image: dirt

OpenBSD contains a good number of packages, including Snort. Unfortunately, it’s a fairly old version of Snort (2.8.6). I prefer to install the latest version, so I can automatically update to use the current ruleset.

Snort themselves provide documentation on installing their package on OpenBSD 5.1, and this works perfectly well on 5.2. The only problem is that it’s incomplete, and doesn’t mention that you need to add an entry in /etc/rc.local to get it to run as a daemon after boot.

Snort, though, is incomplete without some additions.