Nov 14

So after quite a few hours of screwing around, I got a simple install of Snort running with BASE on Ubuntu Server 9.1.  So here’s what I used …

  1. This is 98% of what you need … http://www.howtoforge.com/intrusion_detection_base_snort_p4
  2. You’ll need to download a current copy of the VRT rules .. http://www.snort.org/snort-rules/?#rules … decompress and install into /etc/snort/rules
  3. To avoid this error …snort: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directoryAfter you compiling and installing the newest libpcre you’ll need to do this …

    cp /usr/local/lib/libpcre.so.0 /usr/lib

    (found that here  .. http://ubuntuforums.org/archive/index.php/t-107197.html)

  4. To configure auto updating of the VRT rules you’ll need to get your own Oinkcode … http://www.snort.org/account/oinkcode … with your code in hand do this …apt-get install oinkmaster

    Edit /etc/oinkmaster.conf and replace the default Oinkcode with your Oinkcode. Then run …

    oinkmaster -o /etc/snort/rules

    Create a cronjob to run the above command as often as you’d like, once every 24 hours?

  5. Don’t forget to do this for BASE …pear install Mail
    pear install Mail_Mime
  6. Lastly, you’ll probably want a startup script for Snort, so look here …http://vrt-sourcefire.blogspot.com/2008/09/snort-startup-script-for-ubuntu.html

I hope this helps somebody out there.

Tagged with:
Nov 09

I’m really banging my head against a wall with Snort.  It’s not so much snort as it is the reporting subsystem BASE or Snorby.  I just need to have something nice wrapped around it to know that it’s working.  I’ve found a few bits of info new info for Linux and will be trying again tomorrow.

Tagged with:

Categories 

preload preload preload