Dec 14, 2011
Snort: A Network Intrusion Prevention System (NIPS)
Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a rule-set defined by the user. The program will then perform a specific action based on what has been identified.
Snort Requirement1. Libpcap : In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic.
2. PCRE : Perl Compatible Regular Expressions (PCRE) is a regular expression C library inspired by Perl’s external interface, written by Philip Hazel.
3. Libdnet : Libdnet is a generic networking API that provides access to several protocols.
4. Barnyard2 : Barnyard is an output system for Snort. Snort creates a special binary output format called ``unified.’’ Barnyard2 reads this file, and then resends the data to a database back-end.
5. DAQ : DAQ is the Data-Acquisition API that is necessary to use Snort version 2.9.0 and above.
Installing Required Packages1. First we install required packages for Snort with Yum utility.
# yum install pcre pcre-devel libdnet libdnet-devel2. We use Snort with MySQL, so install required packages.
# yum install php php-common php-gd gd php-cli php-mysql mysql mysql-devel mysql-bench mysql-server glib2-devel3. Download and install Libpcap.
# wget http://www.tcpdump.org/release/libpcap-1.0.0.tar.gz # tar -xvf libpcap-1.0.0.tar.gz # cd libpcap-1.0.0 # .configure # make # make install4. Next download and install Barnyard2 module for Snort with Wget.
# wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz # tar -xzf barnyard2-1.9.tar.gz # cd barnyard2-1.9 # ./configure --with-mysql # make # make install5. Download and install DAG package from here.
# tar -xvf daq-0.6.2.tar.gz # cd daq-0.6.2 # ./configure # make # make installImportant : Make sure you have installed libpcap = 1.0.0 as mentioned above otherwise installation fails.
Download & Install Snort1. Download latest version of Snort.
# wget http://www6.atomicorp.com/channels/source/atomic-release/atomic-release-1.0-14.el5.art.noarch.rpm # rpm -Uvh atomic-release-1.0-14.el5.art.noarch.rpm # yum install snort
Snort Database Settings1. Create database and grant permissions.
# mysql -u root -p # create database snort; # GRANT INSERT, SELECT on snort.* to snort@localhost IDENTIFIED BY 'password'; # flush privileges; # quit;2. Import SQL file into the database.
# mysql -D snort -u root -p < /usr/share/doc/snort-22.214.171.124/create_mysql3. Set MySQL settings in snort.conf file, search for database and make changes as below example.
output database: log, mysql, user=snort password=password dbname=snort host=localhost4. Run snort.
# snort -c /etc/snort/snort.conf
Install Snort With BASE & Adodb SupportIf you like to install snort with BASE and Adodb with MySQL support then follow Intrusion Prevention With Snort And BASE.
About : Ravi Saive
Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Because it is usually free and allow me do geeky stuff such as Programming and Scripting with CLI (Command Line Interface).