Snort 22.214.171.124 on Centos 7 Milad Rezaei R&D, Shatel group of companies January 28, 2020
Install In this tutorial, we show how to install and configure snort 126.96.36.199 & Swatch & ELK stack on CentOS 7.7. First, update the OS: (We can install snort from source or install it using precompiled package exists in snort.org) Snort provides rpm package for CentOS 7, which can be install simply with the below command: Installing from the source Install necessary packages: We will download and store source files in the following folder: Snort requires Libpcap and DAQ and we need to install them before installing snort: Note: Some network cards have features which can affect Snort. Two of these features are named "Large Receive Offload" (lro) and "Generic Receive Offload" (gro). With these features enabled, the network card performs packet reassembly before they're processed by the kernel. yum update -y yum install epel-release -y yum install gcc gcc-c++ libnetfilter_queue libnetfilter_queue-devel git flex bison zlib zlib-devel pcre pcre-devel libdnet libdnet-devel tcpdump libnghttp2 wget xz-devel lzma -y mkdir ~/snort_src cd ~/snort_src yum install
By default, Snort will truncate packets larger than the default snaplen of 1518 bytes. In addition, LRO and GRO may cause issues with Stream target-based reassembly. We recommend that you turn off LRO and GRO. On linux systems, you can run: Install libpcap Install DAQ Install Snort: wget tar xzvf libpcap-1.8.1.tar.gz cd libpcap-1.8.1 ./configure && make && make install yum install libpcap-devel -y cd .. wget tar xvfz daq-2.0.6.tar.gz cd daq-2.0.6 ./configure && make && make install cd .. wget tar -xvzf snort-188.8.131.52.tar.gz cd snort-184.108.40.206 ./configure --enable-sourcefire && make && make install ethtool -K eth1 gro off ethtool -K eth1 lro off
Configuration Now we need to edit some configuration files, download the rules from snort.org and take snort for a test run. First, we will update shared library: Snort on CentOS is installed in /usr/local/bin/snort directory, it is a good practice to create a symbolic link to /usr/sbin/snort. (If you installed Snort with ‘yum’you can skip this command.)To verify the installation of snort use the command below: If you get error while loading shared libdnet.1 libraries, create the following link and try again. To run Snort on CentOS safely without root access, we should create a new unprivileged user and a new user group for the daemon. (If you installed Snort with ‘yum’you can skip this command.) ldconfig ln -s /usr/local/bin/snort /usr/sbin/snort snort -v ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1 groupadd snort useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
Then create the folder structure to keep the Snort configuration, use commands below. If you installed Snort using yum these directories should have already been added at install, check to make sure.
You've reached the end of your free preview.
Want to read all 28 pages?
configuration file, snort, Configuration files, INI file