Scribd Logo
Carica

Benvenuto in Scribd!

  • Instalar Snort en Ubuntu

    Caricato da

    Andrés Díaz
    253 visualizzazioni7 pagine
    snort, seguridad, ubuntu,

    Copyright

    © © All Rights Reserved

    Formati disponibili

    ODT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    snort, seguridad, ubuntu,

    Copyright:

    © All Rights Reserved
    Scarica in formato ODT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    253 visualizzazioni7 pagine

    Instalar Snort en Ubuntu

    Caricato da

    Andrés Díaz
    snort, seguridad, ubuntu,

    Copyright:

    © All Rights Reserved
    Scarica in formato ODT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 7

    Introduction

    we have discussed about Snort NIDS in detail in our previous tutorial, In this article we have tried simplify the
    process of installing snort with Ubuntu.

    Requirements

    Ubuntu 14.04/15.04 OS
    Latest DAQ Package available with https://www.snort.org/downloads
    Latest Snort Package available with https://www.snort.org/downloads
    PCAP package available with Ubuntu
    Libdnet package available with Ubuntu
    DCRE package available with Ubuntu
    Our hosname is snort
    Our ubuntu user is snort
    Snort Server IP ADDR 192.168.1.10

    We will configure snort via remote PC using ssh

    Installation Steps
    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.

    Update system
    Install ssh-server
    Install Snort requisites
    Install Snort DAQ requisites
    Create a new directory to download package download Snort DAQ and Install DAQ.
    Download and Install Snort in Same directory created in above step
    Configure Snort and test your installation
    Create Directories to configure snort to run in nids mode

    Installation
    First of all prepare Snort Desktop
    # apt-get update
    # apt-get install openssh-server
    # reboot
    Make sure ethtool is installed
    # apt-get install ethtool
    Make sure build-essential is installed
    # apt-get install -y build-essential

    Install Snort prerequisites


    Install libpcap-dev, libpcre3-dev, zlib1g-dev and libdumbnet-dev packages
    # apt-get install -y libpcap-dev
    # apt-get install

    libpcre3-dev

    # apt-get install -y libdumbnet-dev


    # apt-get install zlib1g-dev

    Install Snort DAQ Prerequisites


    bison and flex are the requirement for Snort DAQ installation
    # apt-get install bison flex
    Create a separate directory in which will will install tar packages of snort and Snort DAQ
    # mkdir /home/snort/snort_src
    Change working directory to newly created directory.
    # cd /home/snort/snort_src/
    Download and install latest version of DAQ
    # wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
    Install the Package
    # tar -xvf daq-2.0.6.tar.gz
    # cd daq-2.0.6
    # cd daq-2.0.6
    # ./configure
    # make root@snort:/home/snort/snort_src/daq-2.0.6# make install
    Install Snort in same directory
    # wget https://www.snort.org/downloads/snort/snort-2.9.7.5.tar.gz
    Extract and Install the snort package
    # gunzip snort-2.9.7.5.tar.gz
    # tar -xvf snort-2.9.7.5.tar
    # cd snort-2.9.7.5
    # ./configure --enable-sourcefire

    # make
    # make install
    # ldconfig
    Create a Soft Link for Snort binary
    # ln -s /usr/local/bin/snort /usr/sbin/snort
    Verify your Snort is installed correctly or not
    # snort -V

    Configure Snort for NIDS Mode


    Create following Directories
    # mkdir /etc/snort
    # mkdir /etc/snort/rules
    # mkdir /etc/snort/preproc_rules
    # touch /etc/snort/rules/white_list.rules
    # touch /etc/snort/rules/black_list.rules
    # touch /etc/snort/rules/local.rules
    Create Log Directory for snort
    # mkdir /var/log/snort
    Create a Directory for snort Dynamics rules
    # mkdir /usr/local/lib/snort_dynamicrules
    Change permissions
    # chmod -R 5775
    # chmod -R 5775
    # chmod -R 5775
    # chmod -R 5775

    /etc/snort/
    /var/log/snort/
    /usr/local/lib/snort
    /usr/local/lib/snort_dynamicrules/

    Copy *.conf and *.map files from snort download directory to /etc/snort
    # cp /home/snort/snort_src/snort-2.9.7.5/etc/*.conf* /etc/snort/
    # cp -v /home/snort/snort_src/snort-2.9.7.5/etc/*.map* /etc/snort/
    Configure /etc/snort/snort.conf

    Before editing snort.conf get the backup of that file first


    # cp /etc/snort/snort.conf /etc/snort/snort.conf_orig
    Give following Command
    # sed -i 's/include \$RULE\_PATH/#include \$RULE\_PATH/' /etc/snort/snort.conf

    Note:Above Command will comment all rulesets which we will edit line by line
    Go to line 45 of /etc/snort/snort.conf, edit to make like below
    ipvar HOME_NET 192.168.1.0/24
    ipvar EXTERNAL_NET !$HOME_NET

    (Note: replace above ip address with your ip address)

    Go to line 104 and put following entries


    var RULE_PATH /etc/snort/rules
    var SO_RULE_PATH /etc/snort/so_rules
    var PREPROC_RULE_PATH /etc/snort/preproc_rules
    var WHITE_LIST_PATH /etc/snort/rules
    var BLACK_LIST_PATH /etc/snort/rules

    To enable local rules go to line 551 and uncomment following line


    ##include $RULE_PATH/local.rules

    Save and Quit

    Now Download Community rules from following link


    https://www.snort.org/downloads/community/community-rules.tar.gz
    Extract these rules and copy to /etc/snort/rules.
    Run following Command (This time i am logged in directly to the Ubuntu VM, only to make sure that every
    thing is working properly)
    # snort -T -c /etc/snort/snort.conf

    Sample Out put:

    Have Fun!!

    Fuente http://www.unixmen.com/install-snort-nids-ubuntu-15-04/

    Potrebbero piacerti anche