參考
http://www.snort.org/snort-downloads/rhel5
下載(請先手動下載)
http://www.snort.org/snort-downloads?
snort-2.9.0.5.tar.gz
http://www.snort.org/downloads/867
daq-0.5-1.i386.rpm
http://www.snort.org/downloads/856
snortrules-snapshot-2905.tar.gz
點選 http://www.snort.org/snort-rules/?#rules 右上角 Sign In
登入後,點選 Registered User Release 區域的 snortrules-snapshot-2905.tar.gz 下載
安裝步驟
代碼:
yum -y install gcc gcc-c++ kernel-devel patch make vim sshd libxml2 libxml2-devel pcre pcre-devel php php-common php-gd php-cli php-mysql flex bison php-pear-Numbers-Roman php-pear-Numbers-Words php-pear-Image-Color php-pear-Image-Canvas php-pear-Image-Graph libpcap libpcap-devel mysql mysql-devel mysql-bench mysql-server dnet dnet-devel libnet libnet-devel libdnet libdnet-devel zlib zlib-devel
rpm -ivh daq-0.5-1.i386.rpm
tar zxvf snort-2.9.0.5.tar.gz
cd snort-2.9.0.5
./configure --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
make
make install
cd ..
mkdir /etc/snort
mkdir /var/log/snort
tar zxvf snortrules-snapshot-2905.tar.gz -C /etc/snort
cp /etc/snort/etc/* /etc/snort
groupadd snort
useradd -g snort snort
chown snort:snort /var/log/snort
touch /var/log/snort/alert
chown snort:snort /var/log/snort/alert
chmod 600 /var/log/snort/alert
mkdir /usr/local/lib/snort_dynamicrules
# no FC-15
cp /etc/snort/so_rules/precompiled/FC-14/i386/2.9.0.5/*.so /usr/local/lib/snort_dynamicrules
cat /etc/snort/so_rules/*.rules >> /etc/snort/rules/so-rules.rules
sed -i -e "s@var RULE_PATH ../rules@#var RULE_PATH ../rules@" /etc/snort/snort.conf
sed -i -e '/var RULE_PATH ..\/rules/a var RULE_PATH \/etc\/snort\/rules' /etc/snort/snort.conf
sed -i -e "s@var SO_RULE_PATH ../so_rules@#var SO_RULE_PATH ../so_rules@" /etc/snort/snort.conf
sed -i -e '/var SO_RULE_PATH ..\/so_rules/a var SO_RULE_PATH \/etc\/snort\/so_rules' /etc/snort/snort.conf
sed -i -e "s@var PREPROC_RULE_PATH ../preproc_rules@#var PREPROC_RULE_PATH ../preproc_rules@" /etc/snort/snort.conf
sed -i -e '/var PREPROC_RULE_PATH ..\/preproc_rules/a var PREPROC_RULE_PATH \/etc\/snort\/preproc_rules' /etc/snort/snort.conf
snort -T -c /etc/snort/snort.conf
rpm -ivh daq-0.5-1.i386.rpm
tar zxvf snort-2.9.0.5.tar.gz
cd snort-2.9.0.5
./configure --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
make
make install
cd ..
mkdir /etc/snort
mkdir /var/log/snort
tar zxvf snortrules-snapshot-2905.tar.gz -C /etc/snort
cp /etc/snort/etc/* /etc/snort
groupadd snort
useradd -g snort snort
chown snort:snort /var/log/snort
touch /var/log/snort/alert
chown snort:snort /var/log/snort/alert
chmod 600 /var/log/snort/alert
mkdir /usr/local/lib/snort_dynamicrules
# no FC-15
cp /etc/snort/so_rules/precompiled/FC-14/i386/2.9.0.5/*.so /usr/local/lib/snort_dynamicrules
cat /etc/snort/so_rules/*.rules >> /etc/snort/rules/so-rules.rules
sed -i -e "s@var RULE_PATH ../rules@#var RULE_PATH ../rules@" /etc/snort/snort.conf
sed -i -e '/var RULE_PATH ..\/rules/a var RULE_PATH \/etc\/snort\/rules' /etc/snort/snort.conf
sed -i -e "s@var SO_RULE_PATH ../so_rules@#var SO_RULE_PATH ../so_rules@" /etc/snort/snort.conf
sed -i -e '/var SO_RULE_PATH ..\/so_rules/a var SO_RULE_PATH \/etc\/snort\/so_rules' /etc/snort/snort.conf
sed -i -e "s@var PREPROC_RULE_PATH ../preproc_rules@#var PREPROC_RULE_PATH ../preproc_rules@" /etc/snort/snort.conf
sed -i -e '/var PREPROC_RULE_PATH ..\/preproc_rules/a var PREPROC_RULE_PATH \/etc\/snort\/preproc_rules' /etc/snort/snort.conf
snort -T -c /etc/snort/snort.conf
執行測試結果
代碼:
[root@localhost ~]# snort -T -c /etc/snort/snort.conf
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.0.5 IPv6 GRE (Build 135)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2011 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 8.12 2011-01-15
Using ZLIB version: 1.2.5
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.13 <Build 18>
Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4>
Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4>
Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3>
Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3>
Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13>
Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9>
Snort successfully validated the configuration!
Snort exiting
[root@localhost ~]#
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.0.5 IPv6 GRE (Build 135)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2011 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 8.12 2011-01-15
Using ZLIB version: 1.2.5
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.13 <Build 18>
Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4>
Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4>
Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3>
Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3>
Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13>
Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9>
Snort successfully validated the configuration!
Snort exiting
[root@localhost ~]#
[研究] Snort 2.9.0.5 安裝(Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20240
[研究] Snort 2.9.0.3 (tar.gz)安裝(Fedora 14 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=19216
[研究] Snort 2.8.5.2.tar.gz+MySQL+BASE快速安裝程式(CentOS 5.4)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=17658
[研究]Snort 2.8.5.2.tar.gz+MySQL+BASE快速安裝程式(Fedora 12 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=17672
[教學] [研究] Snort 2.8.1快速安裝程式精簡版(Fedora 8 )
http://forum.icst.org.tw/phpbb/viewtopic.php?t=15042
(完)
沒有留言:
張貼留言