[Snort-users] Construction success of Snort1.9.0 with FlexResp

Motoki Yokoyama yokoyama at ...7654...
Mon Dec 9 18:36:05 EST 2002


Hi, all.

I suceeded to configure Snort1.9.0 with FlexResp on RedHat Linux
(kernel version is 2.4.19). Then I inform you the implementation 
sequence of Snort1.9.0 with FlexResp, because I know somebody have 
failed to use FrexResp function. I'm sending the implementation 
sequence on this e-mail. If the information helps somebody, I'm 
very pleased.

-------------- next part --------------
Installation sequence of snort1.9.0 (Doc ver.1.0)
						2002, Dec., 07
						Motoki Yokoyama
						Tsunemasa Hayashi
						NTT NIL
						hayashi at ...7654...



0. Target
  Snort version: 1.9.0
  PC environment is below.
	OS: RedHat7.3 Linux

1. Installation
  1.1 Install RedHat7.3 Linux
  1.2 Uninstall libpcap from Linux
	# rpm -e libpcap
  1.3 Uninstall libpcap-devel from Linux
	# rpm -e libpcap-devel (or this file is removed when you remove
	                        libpcap at 1.2.)
  1.4 Install libpcap-0.6.2-2cl.i386.rpm
	# rpm -ivh libpcap-0.6.2-2cl.i386.rpm
  1.5 Install libpcap-devel-0.6.2-2cl.i386.rpm
	# rpm -ivh libpcap-devel-0.6.2-2cl.i386.rpm
  1.6 Install libnet-1.0.2a-2.i386.rpm
	# rpm -ivh libnet-1.0.2a-2.i386.rpm
  1.7 Install snort-1.9.0 with flexresp function
	# tar zxvf snort-1.9.0.tar.gz
	# ./configure --enable-flexresp
	# make
	# make install
  1.8 Make snort group and snort user id. (See section 10 of 
	                                SnortInstallatioinManual-v1.5.pdf)
	# groupadd snort
	# useradd -g snort -d /dev/null -c "Snort User" -s /bin/false snort
	# mkdir /etc/snort /var/log/snort
	# chown -R snort.snort /etc/snort /var/log/snort 
  1.9 Make snort.conf under /etc/snort
	1.9.1 Modify HTTP_PORTS
	   >> var HTTP_PORTS 80 443
	1.9.2 Modify ORACLE_PORTS
	   >> var ORACLE_PORTS 66 1521 1525 1526 1527 7777
	1.9.3 Modify RULE_PATH
	   >> var RULE_PATH /usr/local/share/snort/rules
  1.10 Make rule files from original snort directory
	# mkdir /usr/local/share/snort/rules
	# cp -r snort-1.9.0/rules/* /usr/local/share/snort/rules/
	# chown -R snort.snort /usr/local/share/snort/rules

2 Test to run snort
  	# snort -c /etc/snort/snort.conf
-------------- next part --------------
                 \\\|///
               \\  - -  //
                (  @ @  )
=============-o00o-(_)-o00o-================
!            Motoki Yokoyama               !
!   E-Mail: yokoyama at ...7654...   !
=======================-0ooo-===============
                ooo0    (   )
                (   )     ) /
                 \ (     (_/
                  \_)


More information about the Snort-users mailing list