Random thoughts, tips & tricks about Slackware-Linux, Lego and Star Wars

Snort on Slackware

September 19th, 2010 by Niels Horn in , ,

is an "Intrusion Detection and Prevention System", or - in other words - a program that can detect attempts to attack your network and prevent them. It does this through a series of "rules" that try to detect if the traffic arriving / passing through is legitimate or suspicious.
These rules are regularly updated (as there are always new forms of attack being invented).

I have used snort before on Slackware, using the build scripts from , but this week I discovered that there was no script yet for Slackware 13.1
I adapted the one from 13.0, adding some small improvements and have it up-and-running on Slackware 13.1.

Snort itself is running fine now, but I'm still in the process of configuring some front-ends so that I can check it remotely.
is already running, processing the binary logs from Snort. A SlackBuild script is ready, but I'll probably only submit it after I'm really sure I got all the configuration bits figured out :)

I'll write about the rest of this adventure in future posts…

If you already want to start installing Snort, you can download the packages for Slackware, Slackware64 and ARMedslack from my .