014-snortinstallguide292

8/3/2019 014-snortinstallguide292

1/12

ABCDEFFAABD

A!BD

"DB#AA$F%F&DF

'E$(F%$))D*D+(DE,,---$))D*D++)

AD.'D

B+F/0E)D)E1-DB(D)ED.D2A+3A/BCD

ABCDEDFCCCC

2"+DBD

F4EDA($D)+0DAA.4EDA($D)EBAD

CDE-ABABA#EAE-ABABDECDE

-ABABADAA+0"-ABABABD-ABABA-ABDADCD'.(D-ABABA2A$ABD(ED5D-3'AB'.((ABC(D(

6(7$D)8A+(-CDE

'9DA3F"DB"32/AB4D#A2D((
http://www.symmetrixtech.com/http://www.symmetrixtech.com/


2/12

B+

DEED.B+)DE!BDDD-A)EDAA(BD(D$))D*D+(D:CDEEAB(-+D.D:ED!DABBDD+$D)*"DADDAEA+3A(D)D+A(D.D-DD+DA.-(

F/0E)D)E

BDB+ADB"'.D,";D.ADDDD-D:D((-AED$)EDBDE$)DDDBD-DABDB+ADB)A+DAA+A$BDD..(ABA-3A-DD$ED.)AB)AAB!D-DAA+3BDD+DB$

D.-(BA(A)ADDE($


3/12

ABCDEDFCCCC

D.(DA!D%DD-3+AB.A+(DA..+$-A)-A!D"ABBD-)A3D.A)DB..+.D"'D+)E)DB.)AD*DA+DDD-3+AB.A+($AB)A!D-3A-A!DADA?AD"ABBDABA++DA$EDE-D)DB$AB)A!D-3A

:)EADA)BD-+DBD-3D!)DADA+EA-+$DDAD.DDDD-3:A..+BDA$$DDBDDED-+D@)DB@EADBAB+D+DD*DAD-3+AB8)DB$+ADDAA..+(((D-+D-3+AD-)ED-+DABD()DD+)D)+)D+)ED*ABD0D


4/12

)ED)A+D-+D$BD+ED.B+)D'E,,---(.)D.)A

2"+DBD

F4EDA($D)

+0D*

D.BD.DB-AB*8D:D((DF;A)DB.(D)EED+AD'A+A-EE$D+$EBAD.D4..!D$DA>+AD%EF


5/12

DAAB.$DD+'D%D)!DD'ABD)A+D-AA?D*!D.7-DDDB(-DDA++$+DADBDAD2$BD.A$+A(A>D!D$(AD0DDE!D(DBD-DB+))AB

4+D$:!D((DB%DD@.+.(+))ABBDD)DDD)EA$"ABBD.D)A+D.$DB='"7+AD=.)A-3A(DA++$DEDAD-+)A3DDD.DE+DADAD;+E$ABEAD%D+


6/12

-ABABDECDE

DD*DEB-ABAB+.(DCDE:A!AADAE,,---$))D*D++) BDDB-ABD+.-(D+D!DF-ABDE?FA(ABD+$$)A+D4EDA+))ABE)EDBD+$-+$B-ABDBCDEABDD.-(+))AB

sudo tar zxvf snortreport-1.3.3.tar.gz -C /var/www/

5--DDDB)B.$DCDE+.(A.DD.D+$6$G(.AB+A.DE(AEAD'A(DD.D$DB(+.EE-+))AB

sudo vi /var/www/snortreport-1.3.3/srconf.php

'A(DD.-(D.)

$pass = "YOURPASS";

!AD;DDEA-B$+DD6$GDEDEDADADA74C"84C


7/12

-ABABA

8D-D+BADEA+3A(D.)DFDED%ABD:(AADDDADAB(DAD!D.D(DE-D:D((+)EDABAD+D+BD4EDE,,---(,?B-AB-$-DABB-ABDD-DAD!D.-(%:!DAB+ADBDDE,,---(,B-AB,FH'E$ABD+$$)A+D

D.-(DE-A,,+A,$+A+A(DABD+$.$3($)B.$(DEAD-

4EDA+))ABE)EABDD.-(+))AB.)DBD+$-DD$B-ABDBD+D+BD

sudo tar zxvf snort-2.9.2.tar.gzcd snort-2.9.2sudo ./configure --prefix=/usr/local/snort --enable-sourcefiresudo makesudo make installsudo mkdir /var/log/snortsudo mkdir /var/snort

sudo groupadd snortsudo useradd -g snort snortsudo chown snort:snort /var/log/snort

7:A!DDDD6$GEA-BA$+DDADDD*-DEBD+DADDBAAAD

echo "create database snort;" | mysql -u root -pmysql -u root -p -D snort < ./schemas/create_mysql

5D*-DDDB+DADAABBA6$GD.DA:A(BBDADBAD)ACD)D)DDEA-BA$DDD-DD(D0DABDEA-B

ABBDBD0DABDDDD+AD)D

echo "grant create, insert, select, delete, update on snort.* to snort@localhost \identified by 'YOURPASSWORD'" | mysql -u root -p

-ABDADCD

DD*DEB-ABDADDD7:DDB(D+D.DDA-DBD(DD.DDADDAD+ADBDDE,,---(,?D

DDAD-D+EA(D>D.&C+DABD.D(DDBDD$B..DD+DADD(DDBDD.DADBA$BDAD.+D

-AB.D$)A+DD?AE?A(
http://www.snort.org/snort-downloadshttp://www.snort.org/snort-downloadshttp://www.snort.org/downloads/1347https://www.snort.org/snort-ruleshttps://www.snort.org/snort-ruleshttp://www.snort.org/snort-downloadshttp://www.snort.org/downloads/1347https://www.snort.org/snort-rules


8/12

4EDA+))ABE)EDBD+$-DD$B-ABDBDDD.DABDD.-(+))AB

sudo tar zxvf snortrules-snapshot-2920.tar.gz -C /usr/local/snortsudo mkdir /usr/local/snort/lib/snort_dynamicrulessudo cp /usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/2.9.2.0/* \

/usr/local/snort/lib/snort_dynamicrulessudo touch /usr/local/snort/rules/white_list.rules

sudo touch /usr/local/snort/rules/black_list.rulessudo ldconfig

'.(D

5--DDDBDBD+.+.(A.D

sudo vi /usr/local/snort/etc/snort.conf

'A(DDDD.)var WHITE_LIST_PATH /etc/snort/rulesvar BLACK_LIST_PATH /etc/snort/rules

var WHITE_LIST_PATH /usr/local/snort/rulesvar BLACK_LIST_PATH /usr/local/snort/rules

'A(DDDD.)dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.sodynamicdetection directory /usr/local/lib/snort_dynamicrules

dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor/dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so

dynamicdetection directory /usr/local/snort/lib/snort_dynamicrules

2D-D;ED.DB(.2A$AB-+$+AB-ABDDE,,---D+*!D+),B-AB,A$AB,A$AB?FA(
http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gzhttp://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz


9/12

EA+3ABA2A$AB-D.-(+))AB

sudo tar zxvf barnyard2-1.9.tar.gzcd barnyard2-1.9sudo ./configure --with-mysqlsudo makesudo make installsudo cp etc/barnyard2.conf /usr/local/snort/etc

sudo mkdir /var/log/barnyard2sudo chmod 666 /var/log/barnyard2sudo touch /var/log/snort/barnyard2.waldosudo chown snort.snort /var/log/snort/barnyard2.waldo

6B.$D2A$AB+.(A.D-D.-(+))AB

sudo vi /usr/local/snort/etc/barnyard2.conf

'A(DD.-(D.)

config reference_file: /etc/snort/reference.configconfig classification_file: /etc/snort/classification.config

config gen_file: /etc/snort/gen-msg.mapconfig sid_file: /etc/snort/sid-msg.map

#config hostname: thor#config interface: eth0

#output database: log, mysql, user=root password=test dbname=db host=localhost

;D$6$GEA-BDAB.74C"84CDADD-


10/12

DD!AD

auto eth0iface eth0 inet staticaddress 192.168.1.1netmask 255.255.255.0network 192.168.1.0broadcast 192.168.1.255

gateway 192.168.1.1

5-ABBD.-(DADDB.D.DADD+B+AB-A"ABBD

auto eth1iface eth1 inet manualifconfig eth1 up

A!DABD*D.DDDDDD+))AB

sudo /etc/init.d/networking restart

5-$+A+D+DD-3+ADAADB9(DF/+D+DBDA)DDA$)(-3AABDF+D+DBDD()DA$-A)7+A!D.$$(D@.+.(+))AB7EB3)D(3D;AD!ADBDD


11/12

DEADD.-(+DD.D;D.DD@exit 0D


12/12

'))D%.DDBA+3AB+AD-D+)DABD+A(DBAA+DI$))D*D++)

&D-DAE,,---$))D*D++) .DADD-CDEABB-ABDD-D!D

8DA($D+))DB((E.D?D)A(A!AADAE,,---(AB.-(-D.D-(BDABEBADCDEDDE,,-D+),$))D*D+ ;B:-$%.DDBAA-D!D.A..+F>ADDAD
mailto:[email protected]:[email protected]://www.symmetrixtech.com/http://www.symmetrixtech.com/http://www.snort.org/http://www.snort.org/http://twitter.com/symmetrixtechhttp://twitter.com/symmetrixtechmailto:[email protected]://www.symmetrixtech.com/http://www.snort.org/http://twitter.com/symmetrixtech

Documents

014-snortinstallguide292