Beruflich Dokumente
Kultur Dokumente
we have discussed about Snort NIDS in detail in our previous tutorial, In this article we have tried simplify the
process of installing snort with Ubuntu.
Requirements
Ubuntu 14.04/15.04 OS
Latest DAQ Package available with https://www.snort.org/downloads
Latest Snort Package available with https://www.snort.org/downloads
PCAP package available with Ubuntu
Libdnet package available with Ubuntu
DCRE package available with Ubuntu
Our hosname is snort
Our ubuntu user is snort
Snort Server IP ADDR 192.168.1.10
Installation Steps
1.
2.
3.
4.
5.
6.
7.
8.
Update system
Install ssh-server
Install Snort requisites
Install Snort DAQ requisites
Create a new directory to download package download Snort DAQ and Install DAQ.
Download and Install Snort in Same directory created in above step
Configure Snort and test your installation
Create Directories to configure snort to run in nids mode
Installation
First of all prepare Snort Desktop
# apt-get update
# apt-get install openssh-server
# reboot
Make sure ethtool is installed
# apt-get install ethtool
Make sure build-essential is installed
# apt-get install -y build-essential
libpcre3-dev
# make
# make install
# ldconfig
Create a Soft Link for Snort binary
# ln -s /usr/local/bin/snort /usr/sbin/snort
Verify your Snort is installed correctly or not
# snort -V
/etc/snort/
/var/log/snort/
/usr/local/lib/snort
/usr/local/lib/snort_dynamicrules/
Copy *.conf and *.map files from snort download directory to /etc/snort
# cp /home/snort/snort_src/snort-2.9.7.5/etc/*.conf* /etc/snort/
# cp -v /home/snort/snort_src/snort-2.9.7.5/etc/*.map* /etc/snort/
Configure /etc/snort/snort.conf
Note:Above Command will comment all rulesets which we will edit line by line
Go to line 45 of /etc/snort/snort.conf, edit to make like below
ipvar HOME_NET 192.168.1.0/24
ipvar EXTERNAL_NET !$HOME_NET
Have Fun!!
Fuente http://www.unixmen.com/install-snort-nids-ubuntu-15-04/