This document will help a user install FreeBSD 4.7 Release, Snort 1.9.0, MySQL 3.23.53, and ACID-0.9.6b21. It will also guide the user through the process of securing the machine and getting the snort sensor(s) to log to a central database over stunnel. The intention is to give users that are new to any of the software the opportunity to build an enterprise-class system based completely on free, open-source tools. Following the instructions in this document will get you the following:

• Multiple FreeBSD boxes, one running the Windowmaker desktop. I chose Windowmaker because the intention of this tutorial is to create dedicated Snort machines. In other words Gnome and KDE are overkill for what we are doing here (and it looks nice).
• Locked-down machines (C2 in 2002!). I tried to be responsible with the securing of these boxes, but this is not a definitive guide to securing FreeBSD; there are several links to those at the end. If I have missed something obvious, feel free to point it out (nicely please) with your suggestion on exactly how to fix it.
• Multiple Snort sensors logging to a central MySql server/viewing station.
• An easy method of updating your software via the ports collection.
• The fastest NIDS for your money.

Download pdf How to setup and secure Snort, MySQL and Acid on FreeBSD 4.7 Release