Install snort under CentOS

Source: Internet
Author: User

Centos install snort under


Note: Recently because of the need to install intrusion detection system, the Internet to find the following documents, roughly the same, or even incomplete, personal finishing, there are deficiencies please understand. Save only for a backup.

A. Install the required packages

1. Installing libpcap and libpcap-devel

Yum-y Install libpcap*

2. Installing libpcre

Yum-y Install pcre*

3. Installing libdnet

wget http://pkgs.repoforge.org/libdnet/libdnet-1.11-1.1.el3.rf.x86_64.rpm

wget http://pkgs.repoforge.org/libdnet/libdnet-devel-1.11-1.1.el3.rf.x86_64.rpm

rpm-ilibdnet-1.11-1.1.el3.rf.x86_64.rpm

rpm-ilibdnet-devel-1.11-1.1.el3.rf.x86_64.rpm

two. Install snort

Cd/usr/local/src

TAR-ZXVF libdnet-1.11.tar.gz

CD liddnet-1.11

./configure–eith-pic

Make && Makeinstall

Cd/usr/local/lib

Ldconifg–v/usr/local/lib

TAR-ZXVF daq-2.0.6.tar.gz

CD daq-2.0.6

./configure

Make && Makeinstall

Cd/usr/local/lib

Ldconfig–v/usr/local/lib

TAR-ZXVF snort-2.9.8.tar.gz

CD snort-2.9.8

./configure–enable-sourcefire

Make && make install

Cd/usr/local/lib

Ldconfig–v/usr/local/lib

installation rules

Mkdir-p/etc/snort

Mkdir/etc/snort/rules

Cd/opt

TAR-ZVXF community.tar.gz-c/etc/snort/rules

TAR-ZXVF snortrules-snapshot-2966.tar.gz-c/etc/snort/rules

Modify Permissions

Cd/etc/snort

Chown-r Snort:snort *

Add snort User

Groupadd-g 40000 snort

Useraddsnort-u 40000-d/var/log/snort-s/sbin/nologin-c snort_ids–g snort

Cd/etc/snort

Chown-r Snort:snort *

Chown-r Snort:snort/var/log/snort

Modifying a configuration file

Cd/etc/snort

Cpsnort.conf Snort.conf_bak

Visnort.conf

Varrule_path/etc/snort/rules

Ipvarhome_net any #or set to a network such as 172.21.0.0/16

Ipvarexternal_net, $HOME _net.

Varso_rule_path/etc/snort/rules/so_rules

Varpreproc_rule_path/etc/snort/rules/preproc_rules

Varwhite_list_path/etc/snort/rules

Varblack_list_path/etc/snort/rules

Modify snort Daq the Permissions

Cd/usr/local/src

Chown-r Snort.snort daq-2.0.6

Chown-r Snort.snort snort-2.9.8

Chown-r Snort.snort SNORT_DYNAMICSRC

Add /etc/init.d/snort

Note:snort Script Download

. http://s3.amazonaws.com/snort-org/www/assets/208/snort-centos-6x.sh

Add snort Shortcuts

Cd/usr/sbin

Ln-s/usr/local/bin/snort Snort

Add /etc/sysconfig/snort

# # # General Configuration

Interface=eth0

Conf=/etc/snort/snort.conf

User=snort

Group=snort

Pass_first=0

# # # Logging & Alerting

Logdir=/var/log/snort

Alertmode=fast

Dump_app=1

Binary_log=1

No_packet_log=0

Print_interface=

Note: The NIC name is changed according to the actual demand

Reference Documentation:

http://wiki.aanval.com/wiki/Community:Snort_2.9.4.X_Installation_Guide_for_CentOS_6.3




This article is from the "Go Road" blog, please be sure to keep this source http://10551335.blog.51cto.com/10541335/1748479

Install snort under CentOS

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.