Task 5
Setting up NIDS sensor (SNORT) and Console
for Intrusion Databases (ACID)
Task 5.1 Setting up NIDS sensor (SNORT) and Console for Intrusion Databases
(ACID) (Difficulty = 2)
- Enable the mysql database and create a snort database at your server
or client host.
- Install SNORT to monitor all network interface traffic for each host.
Make sure you configure and compile the snort with mysql option.
- Configure the snort.conf file and feed the IDS alert log to your snort
database
- Use nmap to scan your hosts and test if your IDS sensors are working.
- Install the Analysis Console for Intrusion Databases (ACID) at your
firewall to query alert log from your snort database. Check your current
host status before you build ACID dependencies.
- Put the ACID web page link on your firewall front page with password
protection.
- Fine tune your snort rules so as to eliminate false alerts.
Checklist
Related References :
Last updated : 2003/4/25