From owner-freebsd-questions@FreeBSD.ORG Sat Feb 4 18:54:58 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27E2816A420 for ; Sat, 4 Feb 2006 18:54:58 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from mail.stovebolt.com (mail.stovebolt.com [66.221.101.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id D077643D45 for ; Sat, 4 Feb 2006 18:54:57 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from [192.168.2.101] (adsl-65-69-142-163.dsl.rcsntx.swbell.net [65.69.142.163]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.stovebolt.com (Postfix) with ESMTP id AC687114307; Sat, 4 Feb 2006 12:58:05 -0600 (CST) Date: Sat, 04 Feb 2006 12:53:59 -0600 From: Paul Schmehl To: Drew Tomlinson , FreeBSD Questions Message-ID: <51AF56669FDF276E587406DA@Paul-Schmehls-Computer.local> In-Reply-To: <43E4F01D.6030706@mykitchentable.net> References: <43E4F01D.6030706@mykitchentable.net> X-Mailer: Mulberry/4.0.0 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Re: SnortCenter2 on FBSD? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2006 18:54:58 -0000 --On February 4, 2006 10:19:09 AM -0800 Drew Tomlinson wrote: > Is anyone using SnortCenter2 > (http://sourceforge.net/projects/snortcenter2/) on FreeBSD? I see > there's a Linux agent but not a FBSD. Maybe it works with FBSD Linux > emulation? Not finding any docs on this via Google. Just looking for a > little encouragement and direction before heading down this path. Any > suggestions appreciated. > I just downloaded, unpacked and ran the installs on both parts (sensor and console). They installed just fine. The sensor is written in perl and "knows about" FreeBSD (but only up to version 5.0, which is a little behind). During setup you'll be prompted for the OS you're using and its version. It runs fine on my 5.4 box. The console is written in php and requires nothing more than creating a directory, editing your httpd.conf file and running the setup program through your web browser (if you don't already have your db setup.) It doesn't look like there's much to it, but I've never used it, so I can't really say how well it works or whether it's worthwhile. It *does* use its own copy of webmin, and runs its own webserver on an unprivileged port. I personally don't care for *any* tool that allows admins to access a box through a web interface to do administrative work, but that's personal preference. Your situation may be completely different from mine, and your risk factors may be completely different from mine. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/