Centos下安装snort

23213ew

注：最近因需要安装入侵检测系统，上网找了下文档，大致相同，甚至不全，个人整理了下，有不足之处敬请谅解。保存仅为留个备份。

一．安装所需软件包

1.安装libpcap与libpcap-devel

yum -y install libpcap*

        2.安装libpcre

      yum -y install pcre*

3.安装libdnet

wget http://pkgs.repoforge.org/libdne ... 1.el3.rf.x86_64.rpm   

wget http://pkgs.repoforge.org/libdne ... 1.el3.rf.x86_64.rpm

rpm -ilibdnet-1.11-1.1.el3.rf.x86_64.rpm

rpm -ilibdnet-devel-1.11-1.1.el3.rf.x86_64.rpm

二．安装snort

cd /usr/local/src

tar -zxvf libdnet-1.11.tar.gz

cd liddnet-1.11

./configure –eith-pic

make && makeinstall

cd /usr/local/lib

ldconifg –v /usr/local/lib



tar -zxvf daq-2.0.6.tar.gz

cd daq-2.0.6

./configure

make && makeinstall

cd /usr/local/lib

ldconfig –v /usr/local/lib



tar -zxvf snort-2.9.8.tar.gz

cd snort-2.9.8

./configure –enable-sourcefire

make && make install

cd /usr/local/lib

      ldconfig –v /usr/local/lib

  安装规则

mkdir-p /etc/snort

mkdir/etc/snort/rules

cd/opt

tar-zvxf community.tar.gz -C /etc/snort/rules

tar-zxvf snortrules-snapshot-2966.tar.gz -C /etc/snort/rules

修改权限

cd/etc/snort

chown-R snort:snort *

添加snort用户

groupadd-g 40000 snort

useraddsnort -u 40000 -d /var/log/snort -s /sbin/nologin -c SNORT_IDS –g snort

cd/etc/snort

chown-R snort:snort *

chown-R snort:snort /var/log/snort



修改配置文件

cd/etc/snort

cpsnort.conf snort.conf_bak

visnort.conf

varRULE_PATH /etc/snort/rules

ipvarHOME_NET any #or set to a network such as 172.21.0.0/16

ipvarEXTERNAL_NET !$HOME_NET

varSO_RULE_PATH /etc/snort/rules/so_rules

varPREPROC_RULE_PATH /etc/snort/rules/preproc_rules

varWHITE_LIST_PATH /etc/snort/rules

varBLACK_LIST_PATH /etc/snort/rules

修改snort daq的权限

cd/usr/local/src

chown-R snort.snort daq-2.0.6

chown-R snort.snort snort-2.9.8

chown-R snort.snort snort_dynamicsrc

添加/etc/init.d/snort



注：snort脚本下载

.http://s3.amazonaws.com/snort-or ... /snort-centos-6x.sh

添加snort快捷方式

cd/usr/sbin

ln-s /usr/local/bin/snort snort

添加/etc/sysconfig/snort

#### General Configuration

INTERFACE=eth0

CONF=/etc/snort/snort.conf

USER=snort

GROUP=snort

PASS_FIRST=0

#### Logging & Alerting

LOGDIR=/var/log/snort

ALERTMODE=fast

DUMP_APP=1

BINARY_LOG=1

NO_PACKET_LOG=0

PRINT_INTERFACE=

注：网卡名称根据实际需求改

18210010528

请教？架构搭建，如何验证