howtoforge.com — This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network.
Jul 9, 2006 View in Crawl 4
r00t3d0utJul 10, 2006
There is some excellent documentation available for building your own IDS such as <a class="user" href="http://tinyurl.com/or2fl">http://tinyurl.com/or2fl</a> or check out Linux distributions such as Sentinix (R.I.P.) to experience Snort and BASE yourself.
rekcah2600Jul 10, 2006
Howtoforge is good but for more complete install of Snort on Debian <a class="user" href="http://www.snort.org/docs/setup_guides/deb-snort-howto.pdf.">http://www.snort.org/docs/setup_guides/deb-snort-howto.pdf.</a> Adds in Barnyard for unified logging and Oinkmaster to keep rules up to date.
sbricknerJul 10, 2006
This is terrible. At a minimum, the title of the article is misleading. It tells you *nothing* about intrusion detection. It's just a bunch of install instructions. And if the author had assumed that the person had installed programs on Linux before, it would have been a one page note.Waste of time.
nx01Jul 10, 2006
You could simplify this somewhat by adding the unstable repository, and then issuing the following command (once you've run apt-get update):apt-get install libphp-adodb snort snort-rules libpcre3-dev libpcap You'd still have to get the source for BASE. Maybe acidlab for Debian would work since it's a fork of BASE anyway.
3denJul 11, 2006
Intrusion detection is more about analysis, escalation, and investigation than it is about a tool reporting packet signatures. Any IDS run on the public internet will be rife with alarms of various types... which need to be analyzed, categorized, and mostly dismissed. SNORT is not an all encompassing tool .. it's good for looking at packet signatures.Chances are, if you are broken into, someone is doing it over a legitimate channel, SSH, terminal services, etc... and you need to be analyzing your own logs (another aspect of intrusion detection) to see what is anomalous, what belongs, etc.
dharmJul 11, 2006
no, just a guide for nubs who dont know how to install a simple but great IDS that is cross platform
Closed AccountSep 12, 2006
freebase and snort? im there!