From owner-freebsd-questions@FreeBSD.ORG Sun Feb 5 16:50:28 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E6A516A420 for ; Sun, 5 Feb 2006 16:50:28 +0000 (GMT) (envelope-from drew@mykitchentable.net) Received: from relay02.roc.ny.frontiernet.net (relay02.roc.ny.frontiernet.net [66.133.182.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id C137043D46 for ; Sun, 5 Feb 2006 16:50:27 +0000 (GMT) (envelope-from drew@mykitchentable.net) Received: from blacklamb.mykitchentable.net (70-97-220-126.dsl2.elk.ca.frontiernet.net [70.97.220.126]) by relay02.roc.ny.frontiernet.net (Postfix) with ESMTP id 259CB3704B3; Sun, 5 Feb 2006 16:50:25 +0000 (UTC) Received: from [165.107.42.123] (unknown [198.135.224.110]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 1AD29AE6F4; Sun, 5 Feb 2006 08:50:24 -0800 (PST) Message-ID: <43E62CD0.2080505@mykitchentable.net> Date: Sun, 05 Feb 2006 08:50:24 -0800 From: Drew Tomlinson User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Paul Schmehl References: <43E4F01D.6030706@mykitchentable.net> <51AF56669FDF276E587406DA@Paul-Schmehls-Computer.local> In-Reply-To: <51AF56669FDF276E587406DA@Paul-Schmehls-Computer.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-2.3.2 (20050629) at filter05.roc.ny.frontiernet.net Cc: FreeBSD Questions Subject: Re: SnortCenter2 on FBSD? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2006 16:50:28 -0000 On 2/4/2006 10:53 AM Paul Schmehl wrote: > --On February 4, 2006 10:19:09 AM -0800 Drew Tomlinson > wrote: > >> Is anyone using SnortCenter2 >> (http://sourceforge.net/projects/snortcenter2/) on FreeBSD? I see >> there's a Linux agent but not a FBSD. Maybe it works with FBSD Linux >> emulation? Not finding any docs on this via Google. Just looking for a >> little encouragement and direction before heading down this path. Any >> suggestions appreciated. >> > I just downloaded, unpacked and ran the installs on both parts (sensor > and console). > > They installed just fine. The sensor is written in perl and "knows > about" FreeBSD (but only up to version 5.0, which is a little > behind). During setup you'll be prompted for the OS you're using and > its version. It runs fine on my 5.4 box. > > The console is written in php and requires nothing more than creating > a directory, editing your httpd.conf file and running the setup > program through your web browser (if you don't already have your db > setup.) > > It doesn't look like there's much to it, but I've never used it, so I > can't really say how well it works or whether it's worthwhile. It > *does* use its own copy of webmin, and runs its own webserver on an > unprivileged port. I personally don't care for *any* tool that allows > admins to access a box through a web interface to do administrative > work, but that's personal preference. Your situation may be > completely different from mine, and your risk factors may be > completely different from mine. Thank you for your response. I'm running 6.0 but perl is perl so it shouldn't matter. I'll give it a try and post my results for the archives. Are you going to pursue using it any further even though it allows the admin access through a web interface? If you do, I'd be interested in your results. Thanks, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, & More! http://www.alchemistswarehouse.com