OpenBSD Journal

Pre-Rolled OpenBSD+Snort

Contributed by jose on from the ready-to-roll-IDS dept.

As seen on http://www.hackinthebox.com/article.php?sid=11929 the guys at http://www.my-snort.org/ have a pre-rolled OpenBSD/Snort setup ready to go: 
Thanks to the hard work of one our member, Kamal, we are 
pleased to announce the release of customized OpenBSD ISO 
with Snort IDS.

Here's what Kamal has to say about the ISO:

installation goes as with openbsd. then only when it comes 
to packages selection - u need to select all.

it comes with

1. openbsd 3.4 with customised kernel
2. snort 2.0.4 /usr/local/bin/snort
3. rules /usr/local/snort/rules/
4. tcsh /usr/local/bin/tcsh
that's all

In addition, root ssh is disallowed.
Have a look at this if you're in need of a read-to-roll Snort system.

(Comments are closed)

Comments

  1. By Anonymous Coward () on

    Sweet!!! I'll be trying this in VPC in the next hour or so.

    Comments

    1. By Anonymous Coward () on

      nice spam link....

      Comments

      1. By Anonymous Coward () on

        Yeah, I noticed that too. Damn popups.

        Comments

        1. By Anonymous Coward () on

          why aren't you all using firebird? I haven't seen a popup ad in ages

        2. By Anonymous Coward () on

          I didn't see any pop-ups.

    2. By Anonymous Coward () on

      proper link

      http://www.hackinthebox.org/article.php?sid=11929
      http://www.my-snort.org/modules.php?name=News&file=article&sid=191


  2. By Anonymous Coward () on

    hmmm, I'm thinking now.. What's the advantage of this over say, installing OpenBSD normally and then just installing Snort?

    Comments

    1. By Anonymous Coward () on

      pretty much back in basic - no compiler , no need stufzzzz and u have snort ready to roll after install

    2. By Non-Anonymous Cow () on

      You get the ISO from the net!!!!11!!
      =)

    3. By Anonymous Coward () on

      This ISO is a very minimal OpenBSD install, containing just what you need for a snort box, and nothing more.

      You could do it all manually, but you'd spend hours removing stuff.

      It's a bit like those mini pf-only OpenBSD installs for CF-based firewalls. You can also make those yourself, but you'd spend a lot of time on it ;)

      Comments

      1. By Disgruntled sysadmin () on

        This rocks. This is exactly what I've been trying to do for ages, and never get it quite right. Someone said it'll take hours to get to here from a standard OpenBSD install, but from my experience, it takes several days.

        And this is perfect, because I just got a Soekris unit that I am evaluating for just such an application :)

    4. By DIGITALMAN () on

      I guess the advantage is that instead of installing OpenBSD normally and then just installing Snort you can now install both simultaneously.

  3. By del83r () del83r@yahoo.com on mailto:del83r@yahoo.com

    http://www.hackinthebox.org/article.php?sid=11929

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]