[Snort-users] Snort installation on Redhat Linux 6.1

Geoffrey Goodrum ggoodrum at ...513...
Thu Oct 19 10:41:12 EDT 2000


On Wed, 18 Oct 2000, Mark Scott wrote:

> Hi,
> 
> Can anyone provide resources that will help with the installation of Snort
> on Redhat 6.1 to a Linux newbie?

Sure!

First, you need libpcap installed.  You can find it at
http://rpmfind.net/linux/RPM/redhat/6.2/i386////libpcap-0.4-19.i386.html.

The easiest approach is to go to http://whitehats.com/, click on the
arachNIDS link, then use the links there to download the
snort-1.6-0.i386.rpm (presuming you have an Intel box) and the "Fresh
Signatures" vision.conf file.  Install the snort rpm.  Replace
/etc/vision.conf installed by rpm with the one you downloaded. Edit the
vision.conf file to specify your network configuration, read the
instructions (/usr/doc/snort*), and start snort accordingly.

For the latest version, you should go to http://www.snort.org/, click on
Downloads, then download the snort-1.6.3-2.src.rpm (or the chroot version
if you prefer).  You will need to build the binary from the source rpm,
but this is pretty simple and described under "Build Options" in the rpm
man page (install the src.rpm, go to /usr/src/redhat/SPECS, then do "rpm
-bb snort-1.6.3.spec" to put a binary in the ../RPMS/i386/ directory).
Read the instructions in /usr/doc/snort*.  You can use the included rule
sets or the updated vision.conf rules, but you will need to extract the
rules from the vision.conf and replace /etc/snort/vision.rules.  You also
need to edit the /etc/snort/rules.base file for your network.  This
rpm version puts a script in /etc/rc.d/init.d to start/stop snort, so you 
should modify your runlevel environment accordingly.

If you have any problems, please ask!

Geof Goodrum




More information about the Snort-users mailing list