之前尝试过在centos6.4下安装snort,由于是第一次尝试,或多或少的出现了一些问题,让我纠结了几天,于是,我决定推到重来
首先是centos6.4的安装,这个不需要多做解释了,接着是/etc/resolv.conf的配置问题,加入nameserver 8.8.8.8、nameserver4.4.4.4即可
然后就是安装make编译器yum -y install gcc automake autoconf libtool make,另外还可以安装一个下载工具wget
命令yum -y install wget
接着安装一大堆东西,诸如gcc、flex、bison、zlib、libpcap、pcre、libdent、tcpdump,这些东西一般用yum install xxxxx即可安装
其中gcc建议用yum -y install gcc gcc-c++安装
libdent:wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz
pcre:wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz
zlib:wget http://prdownloads.sourceforge.net/libpng/zlib-1.2.8.tar.gzw
如果系统已经自带就不用再次安装了
snort:wget http://www.snort.org/downloads/2485
daq:wget http://www.snort.org/downloads/2476
下载下来后分别./configure&make&make install
snort规则,必须注册后才能下载:wget http://www.snort.org/reg-rules/<filename>/<oinkcode here>其中oinkcode在自己账号选项里能生成
到etc目录下,新建目录snort,规则就放在snort中,然后在snort中新建white_list.rules和black_list.rules目录,具体代码为
cd /etc mkdir -p snort cd snort tar -zvxf <path to>snortrules-snapshot-<nnnn>.tar.gz cp ./etc/* . touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
设置用户组snort和主目录,若/var/log下没有snort目录可新建一个
groupadd -g 40000 snort
useradd snort -u 40000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS –g snort
cd /etc/snort
chown -R snort:snort *
chown -R snort:snort /var/log/snort
设置snort.conf(请使用自己机器上实际的安装路径)
var RULE_PATH /etc/snort/rules ipvar HOME_NET 192.168.1.0/24 ipvar EXTERNAL_NET !$HOME_NET var SO_RULE_PATH /etc/snort/so_rules var PREPROC_RULE_PATH /etc/snort/preproc_rules var WHITE_LIST_PATH /etc/snort/rules var BLACK_LIST_PATH /etc/snort/rules
接着是snort和daq(请使用自己机器上实际的安装路径)
cd /usr/local/src chown -R snort:snort daq-2.0.0 chmod -R 700 daq-2.0.0 chown -R snort:snort snort-2.9.4.x chmod -R 700 snort-2.9.4.x chown -R snort:snort snort_dynamicsrc chmod -R 700 snort_dynamicsrc
从snort的安装目录下的rpm里找到snortd文件,复制到/etc/init.d下,并改名为snort,然后
chkconfig --add snort
cd /usr/sbin
ln -s /usr/local/bin/snort snort
在/etc/sysconfig下创建文件snort并编辑
# /etc/sysconfig/snort # $Id: snort.sysconfig,v 1.8 2003/09/19 05:18:12 dwittenb Exp $ #### General Configuration INTERFACE=eth0 CONF=/etc/snort/snort.conf USER=snort GROUP=snort PASS_FIRST=0 #### Logging & Alerting LOGDIR=/var/log/snort ALERTMODE=fast DUMP_APP=1 BINARY_LOG=1 NO_PACKET_LOG=0 PRINT_INTERFACE=0
然后继续分配权限
cd /var/log mkdir snort chmod 700 snort chown -R snort:snort snort cd /usr/local/lib chown -R snort:snort snort* chown -R snort:snort snort_dynamic* chown -R snort:snort pkgconfig chmod -R 700 snort* chmod -R 700 pkgconfig cd /usr/local/bin chown -R snort:snort daq-modules-config chown -R snort:snort u2* chmod -R 700 daq-modules-config chmod 700 u2* cd /etc chown -R snort:snort snort chmod -R 700 snort
最后就是测试一下
cd /usr/local/bin
./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf
若出现一下代码说明snort已经配置好了
Snort successfully validated the configuration!
Snort exiting
若出现报错:
ERROR: snort.conf(253) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory. Fatal Error, Quitting.
则
mkdir -p /usr/local/lib/snort_dynamicrules chown -R snort:snort /usr/local/lib/snort_dynamicrules chmod -R 700 /usr/local/lib/snort_dynamicrules
以上配置 参考了一位大神的文章http://wiki.aanval.com/wiki/Community:Snort_2.9.4.X_Installation_Guide_for_CentOS_6.3
2013-08-07