Shulou(Shulou.com)06/01 Report--

Editor to share with you how to install intrusion detection system Snort under Linux, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Snort is a well-known open source intrusion detection system. Its Web interface (Snorby) can be used to better analyze warnings. Snort uses iptables/pf firewall as an intrusion detection system

Step 1: pre-install the required programs for daq

Snort uses the data Collector (daq) to listen on firewall packet queues, so follow daq. The programs that need to be preinstalled are: flex, bison, libcap.

Sudo apt-get install flexsudo apt-get install bisonsudo aptitude install libpcap-dev

Step 2: install daq

Wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gztar xvfz daq-2.0.6.tar.gz cd daq-2.0.6./configure & & make & & sudo make install

Step 3: install the programs required by snort

Aptitude install libpcre3-devaptitude install libdumbnet-devaptitude install zlib1g-dev

Step 4: install snort

Wget https://www.snort.org/downloads/snort/snort-2.9.12.tar.gz tar xvfz snort-2.9.12.tar.gz cd snort-2.9.12./configure-enable-sourcefire & & make & & sudo make install

Step 5: running snort will require you to install the response package. Just install it.

/ / run snort- Vamp / prompt to install bread apt-get install snortapt-get install snort-mysqlapt-get install snort-pgsql// when snort is ready to run and see a little pig

, _-> Snort!-o ") ~ Version 2.9.2 IPv6 GRE (Build 78)" By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4

/ / install some dependency packages in preparation for later graphics

Install apache

Apt-get install apache2

Install mysql

Apt-get install mysql-server

Install php

Apt-get install php5

Step 6: create a database for snort and a user

$mysql-u root-pmysql > CREATE DATABASE snort;mysql > grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort@localhost;mysql > grant CREATE, INSERT, SELECT, UPDATE on snort.* to snort;mysql > SET PASSWORD FOR snort@localhost=PASSWORD ('yourpassword'); mysql > exit

Step 7: modify the snor configuration file

The configuration file for snort is in / etc/snort/snort.conf

Open the file to comment out the HOME_NET-related items, then set HOME_NET to the network where the native IP resides, comment out the EXTERNAL_NET-related items, and set it to a non-native network, as follows:

The contents that need to be modified are as follows: 45 lines ipvar HOME_NET any > ipvar HOME_NET 192.168.x.x your IP network segment, written in CIDR format, and multiple network segments can be added, for example: ipvar HOME_NET [192.168.0.0max 16172.16.0.0max 16]

Ipvar EXTERNAL_NET any > ipvar Extensible Networked homemet

Step 8: trial run

Snort-T-I eth0-u snort-g snort-c / etc/snort/snort.conf if the following error occurs! WARNING: The database output plugins are considered deprecated as!! Of Snort 2.9.2 and will be removed in Snort 2.9.3.!! The recommended approach to logging is to use unified2 with!! Must enter database name in configuration file solution: after working for a long time, I found an include database.conf comment on line 549 of the snort.conf configuration file.

Step 9: running snort,snort will monitor the eth0 port

Snort

The results are as follows

These are all the contents of the article "how to install intrusion Detection system Snort under Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.