Snort Fedora 14
Páginas: 17 (4129 palabras)
Publicado: 20 de octubre de 2011
Snort 2.9.0.5 Fedora 14 Installation Guide
Overview: Whatʼs Snort?" Scope and Limitations" Whatʼs New in This Version?" Assumptions" As root or not as root...." Why Snort in VM?" VMWare Settings" Set up Fedora Build" Get libnet, libdnet, daq, Snort, BASE, adodb and Barnyard2" Finish System Set-up and Compile Snort " Set up Snort Environment " Edit snort.conf" Set up MySQL" Gettinʼ GUI with it" Barnyard Output (not as bad as it sounds)" A Few More Steps in the Barnyard" Starting Snort and Finishing Barnyard Config"
4 4 4 4 4 5 5 6 7 8 9 10 10 11 12 12 12
Test Snort " Starting Snort Automatically" Starting Barnyard2 Automatically" Updating Rules Automatically" Future Topics"
13 13 14 15 19
Overview: What’s Snort?
Snort is an open source Intrusion Detection/Preventionapplication (IPS) written in 1998 by Marty Roesch. It is the world’s most widely used IPS and has been downloaded over 4 million times. The 250,000+ active Snort users worldwide contribute new rules, plugins and complimentary applications to work with Snort.
Scope and Limitations
This paper covers Snort, not Linux system, web or database administration and is offered with no explicit or impliedwarranty. All code referenced in this paper is open source. This paper is focused on the initial installation of Snort with some supporting applications. Tuning, rule writing, policy definition and other operational issues are outside this scope.
What’s New in This Version?
In addition to being updated for Fedora 14, Snort 2.9.0.5 and newer versions of BASE and Barnyard, this version of theSnort Setup Guide includes a a new section on starting Snort and Barnyard as a service.
Assumptions
This paper will cover the installation of Snort 2.9.0.5 on Fedora 14 with:
• • • • • • • MySQL 5.0.77 Libnet 1.0.2a Libpcap 1.0.0-5 BASE-1.4.5 Barnyard2-1.8 Apache 2.2.11 Using VMWare
As root or not as root....
This paper is assuming all work is done as root. This is a bad security practice ingeneral and is not recommended for systems that are going to be in place in a production security environment. The main reasons for this assumption are twofold: one, the author is lazy. Two, the author initially
wrote the paper from the perspective of running in VMWare in a test environment. Since the audience for this paper has largely been people running Snort on a dedicated system, one ofthe future tasks for the author will be to re-do it not using root, but rather a snort user instead.
Why Snort in VM?
As a laptop user, I am mobile and often have to use public guest networks, such as those in hotels, coffee shops and others. One never knows when such an environment can be hostile (just because I’m paranoid doesn’t mean that people aren’t trying to get me). Also, using a webbased GUI means that a web port has to be open, as well as MySQL. So I find that it’s helpful to have these on a virtual machine so that I don’t have these ports open on my laptop OS. Last, snapshots are your friend. VMWare allows users to capture the virtual machine’s state at a point in time, which can be later restored. This is a huge advantage in the case that mistakes were made or the virtualmachine has become unstable. If only real life was like that.... All of this being said, the instructions in this paper should also work for native Fedora and CentOS systems. It just won’t cover any of the machine specific details.
VMWare Settings
Within VMWare, the following settings are recommended: • 1024 MB RAM • 20 GB Disk • Eth0 host only network • Eth1 bridged to host interface • Nosound device, printer or accessories
Set up Fedora Build
First, download Fedora14 from http://fedoraproject.org. Once the operating system is installed from defaults, several packages will have to be installed to support the Snort installation and its supporting applications. I created bubba as my non-root user and bubba’s home directory is referred to throughout this paper. If another user...
Overview: Whatʼs Snort?" Scope and Limitations" Whatʼs New in This Version?" Assumptions" As root or not as root...." Why Snort in VM?" VMWare Settings" Set up Fedora Build" Get libnet, libdnet, daq, Snort, BASE, adodb and Barnyard2" Finish System Set-up and Compile Snort " Set up Snort Environment " Edit snort.conf" Set up MySQL" Gettinʼ GUI with it" Barnyard Output (not as bad as it sounds)" A Few More Steps in the Barnyard" Starting Snort and Finishing Barnyard Config"
4 4 4 4 4 5 5 6 7 8 9 10 10 11 12 12 12
Test Snort " Starting Snort Automatically" Starting Barnyard2 Automatically" Updating Rules Automatically" Future Topics"
13 13 14 15 19
Overview: What’s Snort?
Snort is an open source Intrusion Detection/Preventionapplication (IPS) written in 1998 by Marty Roesch. It is the world’s most widely used IPS and has been downloaded over 4 million times. The 250,000+ active Snort users worldwide contribute new rules, plugins and complimentary applications to work with Snort.
Scope and Limitations
This paper covers Snort, not Linux system, web or database administration and is offered with no explicit or impliedwarranty. All code referenced in this paper is open source. This paper is focused on the initial installation of Snort with some supporting applications. Tuning, rule writing, policy definition and other operational issues are outside this scope.
What’s New in This Version?
In addition to being updated for Fedora 14, Snort 2.9.0.5 and newer versions of BASE and Barnyard, this version of theSnort Setup Guide includes a a new section on starting Snort and Barnyard as a service.
Assumptions
This paper will cover the installation of Snort 2.9.0.5 on Fedora 14 with:
• • • • • • • MySQL 5.0.77 Libnet 1.0.2a Libpcap 1.0.0-5 BASE-1.4.5 Barnyard2-1.8 Apache 2.2.11 Using VMWare
As root or not as root....
This paper is assuming all work is done as root. This is a bad security practice ingeneral and is not recommended for systems that are going to be in place in a production security environment. The main reasons for this assumption are twofold: one, the author is lazy. Two, the author initially
wrote the paper from the perspective of running in VMWare in a test environment. Since the audience for this paper has largely been people running Snort on a dedicated system, one ofthe future tasks for the author will be to re-do it not using root, but rather a snort user instead.
Why Snort in VM?
As a laptop user, I am mobile and often have to use public guest networks, such as those in hotels, coffee shops and others. One never knows when such an environment can be hostile (just because I’m paranoid doesn’t mean that people aren’t trying to get me). Also, using a webbased GUI means that a web port has to be open, as well as MySQL. So I find that it’s helpful to have these on a virtual machine so that I don’t have these ports open on my laptop OS. Last, snapshots are your friend. VMWare allows users to capture the virtual machine’s state at a point in time, which can be later restored. This is a huge advantage in the case that mistakes were made or the virtualmachine has become unstable. If only real life was like that.... All of this being said, the instructions in this paper should also work for native Fedora and CentOS systems. It just won’t cover any of the machine specific details.
VMWare Settings
Within VMWare, the following settings are recommended: • 1024 MB RAM • 20 GB Disk • Eth0 host only network • Eth1 bridged to host interface • Nosound device, printer or accessories
Set up Fedora Build
First, download Fedora14 from http://fedoraproject.org. Once the operating system is installed from defaults, several packages will have to be installed to support the Snort installation and its supporting applications. I created bubba as my non-root user and bubba’s home directory is referred to throughout this paper. If another user...
Leer documento completo
Regístrate para leer el documento completo.