Snare

From ITS Wiki - Information Technology Services - University of Rhode Island

Jump to: navigation, search

Contents

Windows Instructions

Installation

  • Contact ITS Security with the following information:
    • Name of server administrator
    • Department
    • Physical location of server
    • Server IP address
    • Operating system version
    • Contact phone number and email address for server administrator.
  • Install the Snare onto the target server.
    Note: You must have administrative privileges.
    1. Download the SnareSetup.exe to your desktop.
    2. Double click SnareSetup.exe.
    3. Click Next.
    4. Select the target install folder and click Next.
    5. Select Normal Installation from the components list and click Next.
    6. Select the target start menu location and click Next.
    7. Verify the selection options and click Install.
    8. After the program installs itself, it will attempt to start itself.
    9. When a dialog box appears, prompting you to specify whether to allow Snare to control the EventLog configuration, select Yes.
  • Configure SNARE
    1. Enter the local host name; the IP address or DNS name of the local host
      If your server only has 1 interface, this can be left blank
    2. Enter the Snare server IP Address or DNS name
      Note: Alan White will provide this information
    3. Make sure the following options are selected:
      • Enable syslog header
      • Automatically set audit configuration
      • Automatically set file system audit configuration.
    4. Click OK to close the dialog box and save configurations.
    5. Click File > Exit
      This will stop and restart the Snare service to pick up configuration changes.

Removal

  1. Goto Start > Control Panel > Add/Remove Programs
  2. Select Snare
  3. Click Change/Remove
  4. Confirm the removal, click Yes.
  5. When the uninstaller has finsihed, click OK.

Linux/Unix Instructions

  1. Make sure sysklogd is installed
  2. Edit the /etc/syslog.conf file, add a line, *.debug @xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is the Snare server IP Address)
    Note: Alan White will provide this information
  3. Restart your sysklog service

Downloads


Retrieved from "http://podcast.uri.edu/help/index.php/Snare"