About: Snort is a free open source network intrusion detection system (IDS)

Step1. Install the packages

Note: check the below packages first if not installed then install it using yum command.

yum install git

rpm -qa | grep gcc
libgcc-4.8.2-16.2.el7_0.x86_64
gcc-4.8.2-16.2.el7_0.x86_64

rpm -qa | grep flex
flex-2.5.37-3.el7.x86_64

rpm -qa | grep bison
bison-2.7-4.el7.x86_64

rpm -qa | grep zlib
zlib-1.2.7-13.el7.x86_64
zlib-devel-1.2.7-13.el7.x86_64

rpm -qa | grep libpcap
libpcap-1.5.3-4.el7_1.2.x86_64
libpcap-devel-1.5.3-4.el7_1.2.x86_64

rpm -qa | grep tcpdump
tcpdump-4.5.1-2.el7.x86_64

rpm -qa | grep libdnet-devel
libdnet-devel-1.12-13.1.el7.x86_64

Step2. Install the snort rpm

yum install https://www.snort.org/downloads/snort/snort-2.9.14.1-1.centos7.x86_64.rpm

Step3. Install the snort rules

Note: To install snort rules you must register to this link then we will be able to download rules for snort configuration. https://www.snort.org/users/sign_up

Open your e-mail id then Receive a message. Then click the confirm my account. You can confirm your account email through the link below: Confirm my account Signup with Snort

Step4. Let’s sign and Download Rules

Note: Download using git

git clone https://github.com/shirkdog/pulledpork.git

Step5. Configure the tool

cd pulledpork/

Step6. Copy the pulledpork.pl file to /usr/local/bin directory

cp pulledpork.pl /usr/local/bin

Step7. Change the permissions

chmod +x /usr/local/bin/pulledpork.pl

Step8. Copy contents of etc directory from pulledpork to system default snort /etc/snort

cp -v etc/*.conf /etc/snort

Step9. Create a directory

mkdir /etc/snort/rules/iplists

Step10. Create a file named ‘default.blacklists’

touch /etc/snort/rules/iplists/default.blacklist

Step11. Test the Configuration

/usr/local/bin/pulledpork.pl -V

Note: If you received errors:

Install some dependency packages;
yum install -y perl-Switch perl-URI perl-core perl-Bundle-LWP

Step12. Test again

/usr/local/bin/pulledpork.pl -V

Step13. Configure Dynamic Rules for Snort

vi /etc/snort/snort.conf

–path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/lib64/snort-2.9.7.5_dynamicpreprocessor/
–path to base preprocessor engine
dynamicengine /usr/lib64/snort-2.9.7.5_dynamicengine/libsf_engine.so
–path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules

Step14. Execute following Command

echo “include \$RULE_PATH/so_rules.rules” >> /etc/snort/snort.conf
echo “include \$RULE_PATH/local.rules” >> /etc/snort/snort.conf
echo “include \$RULE_PATH/snort.rules” >> /etc/snort/snort.conf

Step15. Restart the service

ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
systemctl restart snortd

Step16. Check version

snort -v

8 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here