Ok,
Sorry for the late reply. I haven't ran the script in awhile and I just wanted to make sure it still works..
Goto my website and grab the two files listed in the directory.
www.linuxtech.cc/snortThe first file (snort.cfg) is a kickstart script for ES 3.0. It will probably work for 2.1 also but I haven't tried. You'll need to change a few things like the NFS server where you do your installs from. Also, the disk partitions are setup for 'sda' (VMware). If this was a HP box with a RAID controller, you would use 'cciss/c0d0' , if using IDE, then use 'hda'. This script isn't too critical, if you install from CD, just make sure NOT to install Apache, MySql or PHP. BTW, the root PW is -> payday
The second file (snort.tar.gz) is a tar of various packages needed for a complete Snort install with ACiD frontend and MySql backend. The install-script goes through all the setup steps which are descriped in this document.
http://www.internetsecurityguru.com/documents/snort_acid_rhws3.pdfOnce the OS is up & running;
1) mkdir /root/snort
2) copy the snort.tar.gz file into /root/snort
3) tar zxvf snort.tar.gz
4) run ./install-script
(this takes about 20mins. depending on CPU power)
5) When the script completes, it will say "Snort up & running!"
6) Next you'll need to extend the Snort DB to support ACID, point yor broswer to the IDS box; http://snortip/acid and click the 'Setup' link. This will extended the DB.
7) Goto URL http://snortip/acid ; you should see the ACID frontend. Snort is offically running..
Let me know how things progress..
