Installing Snort from Source on Unix

Problem

You want to install Snort from source on a Unix-type operating system.

Solution

To install from source, download it from the Snort web site (http://www.snort.org). Uncompress, unpack, compile, and install by using the following commands:

tar xzf snort-2.2.0.tar.gz

cd snort-2.2.0

./configure

make

And then as root:

make install

 

Discussion

Installing from source is nearly as easy as installing from precompiled packages, and it works across all Unix platforms. There is also a lot more flexibility in the options you can choose. First of all, you need to download the latest source tar file from snort.org. At this point, if possible, you should ensure that the source has not been meddled with; you can do this by verifying the checksum given using the MD5 utilities.

[simon@frodo downloads]$ md5sum snort-2.2.x.tar.gz

6194278217e4e3f733b046256a31f0e6 *snort-2.2.x.tar.gz

The source is a tarred gzip file; to extract it, enter the following at a command prompt:

[simon@frodo downloads]$ gunzip snort-2.2.x.tar.gz

[simon@frodo downloads]$ tar -xvf snort-2.2.x.tar

You'll then see the entire list of filenames scroll past as they are decompressed and extracted. This creates a directory structure under the current directory. In this case, with the base directory ./snort-2.2.0/. Change into this directory. At this point, if you wish to perform an ordinary installation, type the following:

[simon@frodo snort-2.2.x]$ ./configure

This will create the make file optimized for your architecture. There are a number of options that you can specify to configure. These are listed in Table 1-1. They include options for specifying switches for the compliers as well as turning on support for certain features.

Table 1-1. Snort configure options

Switch

Action

--enable-debug

Turn on the debugging options.

--with-snmp

Enable SNMP alerting code.

--enable-smbalerts

Enable SMB alerting code.

--enable-flexresp

Enable the "Flexible Response" code.

--with-mysql=DIR

Turn on support for MySQL.

--with-odbc=DIR

Turn on support for ODBC databases.

--with-postgresql=DIR

Turn on support for PostgreSQL.

--with-oracle=DIR

Turn on support for Oracle.

--with-openssl=DIR

Turn on support for OpenSSL.

--with-libpq-includes=DIR

Set the support directories for PostgreSQL.

--with-libpq-libraries=DIR

Set the library directories for PostgreSQL.

--with-libpcap-include=DIR

Point the configure script in the right direction for the libpcap include files.

--with-libpcap-libraries=DIR

Point the configure script in the right direction for the libpcap library files.

--prefix=PATH

Set the install directory to PATH rather than /usr/local.

--exec-prefix=PATH

Set the install directory for the executables and libraries to PATH; install all other files in the usual place.

--help

Print out all the available options.

For further information on these switches, you should read through the INSTALL file included in the /doc directory. Also in this file are some of the known issues and fixes for compilation on different Unix operating systems. The configure script may warn you of missing dependencies (other applications or utilities that are required by Snort). Download and install the required files from their respective web sites and rerun the configure command. In the many installations we've done, we can only recall coming across two missing prerequisites. These were libpcap, the library for performing packet capture on Linux systems, available for download from http://www.tcpdump.org, and Perl Compatible Regular Expressions (PCRE), available for download from http://www.pcre.org/.

Then you need to compile it using the make command:

[simon@frodo snort-2.2.0]$ make

Now go and get the hot beverage of your choice. This can take some time, even on a pretty fast machine. There are no test cases to run, so at this point, you need to run the install as root:

[root@frodo snort-2.2.0]# make install

Provided at this point you see no error messages, your installation is complete.

Also ensure that the directory to which Snort writes logfiles exists and is writable by the user that Snort runs as. If Snort can't write its logfiles, it will fail during any attempt to run it.

See Also

Recipe 1.6

Recipe 1.2

Recipe 1.3

The INSTALL document in the /doc directory of Snort

http://www.tcpdump.org

http://www.pcre.org/

Installing Snort Binaries on Linux

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index



Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net