Friday, January 27, 2006

Bro-IDS - Installation Experience

I'm always fascinated by Intrusion Detection System's technologies and there's one IDS that I would like to try for long time and haven't have time to play with it. I recall myself of trying to install Bro-IDS on OpenBSD 3.6 but having problem with that. Now I'm back to retry it again on OpenBSD Current. Surprisingly I have no problem to get it install at all, here's how I get it done which is straight forward. You need gmake and bison to get it compiled.

shell>pkg_add ${PKG_PATH}gmake-3.80p1.tgz bison-2.1p0.tgz

shell>cd /usr/local/src

shell>wget ftp://bro-ids.org/bro-0.9-stable.tar.gz

shell>tar xvzf bro-0.9-stable.tar.gz

shell>./configure --prefix=/usr/local/stow/bro-0.9a11

shell>gmake && gmake install

Then to simplify the management of software updates, again I use stow

shell>cd /usr/local/stow

shell>stow bro-0.9a11

It will automatically place all the symlinks to the proper directories to help you ease you work when you need to update next time.

The installation part is done and the tricky part would be configurations and trying to understand how Bro-IDS works, RTFM time again.

Till next time ..... :]

No comments: