rename images and some typographic changes

en-US/Book_Info.xml

@@ -13,8 +13,8 @@
   </copyright>
 
   <title>Quick installation guide</title>
-  <productname>Snort on CentOs</productname>
-  <productnumber>1</productnumber>
+  <productname>Snort on CentOS</productname>
+  <productnumber>6</productnumber>
   <edition>1</edition>
   <pubsnumber>0</pubsnumber>
   <abstract>

en-US/Chapter1.xml

@@ -9,15 +9,15 @@
 <chapter>
 	<title>Introduction</title>	
 	<para>Security is a vital element in many environments, regardless of their size.</para>
-	<para><emphasis role="bold">Snort</emphasis> is a free software project that is a leader in the field and widely used to reinforce network security. 
+	<para><emphasis role="bold">Snort is a free software project</emphasis> that is a leader in the field and widely used to reinforce network security. 
 	It is a NIDPS (Network Intrusion Detection and Prevention System) that is very present in many professional, academic, and laboratory installations.</para>
 
-	<para>This guide aims to facilitate the integration of these types of installations in the new redborder Cloud environment: redborder Live.  
-	This way, the user can easily and effectively configure multiple rule policies, as well as store and analyze the alterts generated by Snort quickly and productively.
+	<para>This guide aims to facilitate the integration of these types of installations in the new redborder Cloud environment: redborder Live.</para>  
+	<para>This way, <emphasis role="bold">the user can easily and effectively configure multiple rule policies, as well as store and analyze the alterts</emphasis> generated by Snort quickly and productively.
 	Following these simple steps, the system can be registered in Live as if it were a redborder sensor.</para>
 	<section>
 		<title>Prerequisites</title>
-		<para>rThe procedure described here takes as a reference a completely updated installation of a <emphasis role="bold">CentOS 6 system.</emphasis> 
+		<para>The procedure described here takes as a reference a completely updated installation of a <emphasis role="bold">CentOS 6 system.</emphasis> 
 		To begin with the integration, the following requirements must be met:</para> 
 
 		<note>
@@ -39,8 +39,7 @@
 
 		<para>To install the repositories, simply execute the following command:</para>
 
-		<para><screen>
-			[root@snortstd-centos6 ~]# rpm -ivh \
+		<para><screen>[root@snortstd-centos6 ~]# rpm -ivh \
 https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm \
 https://forensics.cert.org/cert-forensics-tools-release-el6.rpm \
 http://publicrepo.redborder.com/redBorder-release-6-5.noarch.rpm
@@ -63,17 +62,16 @@ Preparing...                ########################################### [100%]
 			<para>You can skip this chapter if you already have Snort properly installed and running.</para>
 		</note>
 
-		<para>The cert-forensics-tools repository contains various versions of Snort compiled for CentOS 6:</para>
+		<para>The <literal>cert-forensics-tools</literal> repository contains various versions of Snort compiled for CentOS 6:</para>
 
-		<para><screen>
-			root@snortstd-centos6 ~]# yum search snort --showduplicates
+		<para><screen>root@snortstd-centos6 ~]# yum search snort --showduplicates
 Loaded plugins: fastestmirror, refresh-packagekit, security
 Loading mirror speeds from cached hostfile
  * base: mirror.trueinter.net
  * epel: epel.check-update.co.uk
  * extras: mirror.trueinter.net
  * updates: mirror.trueinter.net
-============================================================================================================= N/S Matched: snort =============================================================================================================
+================================================ N/S Matched: snort =======================================
 fwsnort-1.6.4-1.el6.noarch : Translates Snort rules into equivalent iptables rules
 1:snort-mysql-2.9.1.1-1.el6.x86_64 : Snort with MySQL support
 1:snort-postgresql-2.9.1.1-1.el6.x86_64 : Snort with PostgreSQL support
@@ -128,8 +126,7 @@ snort-sample-rules-2.9.8.0-1.el6.noarch : Sample rules for snort
 			<listitem>
 				<para>Set INTERFACE=eth1</para>
 
-				<para><screen>
-			# /etc/sysconfig/snort
+				<para><screen># /etc/sysconfig/snort
 # $Id: snort.sysconfig,v 1.3 2005/05/05 18:23:45 jhewlett Exp $
 
 # All of these options with the exception of -c, which tells Snort where
@@ -242,11 +239,14 @@ SECS=5
 
 			</listitem>
 			<listitem>
-				<para>Configure HOME_NET and EXTERNAL_NET variables in /etc/snort/snort.conf. In order to avoid conflicts with some rules, please, avoid set this variables to "any". </para>
+				<para>Configure HOME_NET and EXTERNAL_NET variables in <command>/etc/snort/snort.conf.</command> </para>
+				<note>
+					<title>Note</title>
+					<para>In order to avoid conflicts with some rules, please, avoid set this variables to "any".</para>
+				</note> 
 				<para>If you aren't sure which values use, you can set HOME_NET with private networks (192.168.0.0/16,10.0.0.0/8,172.16.0.0/12) and EXTERNAL_NET with !HOME_NET.</para>
 
-				<para><screen>
-					...
+				<para><screen>...
 ###################################################
 # Step #1: Set the network variables. For more information, see README.variables
 ###################################################
@@ -269,8 +269,7 @@ ipvar EXTERNAL_NET !$HOME_NET
 			<listitem>
 				<para>Disable all the references to rules archives (include $RULE_PATH/*.rules) except those that point to local.rules (include $RULE_PATH/local.rules) in <command>/etc/snort/snort.conf.</command></para>
 
-				<para><screen>
-				...
+				<para><screen>...
 ###################################################
 # Step #7: Customize your rule set
 # For more information, see Snort Manual, Writing Snort Rules
@@ -332,8 +331,7 @@ preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
 				<para> Create the local.rules archive, initially empty:</para>
 				<para><screen>[root@snortstd-centos6 ~]# touch /etc/snort/rules/local.rules</screen></para>
 				<para>Now we should be able to start the basic service: </para>
-				<para><screen>
-					[root@snortstd-centos6 ~]# /etc/init.d/snortd start
+				<para><screen>[root@snortstd-centos6 ~]# /etc/init.d/snortd start
 Starting snort: Spawning daemon child...
 My daemon child 31590 lives...
 Daemon parent exiting (0)

en-US/Chapter2.xml

@@ -10,10 +10,10 @@
 	<title>Installing redborder plugin</title>	
 	<section>
 		<title>Installing the redBorder package</title>
-		<para>Once Snort is properly installed and running (or if you already had it running), you need to proceed to install the redBorder-IPS-generic package. 
-		This package allows you to bind the Snort instance to the redBorder Live service, to enable rule management, and to configure barnyard2 to securely send the events to the cloud.</para> 
+		<para>Once Snort is properly installed and running (or if you already had it running), you need to proceed to <emphasis role="bold">install the redborder-IPS-generic package. </emphasis></para>
+		<para>This package allows you to bind the Snort instance to the redborder Live service, to enable rule management, and to configure barnyard2 to securely send the events to the cloud.</para> 
 
-		<para>redBorder-IPS-generic requires the following additional packages in order to work:</para>
+		<para><literal>redBorder-IPS-generic</literal> requires the following additional packages in order to work:</para>
 
 
 			<itemizedlist mark="bullet">
@@ -38,8 +38,7 @@
 
 			<para>As part of the installation process, a message appears asking you to include some lines in the snmpd.conf file of the <command>net-snmp</command> package:</para>
 
-			<para><screen>
-				...
+			<para><screen>...
 INFO: Please, add these lines to your snmpd.conf file in order to allow get basic statistics:
 >>> /etc/snmp/snmpd.conf
 disk /
@@ -52,7 +51,7 @@ access redBorderGroup "" any noauth exact all none none
 
 			<warning>
 				<title>Warning</title>
-				<para>These lines allow the installed redBorder agent to send basic system information to the redBorder Live service obtained using local snmp queries to the redBorder Community.</para>
+				<para>These lines allow the installed redborder agent to send basic system information to the redBorder Live service obtained using local snmp queries to the redborder Community.</para>
 			</warning>
 
 			<para>Another two messages appear that you need to consider:</para>
@@ -61,22 +60,21 @@ access redBorderGroup "" any noauth exact all none none
 INFO: You must enable perfmonitor preprocessor to enable statistics. To enable it add the folowing line: preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
 			</screen></para>
 
-			<para>This first message references the configuration of the Snort perfmonitor preprocessor.</para>
+			<para>This first message references <emphasis role="bold">the configuration of the Snort perfmonitor preprocessor.</emphasis></para>
 
 			<para><screen>...
 Claim this IPS with the UUID: bd93699b-ff15-4d07-a0f2-f07da1a9ca81
 ...</screen></para>
 
-		<para>The second message reports the unique UUID reserved for this installation, which will be used to identify the system in the redBorder Live environment.</para>
-		<para>You will be asked to prompt this UUID when registering the system in redBorder Live, and can view it at any time in the <command>/opt/rb/etc/rb-uuid</command> file:</para>
+		<para>The second message reports <emphasis role="bold">the unique UUID reserved for this installation,</emphasis> which will be used to identify the system in the redborder Live environment.</para>
+		<para>You will be asked to prompt this UUID when registering the system in redborder Live, and can view it at any time in the <command>/opt/rb/etc/rb-uuid</command> file:</para>
 
 		<para><screen>[root@snortstd-centos6 ~]# cat /opt/rb/etc/rb-uuid 
 bd93699b-ff15-4d07-a0f2-f07da1a9ca81</screen></para>
 
 		<para>Now we add the proposed changes into the <command>snmpd.conf</command> file:</para>
 
-		<para><screen>
-			[root@snortstd-centos6 ~]# cat >> /etc/snmp/snmpd.conf &lt;&lt;EOF 
+		<para><screen>[root@snortstd-centos6 ~]# cat >> /etc/snmp/snmpd.conf &lt;&lt;EOF 
 com2sec redBorderUser localhost redBorder
 group redBorderGroup v1 redBorderUser
 group redBorderGroup v2c redBorderUser
@@ -87,24 +85,20 @@ EOF
 
 		<para>To monitor the state of the file system (state, usage, mounting point, etc.) add the following line:</para>
 
-		<para><screen>
-			[root@snortstd-centos6 ~]# cat >> /etc/snmp/snmpd.conf &lt;&lt;EOF
-disk /
-EOF
+		<para><screen>[root@snortstd-centos6 ~]# cat >> /etc/snmp/snmpd.conf &lt;&lt;EOF
+disk /EOF
 		</screen></para>
 
 		<para>Finally, restart the snmpd service:</para>
 
-		<para><screen>
-			[root@snortstd-centos6 ~]# /etc/init.d/snmpd restart
+		<para><screen>[root@snortstd-centos6 ~]# /etc/init.d/snmpd restart
 Stopping snmpd:                                            [  OK  ]
 Starting snmpd:                                            [  OK  ]
 		</screen></para>
 
 		<para>Check that the configuration is correct by executing the following basic queries:</para>
 
-		<para><screen>
-			[root@snortstd-centos6 ~]# snmpwalk -v2c -c redBorder localhost \
+		<para><screen>[root@snortstd-centos6 ~]# snmpwalk -v2c -c redBorder localhost \
 UCD-SNMP-MIB::systemStats
 
 UCD-SNMP-MIB::ssIndex.0 = INTEGER: 1

en-US/Chapter3.xml

@@ -10,25 +10,22 @@
 	<title>Registering the sensor in redborder Live</title>	
 	<para>First, verify that rb_register service is stopped:</para>
 
-	<para><screen>
-		[root@snortstd-centos6 ~]# /etc/init.d/rb-register status
+	<para><screen>[root@snortstd-centos6 ~]# /etc/init.d/rb-register status
 		rb_register is stopped
 	</screen></para>
 
 	<para>Next, start the service to produce the first stage of the registration process:</para>
 
-	<para><screen>
-		[root@snortstd-centos6 ~]# /etc/init.d/rb-register start
+	<para><screen>[root@snortstd-centos6 ~]# /etc/init.d/rb-register start
 Starting rb_register:                                      [  OK  ]
 Domain to connect: live.redorder.com
 Verify remote certificate: enabled
 Sensor UUID to claim: bd93699b-ff15-4d07-a0f2-f07da1a9ca81
 	</screen></para>
 
-	<para>The system has registered the unique UUID and will wait until it is claimed by you. You can verify that the process has been carried out successfully by checking the system logs:</para>
+	<para><emphasis role="bold">The system has registered the unique UUID</emphasis> and will wait until it is claimed by you. You can verify that the process has been carried out successfully by checking the system logs:</para>
 
-	<para><screen>
-		[root@snortstd-centos6 ~]# tail -f /var/log/rb-register/current
+	<para><screen>[root@snortstd-centos6 ~]# tail -f /var/log/rb-register/current
 time="2016-05-10T11:06:38+02:00" level=info msg="Stored UUID on DB: 369516204340538230" 
 time="2016-05-10T11:06:38+02:00" level=info msg="Registered!" 
 time="2016-05-10T11:06:38+02:00" level=info msg="Requesting certificate" 
@@ -37,10 +34,9 @@ time="2016-05-10T11:07:39+02:00" level=info msg="Chef called"
 time="2016-05-10T11:07:39+02:00" level=info msg=Done 
 	</screen></para>
 
-	<para>You can force the creation of a new UUID at any time by unbinding the sensor from redBorder Live using the following command:</para>
+	<para><emphasis role="bold">You can force the creation of a new UUID</emphasis> at any time by unbinding the sensor from redborder Live using the following command:</para>
 
-	<para><screen>
-		[root@snortstd-centos6 ~]# /opt/rb/bin/rb_disassociate_sensor.sh 
+	<para><screen>[root@snortstd-centos6 ~]# /opt/rb/bin/rb_disassociate_sensor.sh 
 Are you sure you want to disassociate this sensor from the manager? (y/N) y
 Stopping rb_register:                                      [  OK  ]
 Deleting /opt/rb/etc/chef/client.pem
@@ -72,7 +68,7 @@ Sensor UUID to claim: 28e4df0f-4fd5-4fe2-9142-d4b92ea96e9d
 		</listitem>
 	</itemizedlist>
 
-	<para>To claim the new sensor, you have to enter redBorder Live with your user and password, access the Sensors section, and select Claim sensor. 
+	<para><emphasis role="bold">To claim the new sensor,</emphasis> you have to enter redborder Live with your user and password, access the Sensors section, and select Claim sensor. 
 	You have one week to do so or the UUID will expire in the system and you will be required to create a new one.</para>
 
 	<mediaobject>
@@ -100,22 +96,21 @@ Sensor UUID to claim: 28e4df0f-4fd5-4fe2-9142-d4b92ea96e9d
 		</caption>
     </mediaobject>
 
-    <para>When saving the data the sensor will be bound to redBorder Live with the current account.</para>
+    <para>When saving the data the sensor will be bound to redborder Live with the current account.</para>
 
 	<section>
 		<title>Sensor registered in redborder Live</title>
 		<para>The user can verify that the sensor has been properly bound to redborder Live by reviewing the system logs:</para>
 
-		<para><screen>
-			[root@snortstd-centos6 ~]# tail -f /var/log/messages 
+		<para><screen>[root@snortstd-centos6 ~]# tail -f /var/log/messages 
 Feb  2 16:43:51 snortstd rb_register[32025]: STATUS: VERIFYING
 Feb  2 16:44:51 snortstd rb_register[32025]: STATUS: VERIFYING
 Feb  2 16:45:51 snortstd rb_register[32025]: STATUS: CLAIMED
 Feb  2 16:45:51 snortstd rb_register[32025]: Saved certificate in: /opt/rb/etc/chef/client.pem
 		</screen></para>
 
 		<para>The rb_register service goes from VERIFYING to CLAIMED and stores the certificate that will authorize the communications with redborder Live.</para>
-		<para>In redBorder Live the user can see a green circle in the Last Checked column of the Sensors section: this means that the sensor has been properly registered.
+		<para>In redborder Live the user can see a green circle in the Last Checked column of the Sensors section: this means that the sensor has been properly registered.
 		This column also indicates the time lapsed since the last sensor check.</para>
 
 		<mediaobject>
@@ -133,11 +128,11 @@ Feb  2 16:45:51 snortstd rb_register[32025]: Saved certificate in: /opt/rb/etc/c
 
     <section>
 		<title>Basic Configuration</title>
-		<para>To edit the configuration of the sensor, you need to click on the Configuration icon, to the right of the row, and select Edit from the given options.</para>
+		<para>To edit the configuration of the sensor, you need to click on the Configuration icon, to the right of the row, and select <literal>Edit</literal> from the given options.</para>
 
 		<mediaobject>
 			<imageobject>
-				<imagedata scalefit="1" align="center" width="450" fileref="images/ch02_img004.png"/>
+				<imagedata scalefit="1" align="center" width="350" fileref="images/ch03_img004.png"/>
             </imageobject>
 			<caption>
 				<para>Edit sensor configuration</para>
@@ -149,7 +144,7 @@ Feb  2 16:45:51 snortstd rb_register[32025]: Saved certificate in: /opt/rb/etc/c
 
         <mediaobject>
 			<imageobject>
-				<imagedata scalefit="1" align="center" width="450" fileref="images/ch02_img005.png"/>
+				<imagedata scalefit="1" align="center" width="450" fileref="images/ch03_img005.png"/>
             </imageobject>
 			<caption>
 				<para>Basic sensor configuration</para>
@@ -170,7 +165,7 @@ Feb  2 16:45:51 snortstd rb_register[32025]: Saved certificate in: /opt/rb/etc/c
 
 		<mediaobject>
 			<imageobject>
-				<imagedata scalefit="1" align="center" width="450" fileref="images/ch02_img006.png"/>
+				<imagedata scalefit="1" align="center" width="450" fileref="images/ch03_img006.png"/>
             </imageobject>
 			<caption>
 				<para>Configuring Security Policies</para>

en-US/Quick_installation_guide.xml

@@ -10,5 +10,6 @@
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Book_Info.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Chapter1.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Chapter2.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Chapter3.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
 </book>