You want to protect your ACID web page from unauthorized users.
Use the htpasswd command to create a password for the user acid. Make sure you use a strong password:
[root@localhost root]# mkdir /www/passwords [root@localhost root]# /www/bin/htpasswd -c /www/passwords/passwords acid New password: Re-Type new password: Adding password for user acid
Edit the /www/conf/httpd.conf file to include the following:
AuthType Basic AuthName "SnortIDS" AuthUserFile /www/passwords/passwords Require user acid
Now restart the web server with the following command:
[root@localhost root]# /etc/init.d/httpd restart
The next time you access your ACID page, you will be prompted for the username and password.
Securing your ACID database from unauthorized access is a great idea. Besides intruders having the ability to access the system and potentially cover their tracks, it keeps other inquisitive users from tampering with the database. The usernames and passwords are stored in the /www/passwords/passwords file. Although the passwords are encrypted, it is always a good idea to harden your system and protect it behind a perimeter firewall. If you are not the only person administering this system, it is a good practice to create separate usernames and passwords for each administrator to maintain accountability. Another consideration for securing ACID is to use SSL for encrypting the communications, especially the password authentication.
Installing and Configuring Swatch
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance