This is strange!!! When i log in at the console and check if SNORT is running is see it does:
fw:/home/login # ps ax | grep snort
28872 ? S 0:01 /sbin/snort_inline -D -Q -c /etc/snort/snort.conf
It runs and it is using the configuration file /etc/snort/snort.conf Great! So let's see what's in that file, perhaps we can find there the answer to the problem that IPS is not working. So:
fw:/home/login # cat /etc/snort/snort.conf
cat: /etc/snort/snort.conf: No such file or directory
Now that make sense, does'nt it? [:)]
But that /sbin/snort_inline, what is that? For as fas as i know snort is called snortd en and not snort_inline. So:
fw:/sbin # ls -l /sbin/snort_inline
ls: /sbin/snort_inline: No such file or directory
Am i missing something here or is there a IPS webinterface with no IPS (SNORT) behind it?
Regards,
Ezteok
But i thought of that jailed/chrooted environment too after writing the messages.... But i could'nt check it out because i switch back to version 4. This BETA is'nt ready yet IMHO to work with.... not even in a home evironment...