Difference between revisions of "SNORT: Install SNORT saja Ubuntu 16.04"

Siapkan Aplikasi Pendukung

sudo locale-gen id_ID.UTF-8

apt update
apt install kernel-package libncurses5-dev fakeroot wget bzip2 \
fakeroot kernel-wedge build-essential makedumpfile libncurses5 \
libpcre3 libpcre3-dev libpcrecpp0v5 libpcap0.8 libpcap0.8-dev \
libdumbnet1 libdumbnet-dev bison flex zlib1g-dev

Download & Compile

sudo su
cd /usr/local/src
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz

cd /usr/local/src
tar xvfz daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && sudo make install

cd /usr/local/src
tar xvfz snort-2.9.9.0.tar.gz
cd snort-2.9.9.0
./configure --enable-sourcefire && make && sudo make install

Load library

ldconfig

Set Konfigurasi

mkdir -p /etc/snort/rules
mkdir -p /usr/local/lib/snort_dynamicrules
cp /usr/local/src/snort-2.9.9.0/etc/* /etc/snort/
touch /etc/snort/rules/local.rules

Download rules

cd /usr/local/src
wget https://www.snort.org/downloads/community/community-rules.tar.gz
wget https://www.snort.org/downloads/community/opensource.tar.gz
tar zxvf community-rules.tar.gz -C /etc/snort/rules/
tar zxvf opensource.tar.gz -C /etc/snort/rules/

Edit Konfigurasi

Edit /etc/snort/snort.conf

var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules

Load Library & check snort

ldconfig
snort -c

Referensi

• https://www.snort.org/#get-started