Installing Snort on Solaris
Problem
You want to run Snort on a Solaris system.
Solution
To install Snort from a Solaris package, download the latest version of the libpcap and Snort packages from the Sunfreeware web site, http://www.sunfreeware.com, then as root, type the following (replacing the filename with the name of the latest version):
# gunzip libpcap-0.8.3-sol9-sparc-local.gz # gunzip snort-2.1.0-sol9-sparc-local.gz # pkgadd -d libpcap-0.8.3-sol9-sparc-local # pkgadd -d snort-2.1.0-sol9-sparc-local
Confirm the installation of each package by pressing Enter.
You may also need to install the PCRE library by using the following commands:
# gunzip pcre-4.5-sol9-sparc-local.gz # pkgadd -d pcre-4.5-sol9-sparc-local
You can also install Snort from source, which is the recommended method.
|
Discussion
Installing software from the Solaris packages is similar to installing from RPMs. Solaris packages can be downloaded from http://www.sunfreeware.com and from a variety of mirror sites. You can perform a web search on "sunfreeware" to find mirror sites, in the event that the main site is overloaded or unavailable. Make sure you download the correct package for your version of Solaris and the platform, Intel or Sparc. Note that packages tend to be behind in versions from the current source version. At the time of this writing, the latest Snort Solaris package version is Snort 2.1.0. For this reason, you should install Snort from the source code to ensure you are using an up-to-date version.
Prior to installing Snort, make sure you have the latest version of libpcap installed. You can install libpcap from source code or from the Solaris package. To install Solaris packages, you must have root privileges. Make sure you are logged in as root or switch to root by typing su root. Snort is installed in the /usr/local/bin directory; you must make sure that directory is part of your PATH. You can verify the installation by typing snort and pressing Enter. You should see the Snort help information appear on the screen.
In addition to the pkgadd command, you can type pkginfo to see a list of all installed packages. If the list is long, pipe the command to more by typing pkginfo | more. Lastly, you can remove Solaris packages by using the pkgrm command.
The following shows the process of adding the libpcap and Snort packages with pkgadd:
# pkgadd -d libpcap-0.8.3-sol9-sparc-local The following packages are available: 1 SMClpcap libpcap (sparc) 0.8.3 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: [output truncated] # pkgadd -d snort-2.1.0-sol9-sparc-local The following packages are available: 1 SMCsnort snort (sparc) 2.1.0 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: Processing package instance from snort (sparc) 2.1.0 [output truncated]
See Also
http://www.sunfreware.com
Recipe 1.1
Installing Snort on Windows |
Installing Snort from Source on Unix
- Installing Snort from Source on Unix
- Installing Snort Binaries on Linux
- Installing Snort on Solaris
- Installing Snort on Windows
- Uninstalling Snort from Windows
- Installing Snort on Mac OS X
- Uninstalling Snort from Linux
- Upgrading Snort on Linux
- Monitoring Multiple Network Interfaces
- Invisibly Tapping a Hub
- Invisibly Sniffing Between Two Network Points
- Invisibly Sniffing 100 MB Ethernet
- Sniffing Gigabit Ethernet
- Tapping a Wireless Network
- Positioning Your IDS Sensors
- Capturing and Viewing Packets
- Logging Packets That Snort Captures
- Running Snort to Detect Intrusions
- Reading a Saved Capture File
- Running Snort as a Linux Daemon
- Running Snort as a Windows Service
- Capturing Without Putting the Interface into Promiscuous Mode
- Reloading Snort Settings
- Debugging Snort Rules
- Building a Distributed IDS (Plain Text)
- Building a Distributed IDS (Encrypted)
Logging to a File Quickly
- Logging to a File Quickly
- Logging Only Alerts
- Logging to a CSV File
- Logging to a Specific File
- Logging to Multiple Locations
- Logging in Binary
- Viewing Traffic While Logging
- Logging Application Data
- Logging to the Windows Event Viewer
- Logging Alerts to a Database
- Installing and Configuring MySQL
- Configuring MySQL for Snort
- Using PostgreSQL with Snort and ACID
- Logging in PCAP Format (TCPDump)
- Logging to Email
- Logging to a Pager or Cell Phone
- Optimizing Logging
- Reading Unified Logged Data
- Generating Real-Time Alerts
- Ignoring Some Alerts
- Logging to System Logfiles
- Fast Logging
- Logging to a Unix Socket
- Not Logging
- Prioritizing Alerts
- Capturing Traffic from a Specific TCP Session
- Killing a Specific Session
How to Build Rules
- How to Build Rules
- Keeping the Rules Up to Date
- Basic Rules You Shouldnt Leave Home Without
- Dynamic Rules
- Detecting Binary Content
- Detecting Malware
- Detecting Viruses
- Detecting IM
- Detecting P2P
- Detecting IDS Evasion
- Countermeasures from Rules
- Testing Rules
- Optimizing Rules
- Blocking Attacks in Real Time
- Suppressing Rules
- Thresholding Alerts
- Excluding from Logging
- Carrying Out Statistical Analysis
Detecting Stateless Attacks and Stream Reassembly
- Detecting Stateless Attacks and Stream Reassembly
- Detecting Fragmentation Attacks and Fragment Reassembly with Frag2
- Detecting and Normalizing HTTP Traffic
- Decoding Application Traffic
- Detecting Port Scans and Talkative Hosts
- Getting Performance Metrics
- Experimental Preprocessors
- Writing Your Own Preprocessor
Managing Snort Sensors
- Managing Snort Sensors
- Installing and Configuring IDScenter
- Installing and Configuring SnortCenter
- Installing and Configuring Snortsnarf
- Running Snortsnarf Automatically
- Installing and Configuring ACID
- Securing ACID
- Installing and Configuring Swatch
- Installing and Configuring Barnyard
- Administering Snort with IDS Policy Manager
- Integrating Snort with Webmin
- Administering Snort with HenWen
- Newbies Playing with Snort Using EagleX
Generating Statistical Output from Snort Logs
- Generating Statistical Output from Snort Logs
- Generating Statistical Output from Snort Databases
- Performing Real-Time Data Analysis
- Generating Text-Based Log Analysis
- Creating HTML Log Analysis Output
- Tools for Testing Signatures
- Analyzing and Graphing Logs
- Analyzing Sniffed (Pcap) Traffic
- Writing Output Plug-ins
Monitoring Network Performance
- Monitoring Network Performance
- Logging Application Traffic
- Recognizing HTTP Traffic on Unusual Ports
- Creating a Reactive IDS
- Monitoring a Network Using Policy-Based IDS
- Port Knocking
- Obfuscating IP Addresses
- Passive OS Fingerprinting
- Working with Honeypots and Honeynets
- Performing Forensics Using Snort
- Snort and Investigations
- Snort as Legal Evidence in the U.S.
- Snort as Evidence in the U.K.
- Snort as a Virus Detection Tool
- Staying Legal
Index
EAN: 2147483647
Pages: 167
