Install Snort

From OnnoWiki
Jump to navigation Jump to search

Install Snort in Ubuntu By: Onno W. Purbo


  1. apt-get install libpcre3 libpcre3-dev libpcrecpp0
  2. apt-get install libpcap0.8 libpcap0.8-dev
  3. apt-get install libmysqlclient15-dev
  4. apt-get install libphp-adodb
  5. apt-get install libgd2-xpm libgd2-xpm-dev
  6. apt-get install php5-mysql
  7. apt-get install php5-gd
  8. apt-get install php-image-graph php-image-canvas php-pear


alternative install adodb

  1. cp adodb494.tgz /var
  2. cd /var
  3. tar zxvf adodb494.tgz



  1. /etc/init.d/apache2 restart
  2. /etc/init.d/mysql restart


  1. cp -Rf snort-2.6.1.4.tar.gz /usr/local/src/
  2. cd /usr/local/src
  3. tar zxvf snort-2.6.1.4.tar.gz
  4. cd snort-2.6.1.4
  5. ./configure --with-mysql
  6. make
  7. make install
  8. groupadd snort
  9. useradd -g snort snort
  10. mkdir /etc/snort
  11. mkdir /etc/snort/rules
  12. mkdir /var/log/snort


  1. cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
  2. cd /etc/snort
  3. tar zxvf snortrules-snapshot-CURRENT.tar.gz
  1. cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort
  2. cd /etc/snort/
  3. vi /etc/snort/snort.conf

“var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules” output database: log, mysql, user=snort password=snort dbname=snort host=localhost

  1. vi /etc/rc.local

/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D



mysql mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');

alternatively

  1. mysql -u root -p

Enter password: mysql> create database snort; mysql> grant INSERT,SELECT on root.* to snort@localhost; mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort'); mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost; mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort; mysql> exit


  1. mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort

password:

  1. mysql -p

Enter password: mysql> show databases; mysql> use snort mysql> show tables; mysql> exit


  1. cp base-1.3.5.tar.gz /var/www/
  2. cd /var/www
  3. tar zxvf base-1.3.5.tar.gz
  4. mv base-1.3.5 base
  5. cd /var/www/base
  6. cp base_conf.php.dist base_conf.php
  7. vi base_conf.php

$BASE_urlpath = "/base"; $DBlib_path = "/usr/share/php/adodb/"; # $DBlib_path = "/var/adodb/"; $DBtype = "mysql";

$alert_dbname = 'snort'; $alert_host = 'localhost'; $alert_port = ; $alert_user = 'snort'; $alert_password = 'snort';

$archive_exists = 0; $archive_dbname = 'snort'; $archive_host = 'localhost'; $archive_port = ; $archive_user = 'snort'; $archive_password = 'snort';


  1. chown -Rf www-data.www-data /var/www/base


Web Access http://localhost/base Setup page CREATE BASE AG Main page

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Install_Snort&oldid=413"