|
|
# Installation
cd /usr/ports/net/snort
make install
mkdir -p /etc/snort/rules
cd /usr/local/share/examples/snort
cp *.rules /etc/snort/rules
cp *.conf* /etc/snort
useradd -c "Snort daemon" -s /sbin/nologin -d /nonexistent -g =uid _snort
# Add the log directory.
mkdir -p /var/log/snort
chown _snort._snort /var/log/snort
chmod 700 /var/log/snort
# Edit snort.conf.
# Configure the HOME_NET variable if you care that much.
# Change RULES_PATH to "/etc/snort/rules"
# Start the daemon.
/usr/local/bin/snort -D -d -c /etc/snort/snort.conf -u _snort -g _snort
# Add to /etc/rc.conf.local
echo "snort=YES" >> /etc/rc.conf.local
# add to /etc/rc.local
if [ X"${snort}" == X"YES" -a -x /usr/local/bin/snort ]; then
echo -n " snort"; /usr/local/bin/snort -D -d -c /etc/snort/snort.conf -u _snort -g _snort
fi
# Add to /etc/newsyslog.conf
echo "/var/log/snort/alert _snort:_snort 640 10 * * Z /var/run/snort_hme0.pid" >> /etc/newsyslog.conf
# Snort status reports
# Get snort-stat
# Is there a non-Debian-packaged version of this script?
wget http://mirrorshades.net/~bda/code/scripts/snort-stat
chmod 750 snort-stat
mv snort-stat /usr/local/sbin
# Patch snort-stat
wget http://mirrorshades.net/~bda/code/patches/snort-stat-2004.05.26.diff
patch /usr/local/sbin/snort-stat snort-stat-2004.05.26.diff
# If you care this much:
# rm /usr/local/sbin/snort-stat.orig
# Get snort_report.sh crontab.
wget http://mirrorshades.net/~bda/code/scripts/snort_report.sh
chmod 750 snort_report.sh
mv snort_report.sh /usr/local/sbin
# Add snort-stat cron to root's crontab:
00 6 * * * /bin/sh /usr/local/sbin/snort_report.sh
# If want to make sure the snort comes up on a reboot, reboot the machine now.
|
|
Note:
We use Hosting and VPS Hosting, from:
www.star-host.org
We like and trust them.
Good prices, high security.
|