Installation of SNORT in Ubuntu 14.04

in #utopian-io7 years ago (edited)

Snort Configuration Stages
Snort configuration stage, to run snort in mode NIDS . Step by step to be passed between them are: first do network configuration by typing:
#sudo apt-get install -y ethtool
gambar.png
#sudo ethtool -K gro off
gambar.png
#sudo ethtool -K lro off
gambar.png
Then do the initial preparation before extending into the installation, preparation of support software packages, requirements for building NIDS and DAQ (Data AcQuisition).
#sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g- dev liblzma-dev openssl libssl-dev
gambar.png
Next create a directory to save the downloaded tarball file:
#mkdir ~ / snort_src
gambar.png
#cd ~ / snort_src
gambar.png
Then in to snort_src directory and download latest DAQ package and its configuration to connect with snort by:
#wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
gambar.png
#tar -xvzf daq-2.0.6.tar.gz
gambar.png
#cd daq-2.0.6
gambar.png
#./configure
gambar.png
#make
gambar.png
#make install
gambar.png
After all the packages are installed now do the NIDS snort configuration by:
#cd ~ / snort_src
#wget https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz
gambar.png
#tar -xvzf snort-2.9.9.0.tar.gz
gambar.png
#cd snort-2.9.9.0
gambar.png
#./configure -enable-sourcefire
gambar.png
#make
gambar.png
#make install
gambar.png
Important. Run the command below, if this command is passed then error will occur in the next step, type #sudo ldconfig, make the symlink snort binary in / usr / sbin by:
#sudo ln -s / usr / local / bin / snort / usr / sbin / snort
Test the snort by running the following command: snort -v, if the test runs normally it will show the snort version used.
gambar.png
And iam use version Snort 2.9.9.0
Configure Snort in NIDS Mode
To make the snort run in NIDS mode the author needs to configure and create daemon scripts so that snort can run in NIDS mode, the NIDS snort mode configuration steps are as follows:
#sudo groupadd snort
#sudo useradd snort -r -s / sbin / nologin -c SNORT_IDS -g snort
Create Snort directory
#sudo mkdir / etc / snort
#sudo mkdir / etc / snort / rules
#sudo mkdir / etc / snort / preproc_rules

Create some files that store the rules and IP list
#sudo touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules /etc/snort/rules/local.rules

Create a logging directory
#sudo mkdir / var / log / snort
#sudo mkdir / usr / local / lib / snort_dynamicrules
Customize permissions
#sudo chmod -R 5775 / etc / snort
#sudo chmod -R 5775 / var / log / snort
#sudo chmod -R 5775 / usr / local / lib / snort_dynamicrules
Changes in Ownership of folders
#sudo chown -R snort: snort / et c / snort
#sudo chown -R snort: snort / var / log / snort
#sudo chown -R snort: snort / usr / local / lib / snort_dynamicrules

The next step is to copy the snort configuration from the snort tarball to / etc / snort by:
#sudo cp ~ / snort_src / snort-2.9.9.0 / etc / *. conf * / etc / snort
#sudo cp ~ / snort_src / snort-2.9.9.0 / etc / *. map * / etc / snort
The above command means that the system has copied the configuration from the snort tarball to the / etc / snort directory, with the configuration layout as follows:
#snort binary file / usr / local / bin / snort
#snort configuration file /etc/snort/snort.conf
#snort log data directory / var / log / snort
#snort rules directory / etc / snort / rules
#/ usr / local / lib / snort dynamicrules
To see the snort directory that has been move can use the command: tree / etc / snort, if the process success it will come out the display as below:
#tree / etc / snort
gambar.png
The next step is to create a path that points to /etc/snort/snort.conf by: sudo sed -i's / include \ $ RULE \ _PATH / # include \ $ RULE \ _PATH / '/etc/snort/snort.conf , next step edit the snort configuration using nano editor, by: nano /etc/snort/snort.conf, then edit line in line 45 by press ctrl + w + t fill 45, then edit it to resemble the following settings:
#ipvar HOME_NET 192.168.10.2/24
#ipvar EXTERNAL_NET any
gambar.png
Then find again line 104 and change it to the following:
#var RULE_PATH / etc / snort / rules
#var SO_RULE_PATH / etc / snort / so_rules
#var PREPROC_RULE_PATH / etc / snort / preproc_rules
gambar.png
#var WHITE_LIST_PATH / etc / snort / rules / iplists
#var BLACK_LIST_PATH / etc / snort / rules / iplists
gambar.png
Then activate local.rules located at line 545 by removing a hash (#) that is in front of it, so it resembles the following:

include $ RULE_PATH / local.rules
Next step verification the snort if the snort is to read the alerts to be configuration and stored in /etc/snort/rules/local.rules by:
#snort -T -c /etc/snort/snort.conf -i eth1
gambar.png
.........
gambar.png
Snort successfully validated the configuration!
Snort exiting.
And you already to install snort with mode NIDS . Success!!!


Posted on Utopian.io - Rewarding Open Source Contributors

#snort #ids #engeenering
7 years ago in #utopian-io by
$0.00
    1 vote
    Reply 1
    Sort:  
  • Trending
    • [-]
     7 years ago 

    Your contribution cannot be approved because it does not follow the Utopian Rules.

    • The project must be an official github repository and the update should be shorter than 1 year. It should also include technical details as well as standard commands. In this way a Tutorial is simple, does not require any special skills.

    You can contact us on Discord.
    [utopian-moderator]

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.19
      TRX 0.15
      JST 0.029
      BTC 63287.47
      ETH 2569.39
      USDT 1.00
      SBD 2.81