O'Reilly logo

Managing Security with Snort & IDS Tools by Christopher Gerg, Kerry J. Cox

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Managing Tasks

One well-liked feature of SnortCenter is its ability to handle a wide assortment of tasks normally performed from the command line. A GUI interface via a web browser provides easy functionality for beginning users. However, SnortCenter still offers intermediate and advanced administrators the ability to perform complex tasks. This section covers some of the more complex options, along with command-line features for advanced users.

Updating Rules and Signatures

There are various third-party scripts (Oinkmaster is one of the more well known) that assist in automating the download of the Snort rules database. They can all be obtained from the Snort page and installed and configured on most open source IDS machines. These and other scripts keep SnortCenter current with the latest signatures. In the event a new type of attack appears on the Internet, either download the latest rule set or manually add a new signature to the rulebase. Most administrators do not want to wait for the rules database to be automatically populated with the most recent releases.

You know that adding a new rule is a simple matter when you use the SnortCenter management console. Open the Admin menu and select Import/Update Rules, then choose the option that works best for your needs. If you insist on using the command line, it is just as simple to place a rule within the snort.conf file and push the new configuration out to all sensors. For a local IDS, add the rule and restart the Snort process. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required