Richard Brooks wrote:
Hello, I am trying to get some up to date information on how to install and
configure Snort on a modern OpenBSD box. At the moment it seems that Snort
has only limited functionality for OpenBSD, and in general seems to prefer
either Linux or Windows. I have tried downloading and installing various
Snort related packages/ports from OpenBSD's ftp sites to my OpenBSD 4.5 box.
But have had to disable various pre-processor's and dynamic rules as the
libraries (shared objects) don't seem to be available for OpenBSD, also
Snort seems to prefer access control lists which currently are not a feature
of OpenBSD, am also having issues running Snort from the command line and
have to keep rebooting to see if a modification to Snort's configuration has
worked.
I feel that I must surely be missing something. The OpenBSD OS was written
with security in mind. It's primary use must surely therefore be in the
field of network security devices? So why am I having such a hard time
finding information on how to use OpenBSD with Snort (the defacto open
source standard for IDS's and IPS's)? Surely OpenBSD must be good for more
security uses than just a firewall?
I tried looking at FreeBSD, but it seemed to have limited support for PF
which I am now very fond of (if I can put it that way). It's beginning to
look like I need to start thinking about using Linux, which I very much see
as a compromise.
Any pointers as to where I should look for up to date information on using
OpenBSD as a Snort box would be much appreciated.
Regards
Richard Brooks
<richard...@sky.com>
tel: +44-(0)1707-377236 (land - answer m/c)
In my experience, Snort works better on OpenBSD than on any other
platform and I have used it on OpenBSD since April 2000.
You may want to make sure that any database back-ends you are using are
configured properly and are accessible using the same credentials you
have put in your snort.conf. I have made that mistake before.
I am using dynamic preprocessors as well as frag3, stream5, http, rpc,
ftp_telnet, smtp, dcerpc, dns, portscans, etc. along with barnyard, and
a MySQL database. I am also wondering if your problems are because of
not specifying the correct dynamic preprocessor directory in snort.conf
because that happened to me once.
I may be able to help a bit more if I knew what packages are installed
and what your snort.conf looks like and that sort of thing.
Hope this helps,
Vijay
--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
