Skip to content

Latest commit

 

History

History
187 lines (110 loc) · 3.29 KB

doc_EN.md

File metadata and controls

187 lines (110 loc) · 3.29 KB
Raw

Snorter

Install Guide

Install Snort + Barnyard2 + PulledPork automatically

@joan_bono

What do you need?

  • A computer running:
    • Debian
    • Kali Linux
    • Raspbian Jessie
  • Oinkcode:
    • It's FREE! 😉
    • Highly recommended!
    • Get yours here.
  • Identified Network Interface:
    • ip link show
  • Previous dependencies:
    • sudo apt-get install git
  • Patience.

First steps

  • Cloning the repository:
git clone https://github.com/joanbono/Snorter.git` 
cd Snorter/src
bash Snorter.sh -h
  • Recommended: Execute the program using an oinkcode
bash Snorter.sh -o <oinkcode> -i <interface>
Ex: bash Snorter.sh -o XXXXXXXXXXXXX -i eth0
  • Not Recommended: Execute the program without an oinkcode
bash Snorter.sh -i interface
bash Snorter.sh -i eth0

Snort installation

  • Superuser password, and wait...

  • Snort and daq are installed.

  • Now it's time to add the HOME_NET and the EXTERNAL_NET.

  • Press Enter to continue. It will open vim:
    • Press A to go to the end of the line.
    • Add the address and the mask you want to protect.
    • Press Esc and then :wq! to save the changes.

  • Do the same for the EXTERNAL_NET:

  • Press Enter to continue. It will open vim:
    • Press A to go to the end of the line.
    • Add the attacker address. Recommeded: !$HOME_NET.
    • Press Esc and then :wq! to save the changes.

  • Now the output. By default, unified2 output is enabled, but you can enable more than one output. I'm going to enable both CSV and TCPdump output.

  • Now SNORT will start in console mode. Send a PING from another machine.

  • It will show a PING alert. Press Ctrl+C once, and continue the installation.

Barnyard2 installation

  • Now it's time to install BARNYARD2 if you want.
  • You will be asked to insert a password for the SNORT database which is going to be created. In the example, I've used SNORTSQL

  • Now the program will install dependencies.
  • It's going to install MySQL, so if it's not installed, you will insert a password for this service too. In the example, I've used ROOTSQL.
  • And the MySQL password.

  • Now you are going to be asked for the MySQL password 3 times
  • Please keep in mind: MySQL root password 3 times.

PulledPork installation

  • Now it's time to install PulledPork if you want.

service creation

  • Create a system service:

Download and install new rules

  • You can download rules when everything is installed and configurated.

Enabling Emerging Threats and Community rules

  • Enable at snort.conf the Emerging Threats and Community rules

WebSnort

  • Install WebSnort for PCAP analysis

Reboot

  • Reboot the system.