I currently have an ipfire installation on another machine with an intrusion prevention system that accepts an Oink code from snort.Org
I’ve noticed on their website there is a link for setting up snort on fedora 29
Snort - Network Intrusion Detection & Prevention System
Is their any fully supported fedora package that I can install with dnf?
How would I set it up with my oinkcode?
And can I configure ruels ?
Thanks
Try then follow the #source installation instructions? This should work.
Hints
Your may need to install:
dnf install bison flex libpcap-devel libdnet-devel make libtirpc-devel zlib-devel luajit-devel openssl-devel libnghttp2-devel
Don’t forget to read bundled READMEs.
./configure --help
is also useful.
./configure --prefix=DIRNAME
helps not to use root rights and easing uninstall.
Matthias S. Benkmann’s concept.
Step-by-step (method borrowed from LFS hint link):
User root section
# Maybe your'll need to install more.
dnf install \
bison \
flex \
libpcap-devel \
libdnet-devel \
make \
libtirpc-devel \
zlib-devel \
luajit-devel \
openssl-devel \
libnghttp2-devel
# make /usr/local be world-writable/executable
# but disallow different users to
# change/delete/overwrite files of each other.
chmod -R a+rwxt /usr/local
# add user specially for this
# programm installation to /usr/local
# to protect its files from overwriting by
# other programs
useradd snort -m
# login as user snort on terminal
su - snort
User snort section
# create workspace for this version
mkdir snort-2.9.15.1
cd snort-2.9.15.1
# get this version
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.15.1.tar.gz
# unpack this
tar xf daq-2.0.6.tar.gz
tar xf snort-2.9.15.1.tar.gz
build and install daq-2.0.6
cd daq-2.0.6/
# try not compile anything "in place", create a build-dir
mkdir bld-vasya
cd bld-vasya
.././configure
make
# no root privileges needed!
make install
build and install snort-2.9.15.1
cd ../../snort-2.9.15.1/
# try not compile anything "in place", create a build-dir
mkdir bld-vasya
cd bld-vasya
.././configure --enable-sourcefire
make
# no root privileges needed!
make install
# go back to root user session
exit
User tester section
user root actions
# we need to test the rights
useradd tester -m
su - tester
user tester actions
# should throw error
mv /usr/local/bin/snort /usr/local/bin/snort2
# need to work, if no repeat as root user:
# chmod -R a+rwxt /usr/local/
cp /usr/local/bin/snort /usr/local/bin/snort2
# cleanup after test
rm /usr/local/bin/snort2
# enjoy, comrades!
man snort
Disclaimer: This isn’t Debian, so your may need to recompile this SOON because of distribution updates (libs incompatibility). Of course it will be better if somebody with straight hands (“прямые руки”) will package snort properly.
Hello,
I already know how to install snort,
Can you answer how to install a multiline configuration snort?
This is a scanner of update and upgrade by more used network interface name than only one interface network name!
Thank you in advance to answer my configuration question asked,
Regards.
Azaretdodo.
Oh, my bad. No, IDK how to.