• An appropriate Linux Distribution
• The snarelinux package available for Enterprise customers from the Snare Secure Area at https://www.intersectalliance.com.

Install Snare for Linux binary RPM package.

1. To install the Snare package perform the following:
2. Download the required RPM or DEB
3. Logon as root user, i.e. at the command prompt enter the command /bin/su and enter the root password when prompted. Issue the command, as root as per your distribution: >rpm -Uvh filename.rpm E.g. >rpm -Uvh snarelinux-supp-4.1.0-SLED-10.i686.rpm
   
   Or >dpkg -i filename.deb E.g. >dpkg -i snarelinux-supp-4.1.0-Debian-7.3.x86_64.deb
4. This will install Snare for Linux and restart the audit daemon (auditd).
   NOTE: Red Hat may have a conflict during install. If this occurs, use –force flag E.g. >rpm -Uvh --force snarelinux-supp-4.1.0-SLED-10.i686.rpm

Remove Snare for Linux binary RPM package (if required).

1. Query the RPM database to ensure Snare for Linux is installed
   
   >rpm -q snarelinux-supp
2. Remove the Snare for Linux package
   
   >rpm -e snarelinux-supp
   Remove Snare for Linux binary DEB package (if required).
3. Remove the Snare for Linux package
   >dpkg -r snarelinux-supp

Remote Audit Monitoring
The Remote Control Interface can be turned off by editing the default /etc/audit/snare.conf file. You can either edit the /etc/audit/snare.conf file directly, commenting the allow=1 line under the [Remote] section, or by setting this value to 0.
Be sure to restart the agent for the change to take effect. The agent can be restarted by: >/etc/init.d/auditd restart