#cd /root
#mkdir snorttemp
#cd snorttemp
#wget https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz
#tar -xzvf snort-2.9.9.0.tar.gz
#rm snort-2.9.9.0.tar.gz
we need to download snort rules
wget https://www.snort.org/downloads/community/community-rules.tar.gz
mv community-rules.tar /root/snorttemp/snort-2.9.9.0/
cd snort-2.9.9.0/
tar -xzvf community-rules.tar
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
tar -xzvf pcre-8.40.tar.gz
rm pcre-8.40.tar.gz
download libpcap
cd /root/snorttemp/
wget http://www.tcpdump.org/release/libpcap-1.8.1.tar.gz
tar -xzvf libpcap-1.8.1.tar.gz
rm libpcap-1.8.1.tar.gz
base
cd /root/snorttemp/
wget https://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fsecureideas%2F&ts=1498734578&use_mirror=excellmedia
tar -xzvf base-1.4.5.tar.gz
rm base-1.4.5.tar.gz
adodb
cd /root/snorttemp/
wget https://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-520-for-php5/adodb-5.20.9.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fadodb%2F%3Fsource%3Dtyp_redirect&ts=1498735182&use_mirror=excellmedia
unzip adodb-5.20.9.zip
rm adodb-5.20.9.zip
snorttemp]# ls
adodb5 base-1.4.5 libpcap-1.8.1 snort-2.9.9.0
cd libpcap-1.8.1/
./configure
make
make install // if any error yum groupinstall Development tools
pcre
# mv pcre-8.40 /root/snorttemp/
# cd ..
# cd pcre-8.40/
./configure
make
make install
# cd /root/snorttemp/
cd snort-2.9.9.0/
./configure --enable-dynamicplugin --with-mysql
if you get error - dnet header not found, go get it from
# yum -y install libdnet-devel
ERROR! daq_static library not found, go get it from
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
tar -xzvf daq
cd daq
./configure
make
make install
after no errors
make
make install
799 mkdir /etc/snort
800 mkdir /etc/snort/rules
801 mkdir /var/log/snort
cd community-rules
mkdir /root/snorttemp/rules
cp * /root/snorttemp/rules/
cp * /etc/snort/rules/
cd /root/snorttemp/
cd snort-2.9.9.0/
cd community-rules/
cp * /root/snorttemp/snort-2.9.9.0/rules/
cd ..
cp * /etc/snort/
now register You can also take a moment and register on Snort website, then use the Oink code to download the registered user rules. Replace the <oinkcode> with your personal code, which you can find in the Snort user account details.
wget https://www.snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz?oinkcode=<oinkcode> -O ~/registered.tar.gz
get your oinkcode
click your mail id - oinkcode - copy your code
after download extract
yum install php-pear
pear install Image_Canvas-alpha
pear install Image_Color
pear install Numbers_Roman
pear install Image_Graph-0.8.0
Your PHP Logging Level is too high to handle the running of BASE!
Please set the 'error_reporting' variable to at least 'E_ALL & ~E_NOTICE' in your php.ini!
The Path to ADODB does not appear to be correct! Please correct.
ans - change adodb5 permission 777 or 755
unable to find mysql headers (mysql.h)
ans - yum install mysql-devel
Please set the 'error_reporting' variable to at least 'E_ALL & ~E_NOTICE' in your php.ini!
The Path to ADODB does not appear to be correct! Please correct.
ans - change adodb5 permission 777 or 755
unable to find mysql headers (mysql.h)
ans - yum install mysql-devel
unable to find mysqlclient library
#locate libmysqlclient
list shown, then add that in following line
./configure --enable-dynamicplugin --with-mysql-libraries=/usr/lib64/mysql/libmysqlclient.so.16
https://www.snort.org/downloads
https://www.howtoforge.com/intrusion_detection_base_snort_p3
https://www.upcloud.com/support/installing-snort-on-centos/
https://openmaniak.com/snort.php
http://blog.dynamichosting.biz/2011/06/21/setting-up-snort-with-base-centos-5-6/
https://www.howtoforge.com/intrusion-detection-with-snort-mysql-apache2-on-ubuntu-7.10
https://www.howtoforge.com/intrusion-detection-with-snort-mysql-apache2-on-ubuntu-7.10
http://youresuchageek.blogspot.in/2012/11/howto-guide-to-snort-ids-in-debian.html
mysql> use snort;
mysql> show tables;
mysql> select * from sensor;
mysql>INSERT INTO `sensor` (`sid`, `hostname`, `interface`, `filter`, `detail`, `encoding`, `last_cid`) VALUES ('1', 'localhost:eth0', 'eth0', 'NULL', '1', '0', '158');
mysql> select * from sensor;
+-----+----------------+-----------+--------+--------+----------+----------+
| sid | hostname | interface | filter | detail | encoding | last_cid |
+-----+----------------+-----------+--------+--------+----------+----------+
| 1 | localhost:eth0 | eth0 | NULL | 1 | 0 | 158 |
+-----+----------------+-----------+--------+--------+----------+----------+
1 row in set (0.00 sec)
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth2mysql> show tables;
mysql> select * from sensor;
mysql>INSERT INTO `sensor` (`sid`, `hostname`, `interface`, `filter`, `detail`, `encoding`, `last_cid`) VALUES ('1', 'localhost:eth0', 'eth0', 'NULL', '1', '0', '158');
mysql> select * from sensor;
+-----+----------------+-----------+--------+--------+----------+----------+
| sid | hostname | interface | filter | detail | encoding | last_cid |
+-----+----------------+-----------+--------+--------+----------+----------+
| 1 | localhost:eth0 | eth0 | NULL | 1 | 0 | 158 |
+-----+----------------+-----------+--------+--------+----------+----------+
1 row in set (0.00 sec)
no package libnet available in centos
wget https://sourceforge.net/projects/libnet/files/libnet/0.10.11/libnet-0.10.11.tar.gz/
No comments:
Post a Comment