1.5.060503: How to activate in Artica ? [INFO]

All about Snort integration in Artica

1.5.060503: How to activate in Artica ? [INFO]

New postby admin » Sun Jun 05, 2011 1:42 am

the 1.5.060503 is the first version that implements Snort.
Not all distro has been tested but it seems that on Debian/Ubuntu/centOS, the compilation works fine.

First you need to install snort
By command line using
Code: Select all
/usr/share/artica-postfix/bin/artica-make APP_SNORT


or using the Setup Control Center
2011-06-05_032748.png
2011-06-05_032748.png (59.72 KiB) Viewed 3967 times


Once installed, go to the Network configuration and open the NIC you want Snort monitor.
Check the "Activate the Intrusion detection system" checkbox
2011-06-05_032922.png
2011-06-05_032922.png (88.14 KiB) Viewed 3967 times


On the same section click on the IDS tab and turn to green the "Activate the Intrusion detection system" option
2011-06-05_033145.png
2011-06-05_033145.png (70.89 KiB) Viewed 3967 times


If some events are detected you will see them in 2 area.
The events tab located on the IDS section in the Network settings
2011-06-05_033853.png
2011-06-05_033853.png (61.66 KiB) Viewed 3967 times


Or the IDS on the left menu in events section
2011-06-05_034049.png
2011-06-05_034049.png (47.94 KiB) Viewed 3967 times
User avatar
admin
Site Admin
 
Posts: 11946
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Return to IDS with Snort

Who is online

Users browsing this forum: No registered users and 1 guest

cron