Compiling snort 2.9.0.1

» 03 November 2010 » In Uncategorized »

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP net-works. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks  and  probes,  such  as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses.  It can be used as a straight packet sniffer like tcpdump , a packet logger  , or as a full blown network intrusion detection/prevention system system. A few days ago a new version of Snort was released, in this version some things about compiling  have slightly changed, the libdnet and the Data AcQuisition library (DAQ) must be compiled separately. In this post I’m going only to illustrate how to compile and install Snort 2.9.0.1 from the source code.

Installation tested on Ubuntu Server 10.04 32bit

Data AcQuisition library

apt-get install flex bison  build-essential checkinstall libpcap0.8-dev libnet1-dev
wget --no-check-certificate   http://www.snort.org/downloads/363
tar xvfz 363
cd daq-0.3/
./configure
make
checkinstall
dpkg -i daq_0.3-1_i386.deb

Libdnet


wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xvfz libdnet-1.12.tgz
cd libdnet-1.12/
./configure
make
checkinstall
dpkg -i libdnet_1.12-1_i386.deb
ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

Snort

apt-get install libpcre3-dev libmysqlclient15-dev

wget --no-check-certificate http://www.snort.org/downloads/369

tar xvfz 369
cd snort-2.9.0.1/
./configure --with-mysql --enable-build-dynamic-examples  --enable-gre --enable-reload --enable-linux-smp-stats --enable-zlib
make
checkinstall
dpkg -i snort_2.9.0.1-1_i386.deb
ldconfig

At this point you need to configure the snort.conf file according to your environment.

Main features introduced in 2.9.0.1:

* Fixed maximum flowbits configuration parsing to specify the number
of bits in accordance with the Snort manual, rather than number of
bytes.  If you have ‘config flowbits_size’ in your snort.conf,
double check that it has the correct setting.

* Fixed a packet size issue with the IPQ and NFQ DAQs.

* Updated the version of LibPCRE bundled with the Windows installer.
This update fixes a bug that caused some PCRE matches to fail on Windows.

Did you like this? Share it:
Scridb filter

Tags: ,

Trackback URL

No Comments on "Compiling snort 2.9.0.1"

Hi Stranger, leave a comment:

ALLOWED XHTML TAGS:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to Comments