Snort is an open source lightweight intrusion detection system for Linux servers, which can log packets coming across your network. Users can utilize snort program mainly for the small networks. In case of large networks, with Gigabit Ethernet, snort can at-times unreliable. It is essential to have root level privileges to the server if you intend to use snort program. There is no need to recompile kernel or add any software or hardware to the existing distribution.
If users want to have normal security measures in place which allow them to log and analyze the traffic to their network, then snort can be an ideal program to choose. Running Snort along with a firewall can strengthen your measures of network security.
Installing Snort on Linux :
First download Snort’s latest version “snort-22.214.171.124.tar.gz” using the following command :
wget http://www.snort.org/dl/snort-current/snort-126.96.36.199.tar.gz -O snort-188.8.131.52.tar.gz
tar zxf snort-184.108.40.206.tar.gz
While installing Snort you may get following error:
ERROR! Libpcap library/headers (libpcap.a (or .so)/pcap.h) not found
To fix the above error you need to install the following libpcap, libpcap-devel modules:
yum install libpcap libpcap-devel
Once the above modules are installed, please re-run the snort installation process.
It will successfully Install Snort in Server.
Once the installation is complete, you need to copy the configuration files <snort-220.127.116.11>/etc/snort.conf to /etc/snort/snort.conf in your server. Alter the configuration as per your requirements.
The default rules for Snort can be found here . You can download the rules and add them to the /etc/snort/rules folder in server.