About: Snort is a free open source network intrusion detection system (IDS)

Step1. Install the packages

Note: check the below packages first if not installed then install it using yum command.

yum install git

rpm -qa | grep gcc

rpm -qa | grep flex

rpm -qa | grep bison

rpm -qa | grep zlib

rpm -qa | grep libpcap

rpm -qa | grep tcpdump

rpm -qa | grep libdnet-devel

Step2. Install the snort rpm

yum install https://www.snort.org/downloads/snort/snort-

Step3. Install the snort rules

Note: To install snort rules you must register to this link then we will be able to download rules for snort configuration. https://www.snort.org/users/sign_up

Open your e-mail id then Receive a message. Then click the confirm my account. You can confirm your account email through the link below: Confirm my account Signup with Snort

Step4. Let’s sign and Download Rules

Note: Download using git

git clone https://github.com/shirkdog/pulledpork.git

Step5. Configure the tool

cd pulledpork/

Step6. Copy the pulledpork.pl file to /usr/local/bin directory

cp pulledpork.pl /usr/local/bin

Step7. Change the permissions

chmod +x /usr/local/bin/pulledpork.pl

Step8. Copy contents of etc directory from pulledpork to system default snort /etc/snort

cp -v etc/*.conf /etc/snort

Step9. Create a directory

mkdir /etc/snort/rules/iplists

Step10. Create a file named ‘default.blacklists’

touch /etc/snort/rules/iplists/default.blacklist

Step11. Test the Configuration

/usr/local/bin/pulledpork.pl -V

Note: If you received errors:

Install some dependency packages;
yum install -y perl-Switch perl-URI perl-core perl-Bundle-LWP

Step12. Test again

/usr/local/bin/pulledpork.pl -V

Step13. Configure Dynamic Rules for Snort

vi /etc/snort/snort.conf

–path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/lib64/snort-
–path to base preprocessor engine
dynamicengine /usr/lib64/snort-
–path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules

Step14. Execute following Command

echo “include \$RULE_PATH/so_rules.rules” >> /etc/snort/snort.conf
echo “include \$RULE_PATH/local.rules” >> /etc/snort/snort.conf
echo “include \$RULE_PATH/snort.rules” >> /etc/snort/snort.conf

Step15. Restart the service

ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
systemctl restart snortd

Step16. Check version

snort -v


Please enter your comment!
Please enter your name here