Kush, Nishchal: Snort 2.9 on CentOS 6.

1 of 3

Compartir

Ms

http://nkush.blogspot.com.es/2013/03/snort-29-on-cento...

Siguiente blog

Crear un blog

Acceder

Kush, Nishchal
Welcome to my blog, For more information about me, visit my website at
http://www.kush.com.fj. This blog is mostly just to keep a track of my ramblings and
thoughts, game reviews, and crazy hair-brained ideas, so don't expect to nd any profound
life altering body of knowledge here...

3/16/2013

ABOUT ME
Kush, Nishchal

Snort 2.9 on CentOS 6.3

the Indian I.T. guy

Snort is a signature based network intrusion detection system (NIDS)

which has become a defacto standard for NIDS. In addition to being
used as a NIDS, Snort may also be used as a simple network trac
packet snier or logger.

Find out more about me on my

personal website www.kush.com.fj

A number of Snort dynamic preprocessors are available which enables

the development of rules to attack detection.

BLOG ARCHIVE

Snort is an open source product and available for most popular

network operating systems. Snort rules are also available commercially
from Sourcere.
The following instruction detail the installation of Snort 2.9.4 on a
CentOS 6.3 64bit host. The installation instructions include the
installation of Snort rules available to registered Snort users, as well
as third party rules available from EmergingThreats.
Installation:
1. Install dependencies
1. yum -y update
2. yum -y install gcc ex bison wget make

View my complete prole

2013 (4)
April (1)
March (3)
Snort 2.9 on CentOS 6.3
(continued) with
Barnyard2...
Snort 2.9 on CentOS 6.3
Installing and Conguring
OpenVPN 2.3 on Microsof...
2012 (10)
2011 (23)
2010 (21)
2009 (8)

3. yum -y install zlib zlib-devel

4. yum -y install libpcap libpcap-devel

SEARCH THIS BLOG

5. yum -y install pcre pcre-devel

6. rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epelrelease-6-8.noarch.rpm #(or rpm -Uvh
http://download.fedoraproject.org/pub/epel/6/i386/epelrelease-6-8.noarch.rpm for 32 bit machines)

Search

LABELS

7. yum -y update

apple (5)

8. yum -y install libdnet libdnet-devel

apt-get (4)

2. Download and install DAQ

bash (3)

1. cd /root/

centos (14)

2. wget http://www.snort.org/downloads/2216 -O
daq-2.0.0.tar.gz

install (8)

3. tar zxvf daq-2.0.0.tar.gz

linux (14)

4. cd daq-2.0.0

metasploit (5)

laptop (3)

14/01/14 16:16

Kush, Nishchal: Snort 2.9 on CentOS 6.3

2 of 3

http://nkush.blogspot.com.es/2013/03/snort-29-on-cento...

5. ./congure

msf3 (3)

6. make

redhat (3)

7. make install

snort (5)

3. Download and install Snort

1. wget http://www.snort.org/downloads/2225 -O snort2.9.4.1.tar.gz

sudo (4)
wget (6)
yum (6)

2. tar zxvf snort-2.9.4.1.tar.gz

3. cd snort-2.9.4.1
4. ./congure --enable-sourcere

MY BLOG LIST
Digital Variants

5. make

1 week ago

6. make install
4. Download and install Snort Rules
1. mkdir -p /etc/snort/rules
2. mkdir -p /var/log/snort
3. cd /etc/snort
4. Manually download the rules le to /etc/snort/ (You need to
be signed in to get the registered user rules). In this case it
was snortrules-snapshot-2940.tar.gz
5. tar zxvf snortrules-snapshot-2940.tar.gz
6. mv ./etc/* /etc/snort/
7. rmdir /etc/snort/etc
5. OPTIONAL: Download and install Emerging Threats rules

Multi-Version Documents
4 weeks ago

dosTF
1 year ago

Slothism and Muchness

3 years ago

FOLLOWERS
Join this site
with Google Friend Connect

Members (4)

1. wget http://rules.emergingthreats.net/open/snort2.9.0/emerging.rules.tar.gz -O emerging.rules.tar.gz

2. tar zxvf emerging.rules.tar.gz
6. Create Snort accounts

Already a member? Sign in

1. groupadd snort
2. useradd snort -g snort -d /var/log/snort -s /sbin/nologin -m
3. chown -R snort:snort /etc/snort
4. chown -R snort:snort /var/log/snort
7. Edit the Snort conguration le
1. vi /etc/snort/snort.conf

Snort
Install RPM
Centos

1. ipvar HOME_NET x.x.x.x/x/

2. ipvar EXTERNAL_NET !$HOME_NET
3. var RULE_PATH rules
4. var SO_RULE_PATH so_rules
5. var PREPROC_RULE_PATH preproc_rules
6. var WHITE_LIST_PATH rules
7. var BLACK_LIST_PATH rules
8.

OPTIONAL:

include $RULES_PATH/emerging.conf

8. Test the Snort installation

1. snort -u snort -g snort -c /etc/snort/snort.conf -T
2. If all goes well you should see this
Snort successfully validated the configuration!
Snort exiting

I plan to have a subsequent blog post to record instructions for

installing and conguring barnyard, oinkmaster and BASE.
Instructions in a previous post using an older version of Snort and
CentOS can be found at http://nkush.blogspot.com.au/2011/10

14/01/14 16:16

Kush, Nishchal: Snort 2.9 on CentOS 6.3

3 of 3

http://nkush.blogspot.com.es/2013/03/snort-29-on-cento...

/installing-snort-2912-on-centos-57.html
References
1. http://fedoraproject.org/wiki/EPEL
2. http://snort.org/docs
3. http://nkush.blogspot.com.au/2011/10/installing-snort-2912-oncentos-57.html
Common Errors:
1. ERROR: /etc/snort/snort.conf(253) Could not stat dynamic module
path "/usr/local/lib/snort_dynamicrules": No such le or directory.
1. mkdir -p /usr/local/lib/snort_dynamicrules
2. ERROR: /etc/snort/snort.conf(511) => Unable to open address le
/etc/snort/rules/white_list.rules, Error: No such le or directory
1. touch /etc/snort/rules/white_list.rules
3. ERROR: /etc/snort/snort.conf(511) => Unable to open address le
/etc/snort/rules/black_list.rules, Error: No such le or directory
1. touch /etc/snort/rules/black_list.rules

Recommend this on Google

Feedback:
No comments:
Post a Comment

Enter your comment...

Comment as:

Publish

Select profile...

Preview

Links to this post

Create a Link

Newer Post

Home

Older Post

Subscribe to: Post Comments (Atom)

Copyright 2011 Nishchal Kush. All rights reserved.. Powered by Blogger.

14/01/14 16:16