Tag Archive - ubuntu

Snort and “–enable-reload”

February 22, 2010 in Projects, Snort with 0 Comments

One of my biggest peeves about Snort and running it inline is having to restart the Snort process to load new rules.  This had me worried with putting snort into production as it would make it awfully hard to tweak it while live.

Today I was browsing the Snort manual and found two short paragraph’s relating to the “–enable-reload” option.  Wha?  Why didn’t I find this earlier?  After a quick recompile with the “–enable-reload” command.  What a life saver this will be when we go live!

After using that option, you can simply issue a “kill -SIGHUP pid” to have it reload without restarting!

Check out the pg 107 of the Snort manual though, as some changes require a restart, so your not going to get off completely scott free.

Snort 2.8.5.2 Inline + BASE on Ubuntu

February 12, 2010 in Projects, Snort with 8 Comments

Boy, when I started down the process of trying to get an IPS system setup, I had no idea what I was getting myself into.  I’m not much of a security guy or a linux guy, but I thought I’d give it a go.  I followed many different guides that all worked great for me, and thank you to those who put the following guides together: http://ubuntuforums.org/showthread.php?t=919472,  http://www.openmaniak.com/inline.php,  http://forum.learnit.vn/showthread.php?p=7007

Continue Reading…

Nagios Notifications via SMS

September 23, 2009 in Projects with 0 Comments

Due to the possibility of either our exchange server becoming unavailable, or worse yet, something go wrong in the “core” of our network; it was decided that an alternate method of notifications needed to be setup.  SMS was the best option as it would be independent of the network and email.

I chose a tool called Gnokii and paired it with an older T-Mobile Motorola Razr connected to the Ubuntu server with a USB cable.  The first step was installing Gnokii:

sudo apt-get install gnokii

Continue Reading…