I noticed that Snort was part of a RP4 community build and was wondering if I should install this package.
Intrusion prevention and detection certainly seems like something I should be running, but I'm a bit put off by the first line in the configuration guide:
Setting up SNORT is complex. With snort for openwrt you will need to test and probe your way through some of the config running
I've installed SNORT and downloaded the community file to
/etc/snort/rules/community.rules
I edited the snort.conf file according to the guide, but I'm receiving an error relating to section 7 of the config file - i.e. site specific rules
I initially received an error because the local.rules folder wasn't found. I manually created the folder.
I'm now receiving an error for etc/snort/rules/app-detect.rules:
ERROR: .//etc/snort/rules/app-detect.rules(0) Unable to open rules file ".//etc/snort/rules/app-detect.rules": No such file or directory.
Fatal Error, Quitting..
Should these folders have been created automatically as part of the install process? Has something gone wrong? Do I need to manually create them or comment them all out in the snort.conf file?