While there are application groups for just about every category of software from graphics, software development, office productivity, multimedia, and others, there’s no specific group for security or auditing related packages. Here’s a list of the security and auditing related packages that are now available in the standard Fedora 12 repositories. From intrusion detection to data recovery, Fedora has come a long way in the last couple of years.

Start by installing all of the required dependencies. Here’s the list, but your specific versions may vary. I’m just letting yum install all the latest packages. And I finish by running a “yum update -y” to get the whole system up to date. There are newer versions of the libnet package available, but you specifically need libnet-1.0.2a.tar.gz. You can search and find a bunch of mirrors or try the one I used below: Now download the snort source.

Install Bro - Network-based Intrusion Detection, on Fedora or Ubuntu. Bro will get installed in /usr/local/bro/ by default, unless you specified a prefix in configure as I did. I also created a bro user and group to own everything and did the make as that bro user.

Bro is intended for use by sites requiring flexible, highly customizable intrusion detection. It is important to understand that Bro has been developed primarily as a research platform for intrusion detection and traffic analysis. It is not intended for someone seeking an “out of the box” solution. Bro is designed for use by Unix experts who place a premium on the ability to extend an intrusion detection system with new functionality as needed, which can greatly aid with tracking evolving attacker techniques as well as inevitable changes to a site’s environment and security policy requirements.