|
|
|
Problem: You want to install snort on sme server 7.x
Solution: Follow this Howto |
|
STEP 1: Install Snort
Download and install the contrib
[root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=302"
[root@server root]# rpm -ivh smeserver-snort-2.6.0-1.i386.rpm |
STEP 2: Start service
Snort will be automatically activate when you restart server, or you can launch it manually
| [root@server root]# service snortd restart
|
STEP 3: Service option
You can activate or deactivate mysql logging
To deactive mysql plugin
[root@server root]# db configuration setprop snortd mysql disabled
[root@server root]# service snortd restart |
To active mysql plugin
[root@server root]# db configuration setprop snortd mysql enabled
[root@server root]# service snortd restart |
If http_inspect is to restrive, you can deactive it
[root@server root]# db configuration setprop snortd HttpInspect disabled
[root@server root]# service snortd restart |
To activate http_inspect
[root@server root]# db configuration setprop snortd HttpInspect enabled
[root@server root]# service snortd restart |
STEP 4: Install Oinkmaster
Oinkmaster can keep snort rules up-to-date by downloading new rules from internet.
Download and install the contrib
[root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=272"
[root@server root]# rpm -ivh smeserver-oinkmaster-1.2-1.noarch.rpm |
STEP 5: Configure Oinkmaster
Oinkmaster can retrieve snort rules from different web site.
3 differents source have configure for this package:
- Rules given with oincode
- Community rules
- Bleeding rules
Rules with oincode
You have to go to snort web site and register
http://www.snort.org/pub-bin/register.cgi
When you are registered, go to your user preferences
https://www.snort.org/reg-bin/userprefs.cgi
At the end of the page you have a table with title "Oink Code", clic button "Get Code".
Now you have a oinkcode that you can give to oinkmaster with the following command
[root@server root]# db configuration setprop oinkmaster code <code given>
[root@server root]# expand-template /etc/oinkmaster.conf |
Community rules
Activated community rules to be downloaded with commandes
[root@server root]# db configuration setprop oinkmaster community enabled
[root@server root]# expand-template /etc/oinkmaster.conf |
Bleeding rules
BEWARE I DON'T RECOMMAND USE OF BLEEDING RULES several problem have been rise due to that rules
Activated bleeding rules to be downloaded with commandes
[root@server root]# db configuration setprop oinkmaster bleeding enabled
[root@server root]# expand-template /etc/oinkmaster.conf |
Oinkmaster will run every day!! If you want to change that for weekly
| [root@server root]# mv /etc/cron.daily/02-oinkmaster /etc/cron.weekly/ |
STEP 6: Install guardian
When snort detect some alert, guardian will black list the ip during one day.
Download and install the contrib
[root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=274"
[root@server root]# rpm -ivh smeserver-guardiand-1.7-1.noarch.rpm |
STEP 7: Configure guardian service
Guardian service can be deactive using
| [root@server root]# db configuration set guardiand service status disabled |
Guardian service can be active using
| [root@server root]# db configuration set guardiand service status enabled |
STEP 8: Install base
Download and install base rpm
[root@server root]# wget "http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=getit&lid=276"
[root@server root]# rpm -ivh smeserver-base-1.2.2-1.noarch.rpm |
go to url
https://<server-ip>/base
Home
Mon compte
Rechercher
Forum
Downloads
FAQ
Howto
