Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
168 views

Manual Install Snort Ips

This document provides instructions for manually installing Snort IPS on a system. It involves: 1. Installing prerequisite libraries and libdnet. 2. Downloading and compiling DAQ and Snort from source. This includes configuring with DAQ support. 3. Configuring Snort rules, logs, and snort.conf. 4. Running Snort in inline mode with NFQUEUE and iptables. 5. Optional setup of interface bridging for transparent IPS.

Uploaded by

andreas_kurniawan_26
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
168 views

Manual Install Snort Ips

This document provides instructions for manually installing Snort IPS on a system. It involves: 1. Installing prerequisite libraries and libdnet. 2. Downloading and compiling DAQ and Snort from source. This includes configuring with DAQ support. 3. Configuring Snort rules, logs, and snort.conf. 4. Running Snort in inline mode with NFQUEUE and iptables. 5. Optional setup of interface bridging for transparent IPS.

Uploaded by

andreas_kurniawan_26
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Manual install snort IPS

I. Install library
apt-get install flex bison build-essential checkinstall libpcap0.8 libnetfilter-queuedev libnfnetlink-dev libnfnetlink0 libdumbnet-dev libdumbnet1 libpcap-dev libpcre3
libpcre3-dev libnetfilter-queue1 zlib1g-dev

II. Install libdnet


wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xvfz libdnet-1.12.tgz
cd libdnet-1.12/
./configure
make
checkinstall
dpkg -i libdnet_1.12-1_i386.deb
ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

III. Install DAQ & Snort


Download daq and snort from www.snort.org
A. Install DAQ
wget https://www.snort.org/downloads/snort/daq-2.0.4.tar.gz
tar xzvf daq-2.0.4.tar.gz
cd daq-2.0.4
./configure
make
checkinstall
dpkg -i daq_0.2-1_i386.deb

B. Install Snort
wget https://www.snort.org/downloads/snort/snort-2.9.7.2.tar.gz
tar xzvf snort-2.9.7.2.tar.gz
cd snort-2.9.7.2
useradd snort
mkdir /usr/local/snort
chown -R snort.snort /usr/local/snort

./configure --prefix=/usr/local/snort --with-daq-includes=/usr/local/include --withdaq-libraries=/usr/local/lib --enable-sourcefire

make && make install

ldconfig

C. Command untuk check daq mode


/usr/local/snort/bin/snort --daq-list

D. Copy folder
cp -R /root/snort-2.9.7.2/etc /usr/local/snort/

E. Pemasangan Rule

Masuk ke directory snort :


cd /usr/local/snort
Download rule :
wget http://203.34.119.35/snort-rules.tar.gz
Ekstrak rules :
tar xzvf snort-rules.tar.gz

F. Konfigurasi pada snort.conf


Pada file snort.conf ubah path berikut :
# path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

# path to base preprocessor engine


dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

# path to dynamic rules libraries


dynamicdetection directory /usr/local/lib/snort_dynamicrules
##################################################
#

Menjadi :
# path to dynamic preprocessor libraries

dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor/

# path to base preprocessor engine


dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so

# path to dynamic rules libraries


dynamicdetection directory /usr/local/snort/lib/snort_dynamicrules
##################################################
#

Pada file snort.conf ubahlah baris berikut :


# config daq: <type>
# config daq_mode: <mode>

Menjadi :
config daq: nfq
config daq_mode: inline

G. Buatlah direktori snort_dynamicrules :


mkdir /usr/local/snort/lib/snort_dynamicrules

H.Buatlah folder log untuk snort :


mkdir /var/log/snort

I. Membuat file alert didalamnya


touch /var/log/snort/alert

IV. Menjalankan snort ips dengan mode nfq


with nfq :

iptables -A INPUT -j NFQUEUE

/usr/local/snort/bin/snort -N -d -D --daq nfq -Q -c /usr/local/snort/etc/snort.conf

A. Untuk Check error log apabila snort tidak runing :


tail -f /var/log/syslog

V. Setup interface bridging untuk transparent IPS


bridge:

ifconfig eth0 0.0.0.0 promisc up


ifconfig eth1 0.0.0.0 promisc up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up

V. Apabila terjadi error dengan limitasi


ulimit -c unlimited

You might also like