Snort.Conf Samples

The goal of this page is to make a set of sample snort.conf files, and some samples for using other common tools with data from Emerging Threats. These will represent different size and goal installs of snort. We do not intend to provide snort.conf files that you can use without modification or understanding, but guides to help you benefit from the experience of the community as a whole.

We welcome submissions and tips to improve these files, as well as ideas for new types of configs to add.

This page is maintained by JamesMcQuaid

Diagram portraying home network defended by multiple layers of Snort Inline:
EmergingNetworkTopology.gif

What Every Snort User Should Do

What Every Snort User Should Do: What to add to your local ruleset that's not in the main rulesets: http://doc.emergingthreats.net/bin/view/Main/WhatEveryIDSUserShouldDo

Want some guidance on using the Emerging Threats Rulesets for the first time? http://doc.emergingthreats.net/bin/view/Main/NewUserGuide

Need tips on writing rules? http://doc.emergingthreats.net/bin/view/Main/SuricataSnortSigs101

Suricata

Suricata is the next generation IDS/IPS engine, and we will be featuring configuration samples in the near future.

1-hour set up instructions:

Snort 2.9.3 on Debian 6.0 IDS

By Jason Weir

System includes everything you need to capture and log snort events to MySQL?, it uses Base as the web front end and Pulled Pork to keep the rules up to date.

Latest versions of the following are included:

  • Debian 6.0.5 Squeeze
  • Snort 2.9.3.1
  • Barnyard2-1.10
  • Base 1.4.5
  • libpcap-1.3.0
  • daq-1.1.1
  • pulledpork-0.6.1

1-hour set up instructions:

HoneywallSamples - includes Honeywall and Smoothwall Snort config files, installation and usage tutorials, and DNS Black hole files for Smoothwall (ideal for home users new to a firewall server)

EmergingFirewallRules

RussianBusinessNetwork (includes resources for blocking the RBN ISP's former customers, and other organized crime networks).

WebBasedResearchTools

FirekeeperforFirefox

Topic attachments
I Attachment Action Size Date Who Comment
PDFpdf deb_snort_howto.pdf manage 125.2 K 2012-08-31 - 17:40 JasonWeir Debian Snort Install How To
Topic revision: r127 - 2013-04-19 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats