Snort

[Pumalite]

What do you guys think of Snort and should I install it in my Suse 10.2?

[Thrillhouse]

Snort is probably the best open source IDS but it is a network-based IDS meaning its intended use is for a network of computers. You can use it for a single host but it's more suitable for medium and large networks.

Some popular open source host-based IDS's are Swatch, serverM and FCheck. That might be more of what you're looking for.

I'm not discouraging the use of Snort but if you don't already know how to install, configure and maintain it, there's a very steep learning curve involved. I feel like the other ones I mentioned are a little easier to use.

[Pumalite]

Thanks for the promp reply. I've been reading and I just found out about Guarddog, Firestarter, IPTables and Bastille. What do you think of those? I know Suse comes with a firewall, but can I install Bastille on top of that? It comes in a package, so it should be easy to install for a newbie like me.

[Thrillhouse]

All that's well and good but none of those are intrusion detection systems. Just tools you can use to harden your system. iptables should already be your default firewall on SuSE. You can run

Code:

$man iptables

to find out how to use it. Basically, as long as your Linux box has a firewall it's pretty secure. Have a look at this thread.

[Pumalite]

Thanks for the knowledge and the link. Very interesting!

[debianmaster]

Thanks for the knowledge and the link. Very interesting!

Guys can you tell how snort inline works?
as far as i know it uses iptables while working in inline mode
but how does it interact with iptables
my project is deop packets which satisfies my rule? ( some thing like black listing url)
How snort does this ?? or is there any other way ??
please help im in urgent need.
i need a code which can forward or drop a packet as per my rules.
or any idea..

thans in adv.