciated. Regards Richard Brooks <richard...@sky.com> tel: +44-(0)1707-377236 (land - answer m/c)
