Ok, I downloaded and was able to install Snort, but when I try starting it up, it says I need to specify an interface with -i switch. What do I need to put in here? How to I go about starting the logging process? Thanks guys! :)
Printable View
Ok, I downloaded and was able to install Snort, but when I try starting it up, it says I need to specify an interface with -i switch. What do I need to put in here? How to I go about starting the logging process? Thanks guys! :)
ok here is a link to a Snort help forum. You can search there untill somebody who know more about snort then me replies here.
http://www.whitehats.com/cgi/forum/m...?bbs=forum&f=4
Ok, Ill definetly check that out, thanks for the link!
Ok, found out what I gotta put for -i, but when I start it up, it basically says permission denied, but when I try to su and then do it, it cant find it at all. Any help with that? Do I need to install snort on my root account as well to get it to work?
I think you do, maybe the account u are on is limited and can't run every program. Try with the r00t one.
Alright, Ill do that, but doesnt su give you root privileges, so that you can run all programs? Or does it just switch you over to root account inside the shell?
Hi Talith,Quote:
Originally posted here by Talith
Ok, I downloaded and was able to install Snort, but when I try starting it up, it says I need to specify an interface with -i switch. What do I need to put in here? How to I go about starting the logging process? Thanks guys! :)
Snort can listen on multiple interfaces, as such it gives you the ability to specify which interface you
want snort to sit on at startup (e.g. hme0, qfe1, fxp1, eth0, etc.); this is what the -i argument provides to snort.
Like MemorY said, check out the snort forums and mailing lists, it is an awesome tool and awesome tools
usually require education to use properly.
Best of luck.
-- spurious
Yeah, I got the -i thing workin, found out it was eth0, but then Im just stuck on it not being able to run in my normal account, and then when I try to su and use it, it says it cant find it at all. Ill try installing it on my root account and then see if I can run it from my normal account with SU privileges. Thanks for the advice though inode, helps a lot! :)
when you are doing an su do an su - instead.
Hey, that worked! Awesome, thank you so much for that command help qod.
So the - actually logged me in as root, while just regular su changes my permissions to root, or what goes on when I enter - as opposed to regular su? And then why did it say snort not found when I did a regular snort? Too many questions! AHHH... :D
su by itself just logs you into the su account, adding the - (su -) does a full login to the specified user (root
if no username is provided).
-- spurious
Oh ok, I thought the su account was root, thanks for the clarification! :D
The old misconception about su is that it stands for 'Super User'. This is false, it in fact
stands for 'Substitue User'.
Interesting little tidbit, and so if it's left blank then it assumes root? Is that how it works?
Well, I should probably clarify a bit since this is an important and often misunderstood command...
The default user for the su command is root, on many systems su simply changes your effective
user ID and effective group ID (euid, egid) to that of the user root, or whatever user was specified
on the command line. Without the - argument, your privileges are modified to the new user, but all
your environemnt variables (.login, .cshrc, .kshrc, $PATH, $HOME, $MANPATH, etc.) remain the
same as they were under your previous login.
Providing the - argument actually makes a call to /bin/login and behaves as if you had done a full
login to the system as that user. My guess is that you are using RedHat (Fedora) by the fact that /sbin
and /usr/sbin were not in your $PATH when you just did an 'su', and not 'su -' (regular users do not
have either /sbin or /usr/sbin in their $PATH on newer RH versions). Hopefully the above explanation
clears this up a little for you.
Actually, I'm on SuSE 9.0 PRO, but yes, that did clarify a lot up for me, much thanks for your patience in answering my questions spurious_inode!
Happy to have helped, and SuSE 9.0 is a wonderful Linux Distro.
That's for sure, SuSE 8.2 was my first Linux distro that I got, and I just love SuSE so much, so easy to move around, configure, install, etc... Last post in this thread, I promise! :D
it basically loads the root profile, if you have not done that then you might run into things like command like found, etc...