Nov 14

So after quite a few hours of screwing around, I got a simple install of Snort running with BASE on Ubuntu Server 9.1.  So here’s what I used …

  1. This is 98% of what you need …
  2. You’ll need to download a current copy of the VRT rules .. … decompress and install into /etc/snort/rules
  3. To avoid this error …snort: error while loading shared libraries: cannot open shared object file: No such file or directoryAfter you compiling and installing the newest libpcre you’ll need to do this …

    cp /usr/local/lib/ /usr/lib

    (found that here  ..

  4. To configure auto updating of the VRT rules you’ll need to get your own Oinkcode … … with your code in hand do this …apt-get install oinkmaster

    Edit /etc/oinkmaster.conf and replace the default Oinkcode with your Oinkcode. Then run …

    oinkmaster -o /etc/snort/rules

    Create a cronjob to run the above command as often as you’d like, once every 24 hours?

  5. Don’t forget to do this for BASE …pear install Mail
    pear install Mail_Mime
  6. Lastly, you’ll probably want a startup script for Snort, so look here …

I hope this helps somebody out there.

Tagged with:
Nov 09

I’m really banging my head against a wall with Snort.  It’s not so much snort as it is the reporting subsystem BASE or Snorby.  I just need to have something nice wrapped around it to know that it’s working.  I’ve found a few bits of info new info for Linux and will be trying again tomorrow.

Tagged with:
Nov 07

So I need to deploy an IDS.  Snort looks like the winner, but it’s really not exactly a joy to install.  I think I’m going to pull the lame and lazy move and install it in an XP VM. I’ve found some instructions, and I’ll let you know how it goes.

Tagged with:


preload preload preload