Pretty soon I'll be setting up a SNORT box as (the main) part of an IDS system, I've read that FreeBSD is one of the best *nix flavours to do this with, but I am open to input.
What you want with snort, is basicaly a machine that will handle a vast amount of network trafic without seeming to slow the network activity down..
*BSD's network-stack was previusly a great deal faster than the linux stack, but since kernel 2.6.x theres virtualy not much difference between the two.
But since once uppon a time in the west.. the prefered system used to be *BSD, the implementation is widely performed on *BSD boxes.
(I hope KK want's to dip in on this)
__________________ Don't worry Ma'am, We're university students, We know what We're doing.
-----
If you pull the pin, Mr.Grenade would no longer be your friend.
----- 01000111 01101111 00100000 01000011 00100000 00100001
A Snort/Barnyard/MySQL/Sguil setup is a good one to do if you want to have a major IDS. Have the exact setup in FreeBSD. Considering the dependant packages having the FreeBSD ports, OpenBSD ports, or Gentoo ports can make for a good quick install. If you don't use Sguil, or use ACID, the dependant packages are less.
You could do the exact same setup on FC3 as well. One good thing about RH is that it has those deps in the CDs and not by crazy proprietary names like other distros.
If you have any questions/troubles you can always hit the Screaming Electron link my signature. There are quite a few of us that have set this particular setup in FreeBSD, and we hold a How-To as well. (sde, not trying to spam or anything. You go there too. )
After having way too much trouble getting a simple usb thumbdrive mounted in FreeBSD, I decided to scrap that and just dump Slack 10.0 on there... I know my way around it pretty well, so I don't forsee any problems there.
)
Linear Mode
