Installing Snort

Now for the moment you have been waiting for: the installation of the Snort application itself. You should have a good understanding of what Snort is, what it can do, and how it functions at this point.


An important fact to point out at this juncture: If you follow the installation guide in this section you will have a completely detuned installation of Snort. This results in a large number of false positives. The installation intentionally maximizes the ratio of false positives to false negatives. It is advisable to start each sensor with this configuration and slowly work to a more finely tuned state.

This default setting is the recommended configuration state for a new sensor. False negatives are much worse than false ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.