Installasi Snort Linux Debian
cp -R /media/snort /home/fajar
cd /home/fajar/snort
cd depedensi
dpkg -i *.deb
umount /dev/sr0
cd
apt-get -f install
chmod -R 777 /home/fajar/snort
chwon -R fajri /home/fajar/snort
cd /home/master
./configures 123
cp libp /usr/src
cp libd /usr/src
cp daq /usr/src
cp dot /usr/src
cp snort /usr/src
cd /usr/src
tar -xvf libp
cd libp
./configure --prefix=/usr/ --enable-shared
cd -
tar -xvf libd
cd libd
./configure --prefix=/usr/ --enable-shared
cd -
tar -xvf daq
cd daq
cd os-daq-modules
nano daq_pcap.c
Ctrl-W (buffer_size =) key ganti dengan value
cd /usr/src
cd libp
make && make install
cd -
mkdir /etc/snort /etc/snort/rules /var/log/snort /var/log/barnyard2 /usr/local/lib/snort-dynamicrules
cd libd
make && make install
cd -
cd daq
./configure
make && make install
cd -
echo >> /etc/ld.so.conf /usr/lib && ldconfig
tar -xvf snort
cd snort
./configure --with-mysql --enable-perfprofiling --enable-reload --enable-ipv6 --enable-zlib --enable-dynamicrules
make && make install
cd -
groupadd snort && useradd -g snort snort
chown snort.snort /var/log/snort /var/log/barnyard2
cp /usr/src/snort/etc/*.conf* /etc/snort
cp /usr/src/snort/etc/*.map /etc/snort
nano /etc/snort/snort.conf
yang harus di ubah:
1. external_net !$HOME_NET
2. crash semua (processor normalize)
3. tambahkan : output unified2: filename snort.log, limit 128,
4. crash semua Include
5. Ctrl+w (var RULE_PATH) tambahkan ./etc/snort/rule/local.rules
cd
nano /etc/snort/rules/local.rules
isi dengan:
alert icmp any any -> any any (msg:"hallo";sid:10000001;rev:1;)
alert tcp any any -> any 22 (msg:"hai";sid:10000002;rev:2;)
snort -d -c /etc/snort/snort.conf
snort -d -c /etc/snort.conf
snort -d -i eth1 -c /etc/snort/rules/local.rules
alt+f4
tail -f /var/log/snort/alert
0 komentar:
Posting Komentar