標籤:軟體包 local
Centos下安裝snort
註:最近因需要安裝入侵偵測系統,上網找了下文檔,大致相同,甚至不全,個人整理了下,有不足之處敬請諒解。儲存僅為留個備份。
一.安裝所需軟體包
1.安裝libpcap與libpcap-devel
yum -y install libpcap*
2.安裝libpcre
yum -y install pcre*
3.安裝libdnet
wget http://pkgs.repoforge.org/libdnet/libdnet-1.11-1.1.el3.rf.x86_64.rpm
wget http://pkgs.repoforge.org/libdnet/libdnet-devel-1.11-1.1.el3.rf.x86_64.rpm
rpm -ilibdnet-1.11-1.1.el3.rf.x86_64.rpm
rpm -ilibdnet-devel-1.11-1.1.el3.rf.x86_64.rpm
二.安裝snort
cd /usr/local/src
tar -zxvf libdnet-1.11.tar.gz
cd liddnet-1.11
./configure –eith-pic
make && makeinstall
cd /usr/local/lib
ldconifg –v /usr/local/lib
tar -zxvf daq-2.0.6.tar.gz
cd daq-2.0.6
./configure
make && makeinstall
cd /usr/local/lib
ldconfig –v /usr/local/lib
tar -zxvf snort-2.9.8.tar.gz
cd snort-2.9.8
./configure –enable-sourcefire
make && make install
cd /usr/local/lib
ldconfig –v /usr/local/lib
安裝規則
mkdir-p /etc/snort
mkdir/etc/snort/rules
cd/opt
tar-zvxf community.tar.gz -C /etc/snort/rules
tar-zxvf snortrules-snapshot-2966.tar.gz -C /etc/snort/rules
修改許可權
cd/etc/snort
chown-R snort:snort *
添加snort使用者
groupadd-g 40000 snort
useraddsnort -u 40000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS –g snort
cd/etc/snort
chown-R snort:snort *
chown-R snort:snort /var/log/snort
修改設定檔
cd/etc/snort
cpsnort.conf snort.conf_bak
visnort.conf
varRULE_PATH /etc/snort/rules
ipvarHOME_NET any #or set to a network such as 172.21.0.0/16
ipvarEXTERNAL_NET !$HOME_NET
varSO_RULE_PATH /etc/snort/rules/so_rules
varPREPROC_RULE_PATH /etc/snort/rules/preproc_rules
varWHITE_LIST_PATH /etc/snort/rules
varBLACK_LIST_PATH /etc/snort/rules
修改snort daq的許可權
cd/usr/local/src
chown-R snort.snort daq-2.0.6
chown-R snort.snort snort-2.9.8
chown-R snort.snort snort_dynamicsrc
添加/etc/init.d/snort
註:snort指令碼下載
.http://s3.amazonaws.com/snort-org/www/assets/208/snort-centos-6x.sh
添加snort捷徑
cd/usr/sbin
ln-s /usr/local/bin/snort snort
添加/etc/sysconfig/snort
#### General Configuration
INTERFACE=eth0
CONF=/etc/snort/snort.conf
USER=snort
GROUP=snort
PASS_FIRST=0
#### Logging & Alerting
LOGDIR=/var/log/snort
ALERTMODE=fast
DUMP_APP=1
BINARY_LOG=1
NO_PACKET_LOG=0
PRINT_INTERFACE=
註:網卡名稱根據實際需求改
參考文檔:
http://wiki.aanval.com/wiki/Community:Snort_2.9.4.X_Installation_Guide_for_CentOS_6.3
本文出自 “走過的路” 部落格,請務必保留此出處http://10551335.blog.51cto.com/10541335/1748479
Centos下安裝snort
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
