Snort IDS tips for VARs a

Installing Snort: Installation

These examples use FreeBSD, although any Unix-like system will behave similarly. Because installing Snort on a Windows platform does not provide the same degree of flexibility and simplicity, I suggest following this article using your favorite Unix-like operating

    Requires Free Membership to View

system.

Many operating systems (including FreeBSD) provide precompiled Snort packages, or frameworks for building Snort from source (like the FreeBSD ports tree). I recommend installing Snort from source code if at all possible. Snort is not the sort of program one should allow to be automatically updated using package management tools, due to the features added and/or removed with each new version.

First, install the Perl Compatible Regular Express (PCRE) library. In this example we use a precompiled FreeBSD package; this does not affect our plans to compile Snort from source.

freebsd61-generic:/root# pkg_add -r pcre

Next, create a directory to hold Snort. I suggest create a dedicated directory to facilitate maintaining multiple versions of Snort. For example, this method allows installing Snort 2.6.1 in its own directory, leaving the option to separately install and test Snort 2.6.2 when available.

freebsd61-generic:/root# mkdir -p /usr/local/snort-2.6.1

Now retrieve and extract the Snort archive.

We are ready to see what options Snort supports at compile-time. I've selected a few that are relevant to this article. It's important to realize that Snort offers dozens of options, which we can try invoking in future tests.

We need to install Snort into a specified directory, and we also want dynamic plugins.

With Snort installed, we can check what has appeared in our directory.

We can test Sort by executing the snort binary with the -V flag.

Snort provides extensive help via the --help (not -h) switch.

freebsd61-generic:/usr/local/snort-2.6.1# bin/snort --help

Snort also offers a manual page. To read it, we need to tell the man program where to look using the -M switch.


Snort: Fundamentals and installation tips for the channel

 Introduction
 Installation
 Sniffer mode
 Packet logger mode
 Intrusion detection mode
 Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog (taosecurity.blogspot.com).


This was first published in December 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: