2/28/2010

Snort sniff honk !

Snort is an open source intrusion detection system (IDS). Its highly configurable and can be run in a number of modes and architectures, There are a small number of freely available rules to use. For more information refer to the Snort home page http://www.snort.org/. Here are some instructions on getting it setup on CentOS, these were adapted from the Snort Documentation by Patrick Harper at http://assets.sourcefire.com/snort/setupguides/Snort_Base_Minimal.pdf;

  1. yum install mysql mysql-bench mysql-server mysql-devel mysqlclient10 php-mysql httpd gcc pcre-devel php-gd gd mod_ssl glib2-devel gcc-c++ php php-pear libpcap-devel
  2. vi /etc/httpd/conf/httpd.conf #Edit the httpd.conf file to suit
  3. /etc/rc.d/init.d/httpd start
  4. /etc/rc.d/init.d/mysqld restart
  5. /usr/bin/mysql_secure_installation
  6. cd /root
  7. mkdir snortinstall
  8. cd snortinstall
  9. wget http://dl.snort.org/snort-current/snort-2.8.5.3.tar.gz
  10. tar zxvf snort-2.8.5.3.tar.gz
  11. cd snort-2.8.5.3
  12. ./configure --with-mysql --enable-dynamicplugin # Fingers crossed it all goes well
  13. make
  14. make install
  15. /usr/sbin/groupadd snort
  16. /usr/sbin/useradd -g snort snort -s /sbin/nologin
  17. mkdir -p /etc/snort/rules
  18. mkdir -p /var/log/snort
  19. cd /root/snortinstall/snort-2.8.5.3/etc
  20. cp ./* /etc/snort/
  21. cd /root/snortinstall
  22. wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
  23. tar zxvf emerging.rules.tar.gz
  24. cd rules
  25. cp ./* /etc/snort/rules/
  26. vi /etc/snort/snort.conf # Edit the snort.conf file to suit
  27. /etc/rc.d/init.d/mysqld start
  28. mysql -u root -p mysql # Create the snort database and snort database user and set permissions
  29. cd  /root/snortinstall/snort-2.8.5.3/schemas
  30. mysql -u snort -p snort < create_mysql
  31. pear install -a Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
  32. cd /root/snortinstall/
  33. wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=transact
  34. wget http://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.4/base-1.4.4.tar.gz?use_mirror=transact
  35. cd /var/www
  36. tar zxvf /root/snortinstall/adodb510.tgz
  37. mv adodb5/ adbodb
  38. cd /var/www/html/
  39. tar zxvf /root/snortinstall/base-1.4.4.tar.gz
  40. mv base-1.4.4/ base
  41. cd base
  42. cp base_conf.php.dist base_conf.php
  43. vi base_conf.php # Edit the file to suit
  44. # Load http://SERVERNAME/base in a browser and click on the setup link
  45. # Click on Create BASE AG button
  46. # Click on the Main Page link
SQL
  1. create database snort;
  2. create user 'snort'@'localhost' identified by '';
  3. grant create, insert, select, delete, update on snort.* to snort@localhost;
  4. grant create, insert, select, delete, update on snort.* to snort;
    Labels: , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)