The Snort version available for Lucid is 2.8.5.2, for which snort rules are not available anymore. Is there a ppa for the updated version of snort or are there any good tutorials for installing snort from source.
Install via PPAs
The linked PPA has snort v2.9:
sudo add-apt-repository ppa:ebf0/gamelinux
sudo apt-get update
From my reading of the rules - any v2.9.x meets the rule standards - the .x are just stability updates.
Another PPA I've found is ppa:hurricanedefense/testing which contains v2.9.1 of snort.
As with all PPAs - these are for testing purposes and may make your system unstable. Have a full image backup available. You can also install ppa-purge to remove PPAs. N.B. enable the backports software source to install ppa-purge
Install via compilation
Data AcQuisition library
Download some prerequisites:
sudo apt-get install flex bison build-essential checkinstall libpcap0.8-dev libnet1-dev
Now download and extract the latest daq source code from snort.org
cd daq-0.6.1/
./configure
make
sudo checkinstall
sudo dpkg -i daq_0.6.1-1_i386.deb
Libdnet
wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xvfz libdnet-1.12.tgz
cd libdnet-1.12/
./configure
make
sudo checkinstall
sudo dpkg -i libdnet_1.12-1_i386.deb
sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
Snort
sudo apt-get install libpcre3-dev libmysqlclient15-dev
Now download and extract the latest snort source code from snort.org
cd snort-2.9.1
./configure --with-mysql --enable-build-dynamic-examples --enable-gre --enable-reload --enable-linux-smp-stats --enable-zlib
make
sudo checkinstall
sudo dpkg -i snort_2.9.1-1_i386.deb
sudo ldconfig
At this point you need to configure the snort.conf file according to your environment.
No comments:
Post a Comment