Home > Security Channel Tips > Open Source Security Tools > How to run IDS Snort on Red Hat Enterprise Linux 5
Security Channel Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

OPEN SOURCE SECURITY TOOLS

How to run IDS Snort on Red Hat Enterprise Linux 5


James Turnbull
07.31.2007
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


VARs use a combination of intrusion detection systems (IDS) and intrusion prevention systems (IPS) to analyze network traffic to detect and then prevent attacks and viruses, thus providing network security for their customers. The open source IDS Snort continues to be a popular choice for VARs working with SMBs because it is free, works with popular hardware and has an easily configurable rules engine. From hardware and network configuration to setting up rules, this guide discusses the easy steps VARs should take to deploy Snort on a customer network running Red Hat Enterprise Linux 5.

Intrusion detection and intrusion prevention systems (IDS and IPS, respectively) provide the ability to inspect and analyze network traffic and either generate alerts or drop traffic in the event that an attack or a malicious event is detected. They are two of a number of controls, such as firewalls, designed to protect your network from a variety of attacks. Both IDS and IPS are commonly deployed in organization's perimeters to protect externally-facing assets, like Internet-facing Web services. They can also be deployed internally to ward off attacks or virus outbreaks. For example, an IPS sensor that can be configured to stop the spread of a virus or worm may be located in-line on an internal network choke point.

More intrusion detection help for resellers using Snort
Snort IDS installation basics and tips for security resellers

Detect events without Snort IDS rules

Snort IDS upgrade and tips on the Snort.conf file

We're going to demonstrate how to quickly install and run the open source IDS sensor Snort on Red Hat Enterprise Linux 5 (RHEL 5). The instructions below will also generally work for RHEL 4, CentOS 4 and 5, as well as Fedora Core 5 and 6.

For many environments, especially in the small-medium business market but also in many larger corporate and government clients, Snort remains the ubiquitous IDS tool. It is fast and easy to set up and runs on most commercially available hardware, including platforms from IBM, HP, Sun and commodity PC hardware. It is a signature-based, (which Snort calls "rules") IDS engine that is easy to deploy and easy to tune. Rules are open and can be readily edited, and writing and adding your own rules requires only a little learning. Snort is also capable of outputting data in a variety of formats: binary (called "Unified"), syslog, to a file and to a SQL database (one of Oracle, PostgreSQL, MySQL or Microsoft SQL Server). Many users commonly output data to a SQL database.


Intrusion detection with Snort on Red Hat Enterprise Linux 5

  Introduction to network intrusion detection and prevention using Snort
  Snort hardware and network setup requirements
  Snort's installation prerequisites
  Compiling Snort and configuration with MySQL
  Configuring Snort and setting up rules
  Editing the snort.conf file

About the author
James Turnbull works for the National Australia Bank as a Security Architect. He is also the author of Hardening Linux, which focuses on hardening Linux hosts including the base operating system, file systems, firewalling, connections, logging, testing your security and securing a number of common applications including e-mail, FTP and DNS. He is an experienced infrastructure architect with a background in Linux/Unix, AS/400, Windows, and storage systems. He has been involved in security consulting, infrastructure security design, SLA and service definition and has an abiding interest in security metrics and measurement.

Rate this Tip
To rate tips, you must be a member of SearchSecurityChannel.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Snort
The power of Snort 3.0
When Snort is not enough
Justifying Snort
Network session data analysis with Snort and Argus
How to use shared object rules in Snort
Why is the Snort IDS still alive and thriving?
How can the operator test Snort?
How can I learn more about Snort?
Snort limitations
Top five Snort tips

Open Source Security Tools
Using SnortSP and Snort 2.8.2
OSSEC Host-Based Intrusion Detection Guide
How to find new features in Snort 2.8.2
How to use shared object rules in Snort
Snort frequently asked questions
How to test Snort
Working with Snort's unified output
Output options for Snort data
Snort IDS installation basics and tips for security resellers
Snort IDS upgrade and tips on the Snort.conf file

Open Source Security Software
Network session data analysis with Snort and Argus
How to use shared object rules in Snort
Why is the Snort IDS still alive and thriving?
Is Snort right for the IDS needs of all clients?
What is the difference between Snort and Bro?
How can the operator test Snort?
What does the future hold for Snort?
What extra functionality do Snort add-ons provide?
Does Snort support target-based intrusion detection?
Will deploying Snort detect malicious events quickly?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts