root@securitynik:~# lsb_release -a
Install libgmp-dev libmpfr-dev libmpc-dev
Instead of installing the above, you could have also download the pre-requisite via:
root@securitynik:~/downloads/gcc-4.9.2# contrib/download_prerequisites
However, to use the above, you need to ensure you allow ftp through your firewall.
root@securitynik:~/downloads/gcc-4.9.2# contrib/download_prerequisites
However, to use the above, you need to ensure you allow ftp through your firewall.
INSTALL GCCwget http://gcc.skazkaforyou.com/releases/gcc-4.9.2/gcc-4.9.2.tar.gz
tar -xvf gcc-4.9.2.tar.gz
cd gcc-4.9.2
./configure --prefix=/usr
make && make install
INSTALLING LIBPCAP
next we download, extract and build the latest "libpcap"
wget http://www.tcpdump.org/release/libpcap-1.6.2.tar.gz
tar -zxvf libpcap-1.6.2.tar.gz
./configure --prefix=/usr
make && make install
INSTALL DAQ
tar -zxvf daq-2.0.4.tar.gz
cd daq-2.0.4
./configure --prefix=/usr
make && make install
INSTALLING LIBDNET
continuing the install, next we obtain and install "libdnet-1.12 source .tgz"
root@securitynik:~/downloads# wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar -zxvf libdnet-1.12.tgz
cd libdnet-1.12/
./configure --prefix=/usr
make && make install
INSTALLING LuaJIT-2.0.3
Once gcc has been successfully installed, next step was to install "LuaJIT-2.0.3"
git clone http://luajit.org/git/luajit-2.0.git
cd luajit-2.0/
make && make install
INSTALLING ZLIB
Once libpcap has been installed successfully, we then move on to "zlib"
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8/
./configure --prefix=/usr
make && make install
Installing PCRE 8.3.6
unzip pcre-8.36.zip
cd pcre-8.36/
./configure
make && make install
INSTALL PKG-CONFIG
wget http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz
tar -zxvf pkg-config-0.28.tar.gz
cd pkg-config-0.28/
./configure
make && make install
INSTALLING SNORT3++
wget https://www.snort.org/downloads/snortplus/snort-3.0.0-a1-130-auto.tar.gz
tar -zxvf snort-3.0.0-a1-130-auto.tar.gz
cd snort-3.0.0-a1/
export SNORT3_PATH=/opt/snort3
mkdir -p /opt/snort3
./configure --prefix=$SNORT3_PATH
make -j 8 install
If you get the following message while making snort
"../src/snort: /usr/lib/i386-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.8' not found (required by ../src/snort)"
do the following: cp /usr/lib/libstdc++.so.6 /usr/lib/i386-linux-gnu/ -v
wget https://www.snort.org/downloads/snortplus/snort-3.0.0-a1-130-auto.tar.gz
tar -zxvf snort-3.0.0-a1-130-auto.tar.gz
cd snort-3.0.0-a1/
export SNORT3_PATH=/opt/snort3
mkdir -p /opt/snort3
./configure --prefix=$SNORT3_PATH
make -j 8 install
If you get the following message while making snort
"../src/snort: /usr/lib/i386-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.8' not found (required by ../src/snort)"
do the following: cp /usr/lib/libstdc++.so.6 /usr/lib/i386-linux-gnu/ -v
RUNNING SNORT export LUA_PATH=$SNORT3_PATH/include/snort/lua/\?.lua\;\;
export SNORT_LUA_PATH=$SNORT3_PATH/etc/snort
Let's get the version information
/opt/snort3/bin/snort --version
Create a symbolic link for snort to /usr/bin
root@securitynik:~# ln -s /opt/snort3/bin/snort /usr/bin/snort
Testing the config-0 without rules
root@securitynik:~# snort -c /opt/snort3/etc/snort/snort_config.lua
Testing the default rules
root@securitynik:~# snort -c /opt/snort3/etc/snort/snort_config.lua -R /opt/snort3/etc/snort/sample.rules
When I tried the verify the configuration with the rules, I got the error above.-- At a later time I will try to address the errors above
As a result I wanted to write my own test rule.
alert tcp any any -> any any (msg:"securitynik test rule"; sid:40000001; rev:1;)
When the configuration test with the rules was run once again, I got the following
Everything looks good so far.
Running an IDS against a pcap file
root@securitynik:~# snort -c /opt/snort3/etc/snort/snort_config.lua -R security_nik.lua -r snort-test.pcap -A "alert_full" -q -n 10
There you go, that was my full guide on how to install and configure snort++ (snort3.0) on Kali. As I continue to learn snort 3.0 I will also continue to post materials to the blog.
Hope you enjoyed this.
References:
http://www.tcpdump.org
https://www.snort.org/documents
http://linuxmantra.com/2010/10/install-snort-2-9-on-rhel-5.html
https://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=
http://luajit.org/download.html
https://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=
https://www.snort.org/downloads
http://www.zlib.net
http://www.pcre.org
http://sourceforge.net/projects/pcre/files/pcre/
http://pkgconfig.freedesktop.org/releases/?C=M;O=A
http://www.linuxfromscratch.org/~krejzi/kde5/general/gcc.html
http://blog.snort.org/2014/12/project-snort-aka-snort-30.html
easy install using custo vmware image here
ReplyDeletehttps://github.com/pualien/VMware-Snort3
Good Stuff!! Thanks for the link!
Deleteyou're welcome!
Delete