ugurkuten/snort2-ids-rules

# Snort2 IDS Rules A small set of custom Snort 2 IDS rules for detecting SSH bruteforce attempts and suspicious HTTP activity. These basic rules were written as part of my bachelor thesis. ## Compatibility Written and tested on Snort 2 (latest 2.9.x release). The rules may also work on Snort 3 with minor adjustments. ## Files - `rules/ssh.rules` - SSH bruteforce detection - `rules/http.rules` - HTTP admin/database access attempts, Wfuzz detection, 403/404 response monitoring ## Usage 1. Copy the `.rules` files into your Snort rules directory (typically `/etc/snort/rules/`). You can also copy the contents directly into your existing local.rules file. 2. Add the following lines to your `snort.conf`: include $RULE_PATH/ssh.rules include $RULE_PATH/http.rules 3. Make sure `$HOME_NET` is set correctly in your `snort.conf`. 4. Restart Snort or reload the configuration. ## License MIT