You want to run Snort on a Solaris system.
To install Snort from a Solaris package, download the latest version of the libpcap and Snort packages from the Sunfreeware web site, http://www.sunfreeware.com, then as root, type the following (replacing the filename with the name of the latest version):
# gunzip libpcap-0.8.3-sol9-sparc-local.gz # gunzip snort-2.1.0-sol9-sparc-local.gz # pkgadd -d libpcap-0.8.3-sol9-sparc-local # pkgadd -d snort-2.1.0-sol9-sparc-local
Confirm the installation of each package by pressing Enter.
You may also need to install the PCRE library by using the following commands:
# gunzip pcre-4.5-sol9-sparc-local.gz # pkgadd -d pcre-4.5-sol9-sparc-local
You can also install Snort from source, which is the recommended method.
Installing software from the Solaris packages is similar to installing from RPMs. Solaris packages can be downloaded from http://www.sunfreeware.com and from a variety of mirror sites. You can perform a web search on "sunfreeware" to find mirror sites, in the event that the main site is overloaded or unavailable. Make sure you download the correct package for your version of Solaris and the platform, Intel or Sparc. Note that packages tend to be behind in versions from the current source version. At the time of this writing, the latest Snort Solaris package version is Snort 2.1.0. For this reason, you should install Snort from the source code to ensure you are using an up-to-date version.
Prior to installing Snort, make sure you have the latest version of libpcap installed. You can install libpcap from source code or from the Solaris package. To install Solaris packages, you must have root privileges. Make sure you are logged in as root or switch to root by typing su root. Snort is installed in the /usr/local/bin directory; you must make sure that directory is part of your PATH. You can verify the installation by typing snort and pressing Enter. You should see the Snort help information appear on the screen.
In addition to the pkgadd command, you can type pkginfo to see a list of all installed packages. If the list is long, pipe the command to more by typing pkginfo | more. Lastly, you can remove Solaris packages by using the pkgrm command.
The following shows the process of adding the libpcap and Snort packages with pkgadd:
# pkgadd -d libpcap-0.8.3-sol9-sparc-local The following packages are available: 1 SMClpcap libpcap (sparc) 0.8.3 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: [output truncated] # pkgadd -d snort-2.1.0-sol9-sparc-local The following packages are available: 1 SMCsnort snort (sparc) 2.1.0 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: Processing package instance from snort (sparc) 2.1.0 [output truncated]
Installing Snort on Windows
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance