Snort_2.9.15.1.pdf - Snort 2.9.15.1 on Centos 7 Milad Rezaei R&D Shatel group of companies Install In this tutorial we show how to install and configure

Snort_2.9.15.1.pdf - Snort 2.9.15.1 on Centos 7 Milad...

This preview shows page 1 - 6 out of 28 pages.

Snort 2.9.15.1 on Centos 7 Milad Rezaei R&D, Shatel group of companies January 28, 2020
Image of page 1
Install In this tutorial, we show how to install and configure snort 2.9.15.1 & Swatch & ELK stack on CentOS 7.7. First, update the OS: (We can install snort from source or install it using precompiled package exists in snort.org) Snort provides rpm package for CentOS 7, which can be install simply with the below command: Installing from the source Install necessary packages: We will download and store source files in the following folder: Snort requires Libpcap and DAQ and we need to install them before installing snort: Note: Some network cards have features which can affect Snort. Two of these features are named "Large Receive Offload" (lro) and "Generic Receive Offload" (gro). With these features enabled, the network card performs packet reassembly before they're processed by the kernel. yum update -y yum install epel-release -y yum install gcc gcc-c++ libnetfilter_queue libnetfilter_queue-devel git flex bison zlib zlib-devel pcre pcre-devel libdnet libdnet-devel tcpdump libnghttp2 wget xz-devel lzma - y mkdir ~/snort_src cd ~/snort_src yum install
Image of page 2
By default, Snort will truncate packets larger than the default snaplen of 1518 bytes. In addition, LRO and GRO may cause issues with Stream target-based reassembly. We recommend that you turn off LRO and GRO. On linux systems, you can run: Install libpcap Install DAQ Install Snort: wget tar xzvf libpcap-1.8.1.tar.gz cd libpcap-1.8.1 ./configure && make && make install yum install libpcap-devel -y cd .. wget tar xvfz daq-2.0.6.tar.gz cd daq-2.0.6 ./configure && make && make install cd .. wget tar -xvzf snort-2.9.15.1.tar.gz cd snort-2.9.15.1 ./configure --enable-sourcefire && make && make install ethtool -K eth1 gro off ethtool -K eth1 lro off
Image of page 3
Configuration Now we need to edit some configuration files, download the rules from snort.org and take snort for a test run. First, we will update shared library: Snort on CentOS is installed in /usr/local/bin/snort directory, it is a good practice to create a symbolic link to /usr/sbin/snort. (If you installed Snort with yum you can skip this command .) To verify the installation of snort use the command below: If you get error while loading shared libdnet.1 libraries, create the following link and try again. To run Snort on CentOS safely without root access, we should create a new unprivileged user and a new user group for the daemon. (If you installed Snort with yum you can skip this command.) ldconfig ln -s /usr/local/bin/snort /usr/sbin/snort snort -v ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1 groupadd snort useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
Image of page 4
Then create the folder structure to keep the Snort configuration, use commands below. If you installed Snort using yum these directories should have already been added at install, check to make sure.
Image of page 5
Image of page 6

You've reached the end of your free preview.

Want to read all 28 pages?

  • Fall '19
  • configuration file, snort, Configuration files, INI file

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture