Centos下安装snort
注:最近因需要安装***检测系统,上网找了下文档,大致相同,甚至不全,个人整理了下,有不足之处敬请谅解。保存仅为留个备份。
一.安装所需软件包
1.安装libpcap与libpcap-devel
yum -y install libpcap*
2.安装libpcre
yum -y install pcre*
3.安装libdnet
wget http://pkgs.repoforge.org/libdnet/libdnet-1.11-1.1.el3.rf.x86_64.rpm
wget http://pkgs.repoforge.org/libdnet/libdnet-devel-1.11-1.1.el3.rf.x86_64.rpm
rpm -ilibdnet-1.11-1.1.el3.rf.x86_64.rpm
rpm -ilibdnet-devel-1.11-1.1.el3.rf.x86_64.rpm
二.安装snort
cd /usr/local/src
tar -zxvf libdnet-1.11.tar.gz
cd liddnet-1.11
./configure –eith-pic
make && makeinstall
cd /usr/local/lib
ldconifg –v /usr/local/lib
tar -zxvf daq-2.0.6.tar.gz
cd daq-2.0.6
./configure
make && makeinstall
cd /usr/local/lib
ldconfig –v /usr/local/lib
tar -zxvf snort-2.9.8.tar.gz
cd snort-2.9.8
./configure –enable-sourcefire
make && make install
cd /usr/local/lib
ldconfig –v /usr/local/lib
安装规则
mkdir-p /etc/snort
mkdir/etc/snort/rules
cd/opt
tar-zvxf community.tar.gz -C /etc/snort/rules
tar-zxvf snortrules-snapshot-2966.tar.gz -C /etc/snort/rules
修改权限
cd/etc/snort
chown-R snort:snort *
添加snort用户
groupadd-g 40000 snort
useraddsnort -u 40000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS –g snort
cd/etc/snort
chown-R snort:snort *
chown-R snort:snort /var/log/snort
修改配置文件
cd/etc/snort
cpsnort.conf snort.conf_bak
visnort.conf
varRULE_PATH /etc/snort/rules
ipvarHOME_NET any #or set to a network such as 172.21.0.0/16
ipvarEXTERNAL_NET !$HOME_NET
varSO_RULE_PATH /etc/snort/rules/so_rules
varPREPROC_RULE_PATH /etc/snort/rules/preproc_rules
varWHITE_LIST_PATH /etc/snort/rules
varBLACK_LIST_PATH /etc/snort/rules
修改snort daq的权限
cd/usr/local/src
chown-R snort.snort daq-2.0.6
chown-R snort.snort snort-2.9.8
chown-R snort.snort snort_dynamicsrc
添加/etc/init.d/snort
注:snort脚本下载
.http://s3.amazonaws.com/snort-org/www/assets/208/snort-centos-6x.sh
添加snort快捷方式
cd/usr/sbin
ln-s /usr/local/bin/snort snort
添加/etc/sysconfig/snort
#### General Configuration
INTERFACE=eth0
CONF=/etc/snort/snort.conf
USER=snort
GROUP=snort
PASS_FIRST=0
#### Logging & Alerting
LOGDIR=/var/log/snort
ALERTMODE=fast
DUMP_APP=1
BINARY_LOG=1
NO_PACKET_LOG=0
PRINT_INTERFACE=
注:网卡名称根据实际需求改
参考文档:
http://wiki.aanval.com/wiki/Community:Snort_2.9.4.X_Installation_Guide_for_CentOS_6.3