Difference between revisions of "SNORT: Install SNORT saja Ubuntu 16.04"

From OnnoWiki
Jump to navigation Jump to search
Line 1: Line 1:
==Siapkan Aplikasi Pendukung==
+
==Cek Jaringan==
  
  sudo locale-gen id_ID.UTF-8
+
  ifconfig
  
apt update
+
catat nama interface yang nanti akan di monitor
apt install kernel-package libncurses5-dev fakeroot wget bzip2 \
 
fakeroot kernel-wedge build-essential makedumpfile libncurses5 \
 
libpcre3 libpcre3-dev libpcrecpp0v5 libpcap0.8 libpcap0.8-dev \
 
libdumbnet1 libdumbnet-dev bison flex zlib1g-dev snort-rules-default
 
  
==Download & Compile==
+
ens18    Link encap:Ethernet  HWaddr 66:31:34:63:65:31 
 +
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
 +
          inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link
 +
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 +
          RX packets:26658 errors:0 dropped:11 overruns:0 frame:0
 +
          TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0
 +
          collisions:0 txqueuelen:1000
 +
          RX bytes:37165428 (37.1 MB)  TX bytes:751808 (751.8 KB)
  
sudo su
+
maka interface yang dimonitor adalah
cd /usr/local/src
 
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
 
wget https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz
 
  
  cd /usr/local/src
+
  ens18
tar xvfz daq-2.0.6.tar.gz
 
cd daq-2.0.6
 
./configure && make && sudo make install
 
  
cd /usr/local/src
 
tar xvfz snort-2.9.9.0.tar.gz
 
cd snort-2.9.9.0
 
./configure --enable-sourcefire && make && sudo make install
 
  
 +
==Siapkan Aplikasi Pendukung==
  
Load library
+
sudo locale-gen id_ID.UTF-8
  
  ldconfig
+
  apt update
 +
apt install oinkmaster snort snort-common snort-rules-default snort-doc
  
==Set Konfigurasi==
+
Akan di tanya
 +
* interface yang akan di monitor, misalnya ens18
 +
* range IP yang di monitor, misalnya 192.168.0.0/16
  
mkdir -p /etc/snort/rules
 
mkdir -p /usr/local/lib/snort_dynamicrules
 
cp /usr/local/src/snort-2.9.9.0/etc/* /etc/snort/
 
touch /etc/snort/rules/local.rules
 
  
===Download rules===
+
==Cek Snort==
  
  cd /usr/local/src
+
  snort -C
wget https://www.snort.org/downloads/community/community-rules.tar.gz
 
wget https://www.snort.org/downloads/community/opensource.tar.gz
 
tar zxvf community-rules.tar.gz -C /etc/snort/rules/
 
tar zxvf opensource.tar.gz -C /etc/snort/rules/
 
 
 
 
 
===Edit Konfigurasi===
 
 
 
Edit /etc/snort/snort.conf
 
  
var RULE_PATH /etc/snort/rules
+
==Jalankan Snort==
var SO_RULE_PATH /etc/snort/so_rules
 
var PREPROC_RULE_PATH /etc/snort/preproc_rules
 
var WHITE_LIST_PATH /etc/snort/rules
 
var BLACK_LIST_PATH /etc/snort/rules
 
  
==Load Library & check snort==
 
 
ldconfig
 
snort -C
 
  
 
==Referensi==
 
==Referensi==
  
 
* https://www.snort.org/#get-started
 
* https://www.snort.org/#get-started

Revision as of 09:38, 15 March 2017

Cek Jaringan

ifconfig

catat nama interface yang nanti akan di monitor 

ens18     Link encap:Ethernet  HWaddr 66:31:34:63:65:31  
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::6431:34ff:fe63:6531/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26658 errors:0 dropped:11 overruns:0 frame:0
          TX packets:9441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:37165428 (37.1 MB)  TX bytes:751808 (751.8 KB)

maka interface yang dimonitor adalah 

ens18


Siapkan Aplikasi Pendukung

sudo locale-gen id_ID.UTF-8

apt update
apt install oinkmaster snort snort-common snort-rules-default snort-doc

Akan di tanya

  • interface yang akan di monitor, misalnya ens18
  • range IP yang di monitor, misalnya 192.168.0.0/16


Cek Snort

snort -C

Jalankan Snort

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=SNORT:_Install_SNORT_saja_Ubuntu_16.04&oldid=47278"