An example of snort++ (https://www.snort.org/snort3) network Intrusion Detection and Prevention System (IDS/IPS) deployed on an endpoint apache host.
In this setup the nfqueue (https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/) iptables target is used to enable the intrusion prevention capability of snort, and the prometheus (https://prometheus.io/) time-series database is used for monitoring of snort alerts.
The setup combines vagrant (https://www.vagrantup.com) with jupyter (http://jupyter.org/) in order to
achieve a "reproducible", executable documentation in the spirit of https://en.wikipedia.org/wiki/Literate_programming
Please go to vagrant-snort-nfqueue-tutorial-centos7.ipynb
None
BSD 2-clause