Network based IDS - Snort(基于网络的入侵检测系统-Snort)

Install Snort that is Network based IDS. (安装Snort它的是基于网络的入侵检测系统)
snort 官方网站

[1] Install and configure Snort forst. (安装和配置Snort的forst )

[root@www ~]# wget http://www.snort.org/dl/binaries/linux/snort-2.8.2.1-1.RH5.i386.rpm

 
[root@www ~]# rpm -Uvh snort-2.8.2.1-1.RH5.i386.rpm

Preparing... ############################ [100%]

   1:snort ############################ [100%]

[root@www ~]# vi /etc/snort/snort.conf

 
var HOME_NET 192.168.0.0/24              // line 46: change to LAN

 
var EXTERNAL_NET !$HOME_NET                // line 49: change

 
[root@www ~]# vi /etc/logrotate.d/snort

 
/var/log/snort/alert /var/log/snort/*log {                      // line 4: change

[2] Register from here for free in order to get snort rule files. After registration, download "snortrules-snapshot-CURRENT.tar.gz" and upload it on your server.