Print
Parent Category: Tutorials
Hits: 4751



# Installation
cd /usr/ports/net/snort
make install
mkdir -p /etc/snort/rules
cd /usr/local/share/examples/snort
cp *.rules /etc/snort/rules
cp *.conf* /etc/snort

useradd -c "Snort daemon" -s /sbin/nologin -d /nonexistent -g =uid _snort

# Add the log directory.
mkdir -p /var/log/snort
chown _snort._snort /var/log/snort
chmod 700 /var/log/snort

# Edit snort.conf.
# Configure the HOME_NET variable if you care that much.
# Change RULES_PATH to "/etc/snort/rules"

# Start the daemon.
/usr/local/bin/snort -D -d -c /etc/snort/snort.conf -u _snort -g _snort

# Add to /etc/rc.conf.local
echo "snort=YES" >> /etc/rc.conf.local

# add to /etc/rc.local
if [ X"${snort}" == X"YES" -a -x /usr/local/bin/snort ]; then
echo -n " snort"; /usr/local/bin/snort -D -d -c /etc/snort/snort.conf -u _snort -g _snort
fi

# Add to /etc/newsyslog.conf
echo "/var/log/snort/alert    _snort:_snort   640  10    *  *     Z /var/run/snort_hme0.pid" >> /etc/newsyslog.conf

# Snort status reports
# Get snort-stat
# Is there a non-Debian-packaged version of this script?
wget http://mirrorshades.net/~bda/code/scripts/snort-stat
chmod 750 snort-stat
mv snort-stat /usr/local/sbin

# Patch snort-stat
wget http://mirrorshades.net/~bda/code/patches/snort-stat-2004.05.26.diff
patch /usr/local/sbin/snort-stat snort-stat-2004.05.26.diff

# If you care this much:
# rm /usr/local/sbin/snort-stat.orig

# Get snort_report.sh crontab.
wget http://mirrorshades.net/~bda/code/scripts/snort_report.sh
chmod 750 snort_report.sh
mv snort_report.sh /usr/local/sbin

# Add snort-stat cron to root's crontab:
00      6       *       *       *       /bin/sh /usr/local/sbin/snort_report.sh

# If want to make sure the snort comes up on a reboot, reboot the machine now.

Note:

We use Hosting and VPS Hosting, from: www.star-host.org

We like and trust them.

Good prices, high security.