Snort IPS

Support for security such as Firewalls and securing linux
Post Reply
simsym05
Posts: 37
Joined: 2012/04/28 12:08:56
Location: Tunisia
Contact:

Snort IPS

Post by simsym05 » 2012/06/01 08:40:08

Good morning;

can you please help to understand if Snort IPS installation instruction for centos 5.5 are the same for centos 6.2?

if no, could you please help me to have the step by step how can i download and install Snort for CentOS 6.2, and how could i check it from another machine.

Thanks in advance.

unspawn
Posts: 172
Joined: 2006/12/11 12:28:52

Snort IPS

Post by unspawn » 2012/06/03 09:25:34

[quote]could you please help me to have the step by step how can i download and install Snort for CentOS 6.2, [/quote]
Regardless of what you choose your development machine (you better not be compiling software to on a production machines) should have the gcc gcc-c++ flex bison pcre-devel zlib-devel libpcap-devel automake and libtool packages installed. If you install the Snort.org-provided snort-2.9.2.3-1.RHEL6.i386.rpm then it should list and search your configured Yum repos for dependencies to install with it. If they can't be found, or if you install Snort from its source tarball, you currently need to install minimally libdnet-1.12.tgz from libdnet.googlecode.com and daq-0.6.2.tar.gz from snort.org/snort-downloads/ before you compile and install Snort. Each tarball comes with plain text files called README and INSTALL which you will read and follow instructions from.


[quote]and how could i check it from another machine.[/quote]
Load a simple string match rule like [code]alert tcp any any -> any any (content: "EICAR"; msg: "Hi, I'm your lame EICAR string test!";)[/code] start Snort, now send a request to any open TCP port on the host using curl, telnet or scapy and include the string "EICAR" in any URI, user name or other string and it should show up in whatever log method you configured Snort with. Of course you're free to test your installation against any of the Snort-provided or Emerging Threats rule sets.

simsym05
Posts: 37
Joined: 2012/04/28 12:08:56
Location: Tunisia
Contact:

Re: Snort IPS

Post by simsym05 » 2012/06/14 03:27:40

IT IS really very complicayed, but i'm still working on that, i have somme error message when i'm tring to configure snort,

i'm going to restart the installation, it is a real mess :-(

Post Reply

Return to “CentOS 6 - Security Support”