http://www.tuicool.com/articles/v6j2Ab

Snort is by far the most popular open-source network intrusion detection and prevention system (IDS/IPS) for Linux. Snort can conduct detailed traffic analysis, including protocol analysis, packet content searching and matching, all in real-time. The latest Snort rule sets are available for download either for free or with a paid subscription.

You can install Snort from its source code or binary rpm/deb packages on Linux. There are several reasons why you want to build Snort from source code, not install it from Linux packages. For example, you want to use the latest version of Snort, which may not be available in Linux distro repositories. Also, you may want to customize Snort binary in any way (e.g., plug in a custom DAQ module, use a particular version of libpcap library, etc.).

In this tutorial, I will describe how to compile and install Snort from source code .
Compile and Install Snort and Its Dependencies

First, install prerequisites for compiling Snort.
$ sudo apt-get install flex bison build-essential checkinstall libpcap-dev libnet1-dev libpcre3-dev libmysqlclient15-dev libnetfilter-queue-dev iptables-dev

Next, build and install libdnet from its source code. The “-fPIC” C flag is necessary if you compile it on 64-bit platform.
$ wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz
$ tar xvfvz libdnet-1.12.tgz
$ ./configure “CFLAGS=-fPIC”
$ make
$ sudo checkinstall

The checkinstall command above will build .deb package. and while doing so, ask you several questions. You can accept default values.

Install .deb package, and create a symbolic link where Snort looks for libdnet .
$ sudo dpkg -i libdnet_1.12-1_amd64.deb
$ sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

Next, build and install DAQ (Data Acquisition) library. DAQ is an abstraction layer for packet I/O, which allows you to plug different DAQ modules into Snort, to support different hardware/software interfaces for packet I/O, without changing Snort itself. DAQ source code is available from here .
$ tar xvfvz daq-2.0.0.tar.gz
$ cd daq-2.0.0
$ ./configure
$ make
$ sudo checkinstall
$ sudo dpkg -i daq_2.0.0-1_amd64.deb

Next, compile and install Snort itself. Snort source code is available here .
$ tar xvfvz snort-2.9.5.tar.gz
$ cd snort-2.9.5
$ ./configure
$ make
$ sudo checkinstall
$ sudo dpkg -i snort_2.9.5-1_amd64.deb
$ sudo ln -s /usr/local/bin/snort /usr/sbin/snort

Finally, run ldconfig command, so that dynamic linker run-time bindings for libdnet and DAQ libraries are properly set up.
$ sudo ldconfig -v

After this, verify that Snort is installed successfully.
$ snort -V

,,_     -*> Snort! <*-
  o"  )~   Version 2.9.5 GRE (Build 103)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.3.0
           Using PCRE version: 8.31 2012-07-06
           Using ZLIB version: 1.2.7

Configure Snort and Download Snort Rule Sets

After installation, go ahead and configure Snort as follows.

For security reason, it is recommended to create a separate Linux user which Snort will run as.
$ sudo groupadd snort
$ sudo useradd snort -d /var/log/snort -s /sbin/nologin -c SNORT_IDS -g snort

Create a log directory for Snort.
$ sudo mkdir /var/log/snort
$ sudo chown snort:snort /var/log/snort

Download Snort rule sets . You can download a registered user release for free. After download, install and configure Snort rules as follows.
$ sudo mkdir /etc/snort
$ sudo tar xvfvz snortrules-snapshot-2950.tar.gz -C /etc/snort
$ sudo touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
$ sudo mkdir /usr/local/lib/snort_dynamicrules
$ sudo chown -R snort:snort /etc/snort/*
$ sudo mv /etc/snort/etc/* /etc/snort

Edit a default Snort configuration to point to correct ruleset directories. Also define HOME_NET which is the network to protect with Snort.
$ sudo vi /etc/snort/snort.conf

var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
ipvar HOME_NET 192.168.1.0/24
ipvar EXTERNAL_NET !$HOME_NET

Run Snort in Self-Test Mode

After configuration is done, you can test Snort by using the following command. This command will launch Snort in self-test mode, and check if rules are successfully loaded. I assume that eth0 is the network interface that Snort is listening on.
$ sudo snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf

If Snort passes all the tests successfully, you should see the following messages:

Snort successfully validated the configuration!
Snort exiting

How to compile and install Snort from source code on Ubuntu的更多相关文章

  1. Increasing heap size while building the android source code on Ubuntu 15.10

    http://stackoverflow.com/questions/34940793/increasing-heap-size-while-building-the-android-source-c ...

  2. How to compile and install Linux Kernel 5.1.2 from source code

    How to compile and install Linux Kernel 5.1.2 from source code Compiling a custom kernel has its adv ...

  3. How to Build MySQL from Source Code on Windows & compile MySQL on win7+vs2010

    Not counting obtaining the source code, and once you have the prerequisites satisfied, [Windows] use ...

  4. Ubuntu 16.04上源码编译Poco并编写cmake文件 | guide to compile and install poco cpp library on ubuntu 16.04

    本文首发于个人博客https://kezunlin.me/post/281dd8cd/,欢迎阅读! guide to compile and install poco cpp library on u ...

  5. Windows 10上源码编译Poco并编写httpserver和tcpserver | compile and install poco cpp library on windows

    本文首发于个人博客https://kezunlin.me/post/9587bb47/,欢迎阅读! compile and install poco cpp library on windows Se ...

  6. Maven学习笔记1(clean compile package install)

    Maven是一个项目构建管理工具,使用相应的命令 就可以快速完成项目的编译 打包. 1.下载maven,直接解压目录就可以了,配置maven的环境变量就可以在window下的任何文件夹下以命令的方式执 ...

  7. mvn clean compile package install deploy

    (1) package 目的是打包,在pom中,如果是jar就会打包成jar,如果是war就会打包成war 在pom.xml中: <modelVersion></modelVersi ...

  8. ubuntu 16.04上源码编译和安装cgal并编写CMakeLists.txt | compile and install cgal on ubuntu 16.04

    本文首发于个人博客https://kezunlin.me/post/39ab7ed9/,欢迎阅读最新内容! compile and install cgal on ubuntu 16.04 Guide ...

  9. ubuntu 16.04 上编译和安装C++机器学习工具包mlpack并编写mlpack-config.cmake | tutorial to compile and install mplack on ubuntu 16.04

    本文首发于个人博客https://kezunlin.me/post/1cd6a04d/,欢迎阅读最新内容! tutorial to compile and install mplack on ubun ...

随机推荐

  1. Ubuntu将网卡名称eno160改为eth0并且设置静态IP

    修改配置文件/etc/default/grub GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" 设置生效 update-grub ...

  2. C# 各类常见Exception 异常信息

    一直对报错有些迷惑的地方,什么时候try,catch那些Exception更合适,报错信息更能快速定位问题所在... 转载链接← 正文 Exception: 所有异常对象的基类. SystemExce ...

  3. [No000011F]Python教程2/9-安装Python 及其解释器介绍

    因为Python是跨平台的,它可以运行在Windows.Mac和各种Linux/Unix系统上.在Windows上写Python程序,放到Linux上也是能够运行的. 要开始学习Python编程,首先 ...

  4. 文本分类-TensorRT优化结果对比图

    做的文本二分类,使用tensorRT进行图优化和加速,输出预测概率结果对比如下: 从结果对比来看,概率值有微小的变化,但不影响最终的分类

  5. webpack学习笔记-2-file-loader 和 url-loader

    一 .前言 如果我们希望在页面引入图片(包括img的src和background的url).当我们基于webpack进行开发时,引入图片会遇到一些问题. 其中一个就是引用路径的问题.拿backgrou ...

  6. [about remote controller]--mstsc-teamviewer-vnc,nomachine

    https://www.jianshu.com/p/c80db368ed8a https://www.nomachine.com/download Ubuntu安装VNC,VNC却无法随系统启动,遂换 ...

  7. linux系统操作笔记

    tar  cvf  test.tar  /etc gzip  test.tar bzep2 test.tar 归档压缩 tar czf  test.tar.gz  /etc vi  /etc/test ...

  8. Log4j使用注意点

    Porting log4j到指定项目的时候需要注意: 1. log4j选择字符集的时候通过CMake来更改配置,防止出错; 2.

  9. mysql学习【第4篇】:MySQL函数和编程

    狂神声明 : 文章均为自己的学习笔记 , 转载一定注明出处 ; 编辑不易 , 防君子不防小人~共勉 ! mysql学习[第4篇]:MySQL函数 官方文档 : 官方文档 常用函数 分类: 数学函数 , ...

  10. day5_集合

    集合也是一种数据类型,一个类似列表东西,它的特点是无序的,不重复的,也就是说集合中是没有重复的数据 集合的作用: 1.它可以把一个列表中重复的数据去掉,而不需要你再写判断---天生去重 2.可以做关系 ...