Centos下安装snort


注:最近因需要安装***检测系统,上网找了下文档,大致相同,甚至不全,个人整理了下,有不足之处敬请谅解。保存仅为留个备份。

一.安装所需软件包

1.安装libpcaplibpcap-devel

yum -y install libpcap*

        2.安装libpcre

      yum -y install pcre*

3.安装libdnet

wget http://pkgs.repoforge.org/libdnet/libdnet-1.11-1.1.el3.rf.x86_64.rpm   

wget http://pkgs.repoforge.org/libdnet/libdnet-devel-1.11-1.1.el3.rf.x86_64.rpm

rpm -ilibdnet-1.11-1.1.el3.rf.x86_64.rpm

rpm -ilibdnet-devel-1.11-1.1.el3.rf.x86_64.rpm

二.安装snort

cd /usr/local/src

tar -zxvf libdnet-1.11.tar.gz

cd liddnet-1.11

./configure –eith-pic

make && makeinstall

cd /usr/local/lib

ldconifg –v /usr/local/lib

 

tar -zxvf daq-2.0.6.tar.gz

cd daq-2.0.6

./configure

make && makeinstall

cd /usr/local/lib

ldconfig –v /usr/local/lib

 

tar -zxvf snort-2.9.8.tar.gz

 cd snort-2.9.8

 ./configure –enable-sourcefire

 make && make install

 cd /usr/local/lib

      ldconfig –v /usr/local/lib

  安装规则

mkdir-p /etc/snort

mkdir/etc/snort/rules

cd/opt

tar-zvxf community.tar.gz -C /etc/snort/rules

tar-zxvf snortrules-snapshot-2966.tar.gz -C /etc/snort/rules

修改权限

cd/etc/snort

chown-R snort:snort *

添加snort用户

groupadd-g 40000 snort

useraddsnort -u 40000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS –g snort

cd/etc/snort

chown-R snort:snort *

chown-R snort:snort /var/log/snort

 

修改配置文件

cd/etc/snort

cpsnort.conf snort.conf_bak

visnort.conf

varRULE_PATH /etc/snort/rules

ipvarHOME_NET any #or set to a network such as 172.21.0.0/16

ipvarEXTERNAL_NET !$HOME_NET

varSO_RULE_PATH /etc/snort/rules/so_rules

varPREPROC_RULE_PATH /etc/snort/rules/preproc_rules

varWHITE_LIST_PATH /etc/snort/rules

varBLACK_LIST_PATH /etc/snort/rules

修改snort daq的权限

cd/usr/local/src

chown-R snort.snort daq-2.0.6

chown-R snort.snort snort-2.9.8

chown-R snort.snort snort_dynamicsrc

添加/etc/init.d/snort

 

注:snort脚本下载

.http://s3.amazonaws.com/snort-org/www/assets/208/snort-centos-6x.sh

添加snort快捷方式

cd/usr/sbin

ln-s /usr/local/bin/snort snort

添加/etc/sysconfig/snort

#### General Configuration

INTERFACE=eth0

CONF=/etc/snort/snort.conf

USER=snort

GROUP=snort

PASS_FIRST=0

#### Logging & Alerting

LOGDIR=/var/log/snort

ALERTMODE=fast

DUMP_APP=1

BINARY_LOG=1

NO_PACKET_LOG=0

PRINT_INTERFACE=

注:网卡名称根据实际需求改

 

 

 

 

 

参考文档:

http://wiki.aanval.com/wiki/Community:Snort_2.9.4.X_Installation_Guide_for_CentOS_6.3