ids:snort
Differences
This shows you the differences between two versions of the page.
| Next revisionBoth sides next revision | |||
| ids:snort [2018/05/03 14:23] – created veera | ids:snort [2018/05/03 14:30] – veera | ||
|---|---|---|---|
| Line 8: | Line 8: | ||
| - Configure Oinkmaster for automatic updates | - Configure Oinkmaster for automatic updates | ||
| - Start snort and view analytics in TrisulNSM | - Start snort and view analytics in TrisulNSM | ||
| + | |||
| + | |||
| + | ===== Install snort ===== | ||
| + | |||
| + | Snort has a package for Ubuntu. | ||
| + | |||
| + | <code bash> | ||
| + | apt-get update | ||
| + | apt-get install snort | ||
| + | </ | ||
| + | |||
| + | Also install oinkmaster , which also has an Ubuntu package | ||
| + | |||
| + | <code bash> | ||
| + | apt-get install oinkmaster | ||
| + | </ | ||
| + | |||
| + | |||
| + | ===== Replace with Emerging Threats rules ===== | ||
| + | |||
| + | We like the ET and ET Pro rulesets for a number of reasons. If you wish to remain with the Snort community rules or move to the excellent Talos ruleset, you can skip this step. | ||
| + | |||
| + | ==== Download ET Community rules ==== | ||
| + | |||
| + | |||
| + | < | ||
| + | cd /etc/snort | ||
| + | mv rules rules_old | ||
| + | wget https:// | ||
| + | tar xf emerging.rules.tar.gz -C / | ||
| + | </ | ||
| + | |||
| + | ==== Point to the new ET rules ==== | ||
| + | |||
| + | Open snort.conf and copy the lines from rules/ | ||
| + | |||
| + | Next specify a HOMENET, otherwise many ET rules wont load | ||
| + | |||
| + | Example: | ||
| + | |||
| + | < | ||
| + | ipvar HOME_NET 192.168.0.0/ | ||
| + | </ | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
ids/snort.txt · Last modified: 2018/05/03 14:42 by veera