Skip to content

Latest commit

 

History

History
187 lines (110 loc) · 3.29 KB

doc_EN.md

File metadata and controls

187 lines (110 loc) · 3.29 KB

Snorter

Install Guide

Install Snort + Barnyard2 + PulledPork automatically

@joan_bono


What do you need?

  • A computer running:
    • Debian
    • Kali Linux
    • Raspbian Jessie
  • Oinkcode:
    • It's FREE! 😉
    • Highly recommended!
    • Get yours here.
  • Identified Network Interface:
    • ip link show
  • Previous dependencies:
    • sudo apt-get install git
  • Patience.

First steps

  • Cloning the repository:
git clone https://github.com/joanbono/Snorter.git
cd Snorter/src
bash Snorter.sh -h
  • Recommended: Execute the program using an oinkcode
bash Snorter.sh -o <oinkcode> -i <interface>
Ex: bash Snorter.sh -o XXXXXXXXXXXXX -i eth0
  • Not Recommended: Execute the program without an oinkcode
bash Snorter.sh -i interface
bash Snorter.sh -i eth0

Snort installation

  • Superuser password, and wait...


  • Snort and daq are installed.


  • Now it's time to add the HOME_NET and the EXTERNAL_NET.

  • Press Enter to continue. It will open vim:
    • Press A to go to the end of the line.
    • Add the address and the mask you want to protect.
    • Press Esc and then :wq! to save the changes.


  • Do the same for the EXTERNAL_NET:

  • Press Enter to continue. It will open vim:
    • Press A to go to the end of the line.
    • Add the attacker address. Recommeded: !$HOME_NET.
    • Press Esc and then :wq! to save the changes.


  • Now the output. By default, unified2 output is enabled, but you can enable more than one output. I'm going to enable both CSV and TCPdump output.


  • Now SNORT will start in console mode. Send a PING from another machine.

  • It will show a PING alert. Press Ctrl+C once, and continue the installation.

Barnyard2 installation

  • Now it's time to install BARNYARD2 if you want.
  • You will be asked to insert a password for the SNORT database which is going to be created. In the example, I've used SNORTSQL


  • Now the program will install dependencies.
  • It's going to install MySQL, so if it's not installed, you will insert a password for this service too. In the example, I've used ROOTSQL.

  • And the MySQL password.


  • Now you are going to be asked for the MySQL password 3 times
  • Please keep in mind: MySQL root password 3 times.


PulledPork installation

  • Now it's time to install PulledPork if you want.


service creation

  • Create a system service:


Download and install new rules

  • You can download rules when everything is installed and configurated.


Enabling Emerging Threats and Community rules

  • Enable at snort.conf the Emerging Threats and Community rules


WebSnort

  • Install WebSnort for PCAP analysis


Reboot

  • Reboot the system.