The pre-requisites are:
libtool(.x86_64)
mysql-server
gcc
gcc-c++
mysql-devel
The requisites are:
libpcap >= 1.0
daq-0.5
libdnet-1.12
pcre-8.12
I recomend using the DAG repository:
# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm --> For 64bits
# rpm -Uvh http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.i386.rpm --> For 32bits
Then append the following in /etc/yum.repos.d/CentOS-Base.repo
[dag]
name=CentOS-$releasever – Contrib
mirrorlist=http://apt.sw.be/redhat/el4/en/$ARCH/dag
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=0
enabled=0
Then update:
# yum update
First off, you should take notice that the version of libpcap required by Snort,
The one in CentOS repositories is outdated they are only up to version 0.9.4.
Remove the current libpcap:
# yum remove libpcap libpcap-devel
Install some basic requisites:
# yum install gcc mysql-devel mysql-server libtool(.x86_64)
# yum -y install gcc-c++ make flex bison
# yum -y install libdnet(.x86_64) libdnet-devel(.x86_64)
Create a directory and put all needed packages here:
# mkdir snort-install && cd snort-install
Download the files:
snort-2.9.1.tar.gz
# wget http://www.snort.org/downloads/1107
daq-0.5.tar.gz
# wget http://www.snort.org/downloads/860
libpcap-1.1.1
# wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz
pcre-8.12
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.13.tar.gz
LIBPCAP:
# tar -zxvf libpcap-1.1.1.tar.gz
# cd libpcap-1.1.1
# ./configure --prefix=/usr
# make all && make install
# ldconfig
# ldconfig -p | grep libpcap
DAQ:
# tar -zxvf daq-0.5.tar.gz
# cd daq-0.5
# ./configure --with-libpcap-libraries=/usr/lib/
PCRE:
# tar -zxvf pcre-8.12.tar.gz
# cd pcre-8.12
# ./configure --enable-utf8
# make all && make install
SNORT:
# tar -zxvf snort-2.9.0.5.tar.gz
# cd snort-2.9.0.5
# ./configure --with-mysql --enable-dynamicplugin --with-libpcap-libraries=/usr/lib --with-daq-libraries=/usr/local/lib/daq --enable-zlib --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling
# make && make install
# ln -s /usr/lib/libdnet.so.1.0.1 /usr/lib/libdnet.1
Consider Other Snort build options:
OPTIONS : –enable-ipv6 –enable-gre –enable-mpls –enable-targetbased –enable-decoder-preprocessor-rules –enable-ppm –enable-perfprofiling –enable-zlib
To make it work, you still need to download the rules package from the snort website, and copy to each correct folder
then setup the snort.conf file.
Problems You May Face
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
# ln -s /usr/lib/libdnet.so.1.0.1 /usr/lib/libdnet.1
libtool(.x86_64)
mysql-server
gcc
gcc-c++
mysql-devel
The requisites are:
libpcap >= 1.0
daq-0.5
libdnet-1.12
pcre-8.12
I recomend using the DAG repository:
# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm --> For 64bits
# rpm -Uvh http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.i386.rpm --> For 32bits
Then append the following in /etc/yum.repos.d/CentOS-Base.repo
[dag]
name=CentOS-$releasever – Contrib
mirrorlist=http://apt.sw.be/redhat/el4/en/$ARCH/dag
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=0
enabled=0
Then update:
# yum update
First off, you should take notice that the version of libpcap required by Snort,
The one in CentOS repositories is outdated they are only up to version 0.9.4.
Remove the current libpcap:
# yum remove libpcap libpcap-devel
Install some basic requisites:
# yum install gcc mysql-devel mysql-server libtool(.x86_64)
# yum -y install gcc-c++ make flex bison
# yum -y install libdnet(.x86_64) libdnet-devel(.x86_64)
Create a directory and put all needed packages here:
# mkdir snort-install && cd snort-install
Download the files:
snort-2.9.1.tar.gz
# wget http://www.snort.org/downloads/1107
daq-0.5.tar.gz
# wget http://www.snort.org/downloads/860
libpcap-1.1.1
# wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz
pcre-8.12
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.13.tar.gz
LIBPCAP:
# tar -zxvf libpcap-1.1.1.tar.gz
# cd libpcap-1.1.1
# ./configure --prefix=/usr
# make all && make install
# ldconfig
# ldconfig -p | grep libpcap
DAQ:
# tar -zxvf daq-0.5.tar.gz
# cd daq-0.5
# ./configure --with-libpcap-libraries=/usr/lib/
PCRE:
# tar -zxvf pcre-8.12.tar.gz
# cd pcre-8.12
# ./configure --enable-utf8
# make all && make install
SNORT:
# tar -zxvf snort-2.9.0.5.tar.gz
# cd snort-2.9.0.5
# ./configure --with-mysql --enable-dynamicplugin --with-libpcap-libraries=/usr/lib --with-daq-libraries=/usr/local/lib/daq --enable-zlib --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling
# make && make install
# ln -s /usr/lib/libdnet.so.1.0.1 /usr/lib/libdnet.1
Consider Other Snort build options:
OPTIONS : –enable-ipv6 –enable-gre –enable-mpls –enable-targetbased –enable-decoder-preprocessor-rules –enable-ppm –enable-perfprofiling –enable-zlib
To make it work, you still need to download the rules package from the snort website, and copy to each correct folder
then setup the snort.conf file.
Problems You May Face
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
# ln -s /usr/lib/libdnet.so.1.0.1 /usr/lib/libdnet.1
No comments:
Post a Comment