良玉的博客 点点滴滴,积水成河_良玉的博客_页游、手游linux运维工程师之路

snort安装、配置及报错解决

官网下载:

https://www.snort.org/#documents


wget https://www.snort.org/downloads/snort/daq-2.0.2.tar.gz

wget https://www.snort.org/downloads/snort/snort-2.9.6.2.tar.gz
tar xvfz daq-2.0.2.tar.gz
cd daq-2.0.2
./configure;
报错:
    ERROR!  Libpcap library version >= 1.0.0 not found.
    Get it from http://www.tcpdump.org
解决:
yum install -y *pcap*
./configure;
又报错:
ERROR!  dnet header not found, go get it from
   http://code.google.com/p/libdnet/ or use the --with-dnet-*
   options, if you have it installed in an unusual place
下载:
wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xvf libdnet-1.12.tgz
cd libdnet-1.12
./configure ;make; make install
./configure; make; make install
安装snort
tar xvfz snort-2.9.6.2.tar.gz
cd snort-2.9.6.2
./configure --enable-sourcefire; make; make install
安装好后,又报错
# snort -v
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
# cd /usr/
# find . -name "libdnet.1"
./local/lib/libdnet.1
发现有文件,那肯定是地方不对或者文件名不对
#export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
#cp libdnet libdnet.so
#cp libdnet.1 libdnet.1.so
#ldconfig
好了,搞定
# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.6.2 GRE (Build 77) 
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.4.0
           Using PCRE version: 8.12 2011-01-15
           Using ZLIB version: 1.2.3



snort的配置

我共享的配置http://yun.baidu.com/s/1hblqI

# mkdir /etc/snort/
# tar zxvf snortrules-snapshot-2956.tar.gz
# mv etc/* .
chown -R root:root .
# vim /etc/snort/etc/snort.conf
修改
var RULE_PATH /etc/snort/etc/rules
var SO_RULE_PATH /etc/snort/etc/so_rules
var PREPROC_RULE_PATH /etc/snort/etc/preproc_rules
var WHITE_LIST_PATH /etc/snort/etc/rules
var BLACK_LIST_PATH /etc/snort/etc/rules
output unified2: filename /var/log/snort/snort.u2, limit 128
# mkdir /usr/local/lib/snort_dynamicrules
# mkdir /usr/local/lib/snort_dynamicpreprocessor/
# mkdir /var/log/snort
# useradd snort
# chown snort:snort /var/log/snort
# touch /etc/snort/rules/white_list.rules
# touch /etc/snort/rules/black_list.rules
启动snort
# snort -d -u snort -g snort -l /var/log/snort -c /etc/snort/etc/snort.conf


标签: snort安装报错

作者:良玉 分类:snort 浏览:3280 评论:0
留言列表
发表评论
来宾的头像