Install and configure snort in Linux

In Linux, Snort is a free lightweight network intrusion detection system based on Libpcap. It supports cross-System Platform operations and comes with a lightweight intrusion detection tool that can be used to monitor small TCP/IP networks. During network monitoring, Snort can match network data and rules, this can detect possible intrusion attempts. At the same time, it can also use the spade plug-in to detect network data exceptions using statistical methods, these powerful detection functions provide sufficient information for network administrators to defend against intrusions. Download MySQL, Apache, PHP, libpcap, ADODB, snort, base, and other software. Libpcap is a function library for capturing network data packets on Unix/Linux platforms; MySQL is a database that stores captured data; Apache is a web server; PHP is a web script language; ADODB provides database support for PHP (ADODB is a database ready action library for PHP ); Base is the basic analysis and security engine. It is based on the Code of the acid project and provides the Web Front-end, query and analyze alarms from the Snort intrusion detection system (base is the basic analysis and security engine. it is based on the code from the analysis console for intrusion databases (acid) project. this application provides a Web Front-end to query and analyze the alerts coming from a Snort IDS system); the installation of Apache and PHP serves the base. Install MySQL Groupadd MySQL Useradd-G MySQL Tar-zxvf mysql-VERSION.tar.gz Ln-s mysql-version/usr/local/MySQL CD/usr/local/MySQL Chown-r mysql. MySQL. Bin/mysql_install_db-user = MySQL Chown-r root. Chown-r Mysql Data Bin/mysqld_safe-user = MySQL & /Usr/local/MySQL/bin/mysqladmin-u Root Password root install Apache Tar-zvxf httpd-2.2.3.tar.gz CD httpd-2.2.3 ./Configure-Prefix =/usr/local/Apache-sysconfdir =/etc-enable-modules = so Make Make install PHP Tar zxvf jpegsrc-6b.tar.gz CD jpeg-6b ./Configure Make Mkdir-P/usr/local/man/Man1 Make install Make install-lib Tar zxvf freetype-2.1.10.tar.gz CD freetype-2.1.10 ./Configure Make Make install Tar zxvf zlib-1.2.3.tar.gz CD zlib-1.2.3 ./Configure Make Make install Tar zxvf libpng-1.2.8-config.tar.gz CD libpng-1.2.8-config CP scripts/makefile. gcmmx makefile Make Make install Tar zxvf gd-2.0.33.tar.gz CD gd-2.0.33 ./Configure Make Make install Cp gd. h/usr/local/lib/ Tar zxvf libxml2-2.6.22.tar.gz CD libxml2-2.6.22 ./Configure Make Make install Tar zxvf libxml2-2.6.22.tar.gz CD libxml2-2.6.22 ./Configure Make Make install Tar zxvf php-5.2.tar.gz CD php-5.2 . /Configure-Prefix =/usr/local/PHP-with-apxs2 =/usr/local/Apache/bin/apxs-with-config-file-Path =/etc-enable-sockets- with-mysql =/usr/local/MySQL-with-Gd-with-TTF-with-zlib-Dir-with-PNG-Dir-with-JPEG-Dir Make Make install CP./PHP. ini-Dist/usr/local/PhP5/etc/PHP. ini VI/etc/httpd. conf ================================== + Loadmodule php5_module modules/libphp5.so + Addtype application/X-httpd-PHP. php. phtml + Addtype application/X-httpd-PHP-source. PHPs ============================== Start Apache #/Usr/local/Apache/bin/apachctl start install libpcap Tar-zxvf libpcap-0.9.5.tar.gz CD libpcap-0.9.5 ./Configure Make Make install PCRE Tar jxvf pcre-7.8.tar.bz2 CD pcre-7.8 ./Configure Make Make install snort Tar zxvf snort-2.6.1.tar.gz CDS snort-2.6.1 ./Configure-Prefix =/usr/local/snort-with-mysql =/usr/local/MySQL/ Make Make install CD/usr/local/snort Tar zxvf snortrules-snapshot-CURRENT.tar.gz CP/usr/local/src/snort-2.6.1/etc/snort. CONF/usr/local/snort/etc/ CP/usr/local/src/snort-2.6.1/etc/*. config/usr/local/snort/etc/ /Usr/local/MySQL/bin/MySQL-u root-P Create Database snort; Create Database snort_archive; Use Snort; Source/usr/local/src/snort-2.6.1/schemas/create_mysql; Use snort_archive; Source/usr/local/src/snort-2.6.1/schemas/create_mysql; Mkdir/var/log/snort VI snort. conf ================================== VaR home_net 10.1.1.0/24 VaR rule_path/usr/local/snort/Rules Dynamicpreprocessor file/usr/local/snort/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so Dynamicpreprocessor file/usr/local/snort/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so Dynamicpreprocessor file/usr/local/snort/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so Dynamicpreprocessor file/usr/local/snort/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so Dynamicpreprocessor file/usr/local/snort/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so Dynamicengine/usr/local/snort/lib/snort_dynamicengine/libsf_engine.so Output Database: Alert, MySQL, user = Root Password = your_password dbname = snort host = localhost ============================ Install ADODB MV adodb493a.gz/usr/local/ CD/usr/local/ Tar zxvf adodb493a.gz install base Base-1.1.2.tar.gz/usr/local/Apache/htdocs/ CD/usr/local/Apache/htdocs Tar zxvf base-1.1.2.tar.gz CP base_conf.php.dist base_conf.php VI base_conf.php ====================================== $ Base_urlpath = "/base "; $ Dblib_path = "/usr/local/ADODB "; $ Dbtype = "MySQL "; $ Alert_dbname = "snort "; $ Alert_host = "localhost "; $ Alert_port = ""; $ Alert_user = "root "; $ Alert_password = "root "; ======================================/Usr/local/PHP/ bin/pear install Image_Color-1.0.2.tgz /Usr/local/PHP/bin/pear install Image_Canvas-0.3.0.tgz /Usr/local/PHP/bin/pear install Numbers_Roman-1.0.1.tgz /Usr/local/PHP/bin/pear install Numbers_Words-0.15.0.tgz /Usr/local/PHP/bin/pear install Image_Graph-0.7.2.tgz start snort /Usr/local/snort/bin/snort-C/usr/local/snort/etc/snort. conf