Monday, November 12, 2012

First Post

I decided after two posts to the blog and abusing connections at Sourcefire (Thanks Joel!), that making a blog for Autosnort would probably be a good idea, so here I am.

From now on, you can expect posts regarding autosnort here.

So... to start, what exactly is autosnort? To boil it down, autosnort is a shell script that will take a supported operating system and give you a fully updated, fully functional snort installation with minimal effort.

I created the script in response to quite a few people giving snort a bad rap for being hard to install and configure properly. So now, new users and veteran users alike now have an automated method of installing the latest version of snort with minimal effort.

Currently, there are three versions of the script - one for Ubuntu 12.04, CentOS 6.3 and Backtrack 5 r3. If you are interested in using autosnort, contributing code (e.g. scripts for other operating systems, etc) please check out the autosnort github for more information, including a detailed readme.

The readme in the autosnort github has most of the gritty details of what exactly the script will do for each operating system to achieve its goals and what it will not do for you.

Some things I am currently working on regarding autosnort:

1. A release for Debian 6, 32 and 64-bit
2. A release for pentoo linux
3. Support for other snort front-ends (e.g. BASE, snorby, squil, aanval, etc.)
4. A barebones installation that sends events to syslog for SIEM integration (e.g. I don't want a pretty web front-end, just give me the alerts for event correlation)

If there are any questions, my contact information is also in the readme, but for good measure:

twitter: @da_667

Thanks and happy snorting! (well, not THAT kind.)

No comments:

Post a Comment