8/18/2019 Instalar Snort en Ubuntu

1/7

ntroduction

we have discussed about Snort NIDS in detail in our previous tutorial, In this article we have tried simplify the

process of installing snort with Ubuntu.

Requirements

• Ubuntu 14.4!1".4 #S

• $atest D%& 'ac(age available with https://www.snort.org/downloads 

• $atest Snort 'ac(age available with https://www.snort.org/downloads

• ')%' pac(age available with Ubuntu

• $ibdnet pac(age available with Ubuntu

• D)*+ pac(age available with Ubuntu

• #ur hosname is snort

• #ur ubuntu user is snort

• Snort Server I' %DD* 1-.1/.1.1

0e will configure snort via remote ') using ssh

nstallation Steps

1. Update system

-. Install sshserver

2. Install Snort re3uisites

4. Install Snort D%& re3uisites

". )reate a new directory to download pac(age download Snort D%& and Install D%&.

. Download and Install Snort in Same directory created in above step

. )onfigure Snort and test your installation

/. )reate Directories to configure snort to run in nids mode

nstallation

First of all prepare Snort Desktop

# apt-get update

# apt-get install openssh-server

# reboot

Make sure ethtool is installed

# apt-get install ethtool

Make sure buildessential is installed

# apt-get install -y build-essential

http://www.unixmen.com/install-snort-nids-centos-7/http://www.unixmen.com/install-snort-nids-centos-7/https://www.snort.org/downloadshttps://www.snort.org/downloadshttps://www.snort.org/downloadshttps://www.snort.org/downloadshttp://www.unixmen.com/install-snort-nids-centos-7/

8/18/2019 Instalar Snort en Ubuntu

2/7

nstall Snort prerequisites

nstall libpcapde!" libpcre#de!" $lib%gde! and libdumbnetde! packages

# apt-get install -y libpcap-dev

# apt-get install libpcre3-dev

# apt-get install -y libdumbnet-dev

# apt-get install zlib1g-dev

nstall Snort D&' (rerequisites

ison and fle) are the requirement for Snort D&' installation

# apt-get install bison flex

*reate a separate director+ in which will will install tar packages of snort and Snort D&'

# mkdir /home/snort/snort_src

*hange working director+ to newl+ created director+.

# cd /home/snort/snort_src/

Download and install latest !ersion of D&'

# wget https//www!snort!org/downloads/snort/da"-!$!%!tar!gz

nstall the (ackage

# tar -xvf da"-!$!%!tar!gz

# cd da"-!$!%

# cd da"-!$!%

# !/configure

# make root&snort/home/snort/snort_src/da"-!$!%# make install

nstall Snort in same director+

# wget https//www!snort!org/downloads/snort/snort-!'!(!)!tar!gz

,)tract and Install the snort package

# gunzip snort-!'!(!)!tar!gz

# tar -xvf snort-!'!(!)!tar

# cd snort-!'!(!)

# !/configure --enable-sourcefire

8/18/2019 Instalar Snort en Ubuntu

3/7

# make

# make install

# ldconfig

*reate a Soft -ink for Snort binar+

# ln -s /usr/local/bin/snort /usr/sbin/snort

erif+ +our Snort is installed correctl+ or not

# snort -*

*onfigure Snort for IDS Mode

*reate following Directories

# mkdir /etc/snort# mkdir /etc/snort/rules# mkdir /etc/snort/preproc_rules# touch /etc/snort/rules/white_list!rules# touch /etc/snort/rules/black_list!rules# touch /etc/snort/rules/local!rules

*reate -og Director+ for snort

# mkdir /var/log/snort

*reate a Director+ for snort D+namics rules

# mkdir /usr/local/lib/snort_dynamicrules

*hange permissions

# chmod -+ )(() /etc/snort/# chmod -+ )(() /var/log/snort/# chmod -+ )(() /usr/local/lib/snort# chmod -+ )(() /usr/local/lib/snort_dynamicrules/

http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0071.png

8/18/2019 Instalar Snort en Ubuntu

4/7

*op+ 0.conf and 0.map files from snort download director+ to /etc/snort

# cp /home/snort/snort_src/snort-!'!(!)/etc/,!conf, /etc/snort/# cp -v /home/snort/snort_src/snort-!'!(!)/etc/,!map, /etc/snort/

*onfigure /etc/snort/snort.conf 

5efore editing snort.conf get the bac(up of that file first

# cp /etc/snort/snort!conf /etc/snort/snort!conf_orig

1i!e following *ommand

# sed -i s/include .+02._456/#include .+02._456/ /etc/snort/snort!conf

Note:Above Command will comment all rulesets which we will edit line by line

1o to line 23 of /etc/snort/snort.conf" edit to make like below

ipvar HOME_NET 192.168.1.0/24

ipvar EXTERNAL_NET !$HOME_NET

ote: replace abo!e ip address with +our ip address5

1o to line %62 and put following entries

var +02_456 /etc/snort/rulesvar 78_+02_456 /etc/snort/so_rulesvar +2+89_+02_456 /etc/snort/preproc_rulesvar :6;52_;75_456 /etc/snort/rulesvar

8/18/2019 Instalar Snort en Ubuntu

5/7

7o enable local rules go to line 33% and uncomment following line

##include +02_456/local!rules

http://www.unixmen.com/wp-content/uploads/2015/09/Selection_010.pnghttp://www.unixmen.com/wp-content/uploads/2015/09/Selection_0091.png

8/18/2019 Instalar Snort en Ubuntu

6/7

a!e and 'uit

Now Download )ommunity rules from following lin(

https://www.snort.org/downloads/communit+/communit+rules.tar.g$

+6tract these rules and copy to /etc/snort/rules.

*un following )ommand 78his time i am logged in directly to the Ubuntu 9:, only to ma(e sure that every

hing is wor(ing properly;

# snort -5 -c /etc/snort/snort!conf

Sample #ut put

8/18/2019 Instalar Snort en Ubuntu

7/7

8a!e Fun99

=uente http