galera, o snort ta funcionando blz, so que o guardian ta com pikeno problema, eu criei um script pra carrega os 2 na inicilização, na hora q ele vai carrega o guardian na inicialização aparece um erro" can not find GUARIAN_BLOCK.sh, please consult README"
o script eh esse
#!/bin/bash
echo " INICIANDO SNORT + GUARDIAN"
/usr/local/bin/snort -u snort -g snort -D -c /etc/snort/snort.conf -l /var/log/snort/
/usr/local/bin/guardian.pl -c /etc/guardian.conf
ai quando entro no sistema e executo o comando q eu coloquei no script "/usr/local/bin/guardian.pl -c /etc/guardian.conf"
aparece isso:
OS shows Linux
My ip address and interface are: 192.x.x.x eth0
Loaded 1 addresses from /etc/guardian.ignore
Becoming a daemon..
o guardian.conf
ta assim:Interface eth0
HostIpAddr 192.168.0.99
# The last octet of the ip address, which gives us the gateway address.
HostGatewayByte 1
# Guardian's log file
LogFile /var/log/guardian.log
# Snort's alert file. This can be the snort.alert file, or a syslog file
# There might be some snort alerts that get logged to syslog which guardian
# might not see..
AlertFile /var/lag/alert
# The list of ip addresses to ignore
IgnoreFile /etc/guardian.ignore
# The time in seconds to keep a host blocked. If undefined, it defaults to
# 99999999, which basicly disables the feature.
TimeLimit 999999999
alguem poderia me ajudar?