From ee0755c15fcb9559ebf3804e27d7b04c6285ae71 Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Fri, 9 Nov 2018 11:51:15 +0000
Subject: [PATCH 1/2] lab updates

---
 .../hackerbot_config/ids_rules/templates/intro.md.erb     | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb
index 1a0059524..a2129f9d6 100644
--- a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb
+++ b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb
@@ -48,15 +48,13 @@ sudo vi /etc/snort/snort.conf
 ==Add the following line:==
 `output alert_fast`
 
-==Create a new rules file:==
-
-Let us edit the local rules file without sudo:
+==Let us edit the local rules file without sudo:==
 
 ```bash
 sudo chown <%= $main_user %> /etc/snort/rules/local.rules
 ```
 
-==Change Snort's interface== to the interface with IP address <%= $ids_server_ip %> (likely eth1), and set the local network to your IP address range (or "any"):
+==Change Snort's interface== to the interface with IP address <%= $ids_server_ip %> (likely changing eth0 to ens3), and set the local network to your IP address range (or "any"):
 
 ```bash
 sudo vi /etc/snort/snort.debian.conf
@@ -74,4 +72,4 @@ sudo service snort start
 
 Snort should now be running, monitoring network traffic for activity.
 
-It can be helpful to monitor network traffic while writing IDS rules. You can start Wireshark with `kdesudo wireshark &`
+It can be helpful to monitor network traffic while writing IDS rules. You can start Wireshark with `kdesudo wireshark`

From 216fbe2d17af805800cffcac44ee73cb18d8b61e Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Fri, 9 Nov 2018 11:56:36 +0000
Subject: [PATCH 2/2] lab updates

---
 .../ids_rules/templates/write_snort_rules.md.erb                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb
index 3da11ddf9..4eb077690 100644
--- a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb
+++ b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb
@@ -46,7 +46,7 @@ Note that in Wireshark you can view individual packets, including IP and TCP hea
 ==Start Wireshark:==
 
 ```bash
-kdesudo wireshark &
+kdesudo wireshark
 ```
 > For this exercise you can ignore the warnings about running Wireshark as root, or read online to learn to use setcap to grant Wireshark more specific privileges.