See the link 2 posts up in this thread.

I have a question for Nick, Bob, and Tim.

Has anyone rolled up the Emerging Threats scripts with a How-To on getting this installed and working?

Since I'm just using ClearOS as a home system, the $ charged for the intrusion detection updates are more than I am willing to pay. I'm hoping that a nice clear How-To will become available so I can set up my system to use freely available rules.

I've successfully installed Snort 2.9.x on several instances of ClearOS 5.2, but have yet to document how I did it...

What I can say is that I uninstalled all of the Snort RPMs that come with ClearOS by default, and setup Snort with MySQL and BASE following a combination of HOWTOs and PDFs I found online.

What I have currently lacks the nice feature/functionality that the ClearOS SnortSAM provides (read no blocking functionality), but what I do like is the BASE interface that in my opinion is much more useful, and granular than what ClearOS 5.2 provides.

Emerging Threats still produce rules for 2.8.4 and I think there are other sources of rules as well. I developed a script from something written by Bob Stangarone to allow you do automatically download the ET rules and merge them with the ClearOS rules so you can keep your rules up to date with 2.8.4.

Thanks Tim, I was aware of the differences between the Snort releases. I have been scouring the Snort web site trying to develop an understanding of how things work.

Does it require a subscription to ClearCare to get Snort updates with the ClearOS software? That was one of the reasons that I started digging deeper into snort (the other was to get an operational understanding of Snort) My system is telling me that it isn't getting IDS updates. If this was a company system I'd get them to pay up for all the updates, but I'm working on my home system, and I'd rather not add anything else to my budget these days.

I also noticed that to get the free Snort rules from snort.org that I need to keep snort more current than the release available on ClearOS 5.2. I have set up Oinkmaster, but there are no rulesets available for 2.8.4.1, so I would have to use 2.8.6 rulesets.

Thanks Nick, I have been using Yum instead of rpm for so long that the rpm command totally slipped my mind.

The compatibility between 2.8.4 and 2.9.1 depends on the format on the config file...ClearOS apps will expect to use a certain format, and if the new version is not backwards compatible you will run into problems

Please note you may also have to manually update your ruleset to one compatible with 2.9.x. Nick has been doing some work on this with the ET rulesets

If you can wait till ClearOS6 then there will be a 2.9 version of Snort

You could try to remove snort without dependencies. I am assuming the snort package is called snort:

rpm -e --nodeps snort

This should leave app-snort and app-snortsam intact.