After installing snort and snort-plain+flexresp I tried to start it without much luck. I encountered the following errors before I gave up: FATAL ERROR: /etc/snort/snort.conf(182) => Unknown rule type: dynamicpreprocessor FATAL ERROR: /etc/snort/snort.conf(192) => Unknown rule type: dynamicengine FATAL ERROR: /etc/snort/snort.conf(423) => Unable to open the IIS Unicode Map file '/etc/snort/unicode.map'. FATAL ERROR: /etc/snort/snort.conf(520) unknown preprocessor "ftp_telnet" FATAL ERROR: /etc/snort/snort.conf(524) unknown preprocessor "ftp_telnet_protocol" FATAL ERROR: /etc/snort/snort.conf(572) unknown preprocessor "smtp" Snort should come with a reasonable default configuration that makes it possible to run it.
I do need to do some work on the default configuration however We can not ship snort in a fashion that will make it just work. This is due to the licenseing of the snort rules we can not ship them. So we have no way to have it work. There is a README.fedora file in the snort package that explains why it does not function of the box.
The problems I mentioned above don't seem to be related to the rules though. Also according to http://www.snort.org/rules/: Community Rules In addition, the VRT is pleased to announce that will be maintaining a community ruleset that contains rules submitted by members of the open source community. While these rules are available as is, the VRT performs basic tests to ensure that new rules will not break Snort. These rules are distributed under the GPL and are freely available to all open source Snort users.
there is only a handful of rules in the community rules package. you can not do anything useful with just those rules. The dynamic engine is not actually supplied I am working on adding it. the rest are rules related. they are files provided in the VRT rules that you can only get by downloading directly from snort.org