Installing Snort

Now for the moment you have been waiting for: the installation of the Snort application itself. You should have a good understanding of what Snort is, what it can do, and how it functions at this point.


An important fact to point out at this juncture: If you follow the installation guide in this section you will have a completely detuned installation of Snort. This results in a large number of false positives. The installation intentionally maximizes the ratio of false positives to false negatives. It is advisable to start each sensor with this configuration and slowly work to a more finely tuned state.

This default setting is the recommended configuration state for a new sensor. False negatives are much worse than false ...

Get Intrusion Detection with Snort now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.