Friday, January 26, 2007

Testing Snort 2.7.0 Beta 1

After reading a news from Snort website, I grab the latest beta version of Snort 2.7.0 beta1.

Then I build the RPM packages from it using the following command :

$ rpmbuild --with mysql -ta snort-2.7.0.beta1.tar.gz

Next, I install it to my system :

# rpm -Fvh rpms/RPMS/i586/snort-2.7.0.beta1-1.i586.rpm \
rpms/RPMS/i586/snort-mysql-2.7.0.beta1-1.i586.rpm

Preparing... ########################################### [100%]
1:snort warning: /etc/snort/sid-msg.map created as /etc/snort/sid-msg.map.rpmnew
warning: /etc/snort/snort.conf created as /etc/snort/snort.conf.rpmnew
########################################### [ 50%]
2:snort-mysql ########################################### [100%]

I rename the existing conf file and the new one :

# cd /etc/snort/
# mv snort.conf snort.conf.old
# mv snort.conf.rpmnew snort.conf

I do self-test for the new snort :

# snort -T -c /etc/snort/snort.conf
Running in Test mode with config file: /etc/snort/snort.conf
Running in IDS mode

--== Initializing Snort ==--
Initializing Output Plugins!
Var 'any_ADDRESS' defined, value len = 15 chars, value = 0.0.0.0/0.0.0.0
Var 'lo_ADDRESS' defined, value len = 19 chars, value = 127.0.0.0/255.0.0.0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

...

--== Initialization Complete ==--

,,_ -*> Snort! <*-
o" )~ Version 2.7.0.beta1 (Build 7) i386
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2006 Sourcefire Inc., et al.

Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.6
Preprocessor Object: SF_SSH Version 1.0
Preprocessor Object: SF_SMTP Version 1.0
Preprocessor Object: SF_DNS Version 1.0
Preprocessor Object: SF_FTPTELNET Version 1.0
Preprocessor Object: SF_DCERPC Version 1.0

Snort sucessfully loaded all rules and checked all rule chains!
Frag3 statistics:
Total Fragments: 0
Frags Reassembled: 0
Discards: 0
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
FragTrackers Added: 0
FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 0
Frag Nodes Deleted: 0
===============================================================================
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0
low_time: 0, high_time: 0, diff: 0h:00:00s
finds: 0 reversed: 0(%0.000000)
find_success: 0 find_fail: 0
percent_success: (%0.000000) new_flows: 0
Snort exiting

I hope I have spare time to test the new processor.

Posted by Tedi Heriyanto at 15:01 Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)