SNORT(IDS/IPS) Configuration and Implemenation
Lets start how to install SNORT which is An Intrusion detection system (IDS) and an Intrusion Prevention System (IPS). We tested installation of SNORT on RHEL5. Step1 : Download following packageslibpcap-1.0.0.tar.gzpcre-8.00.tar.gzlibnet-1.0.2a.tar.gz (This is optional package if you want SMB popup alerts on window’s machines.)snort-2.8.5.1.tar.gzacid-0.9.6b23.tar.gz Note : Don’t try to install SNORT through rpm packages, try to install them from source packages because there will be so many dependencies. And install the above packages in the same order to resolve dependencies. Step2 : Untar packages one by one.#tar xvfz packagename.tar.gz Step3 : Change the directory to libpcap-1.0.0 and Just run ./configure shell script, this will check system attributes and generate make file, which is used to install libpcap package as following. #cd libpcap-1.0.0 #./configuration #make #make install Note : If anything goes wrong please search that error message in google.. Step4 : After installing libpcap install pcre package for doing regular expression query in checking the packet capture to match multiple entries. First change the directory to pcre-8.00 then start executing following commands #cd ../pcre-8.00 #./configure #make #make check #make install Step5 : Now install libnet package..#cd ../libnet-1.0.2a#./configure#make#make check#make install Step6 : Now install the important package in our game of implementing IDS/IDP ie our SNORT package. Just follow below commands to install SNORT. You have to be careful in this step because we can install SNORT in standalone system...
Read More