Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » Snort 2.4.2 on RHEL4 Update 1

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Snort 2.4.2 on RHEL4 Update 1


Posted by Bilbo on October 08, 2005 10:08:02

Hello,

Patrick Harpers made some finde docs about installing Snort on RHEL-based systems.

Some things are not entirely clear our outdated, therefore I made some hints to get it working:

--------------------------------


The Sourcefire-provided RPMs do not install on RHEL4 systems, therefore we have to build our own RPMs:

Building the RPMs requires the following to packes:

wget http://centos.arcticnetwork.ca/4.1/os/i386/CentOS/RPMS/mysql-devel-4.1.10a-2.RHEL4.1.i386.rpm
wget http://centos.arcticnetwork.ca/4.1/os/i386/CentOS/RPMS/pcre-devel-4.5-3.i386.rpm

rpm --install mysql-devel-4.1.10a-2.RHEL4.1.i386.rpm
rpm --install pcre-devel-4.5-3.i386.rpm

Now download the tarball from www.snort.org and build and install the rpms:

rpmbuild -ta snort-2.4.2.tar.gz --with mysql

rpm --install /usr/src/redhat/rpms/i386/snort-2.4.2-1.i386.rpm
rpm --install /usr/src/redhat/rpms/i386/snort-mysql-2.4.2-1.i386.rpm

We need the rules. Register on the snort-website to get your oinkmaster-code.

http://www.ip-solutions.net/~hhoffman/oinkmaster/oinkmaster-1.2-0.noarch.rpm
rpm --install oinkmaster-1.2-0.noarch.rpm

--------------------------------


Edit the /etc/oinkmaster.conf

url = http://www.snort.org/pub-bin/oinkmaster.cgi/xxxxxx/snortrules-snapshot-2.4.tar.gz

Replace the xxxx with your oinkmaster-code.

Now run the Oinkmaster to get the rules:

oinkmaster -C /etc/oinkmaster.conf -o /etc/snort/rules

--------------------------------

Now configure the /etc/snort/snort.conf to match your network. Patrick Harper explains the paramters for logging into the mysql-database.

--------------------------------

Now we install the Base-UI.

Base needs the gd-libs:

wget http://centos.arcticnetwork.ca/4.1/os/i386/CentOS/RPMS/php-gd-4.3.9-3.6.i386.rpm
rpm --install php-gd-4.3.9-3.6.i386.rpm


Now download and untar the adodb-libs:

wget http://mesh.dl.sourceforge.net/sourceforge/adodb/adodb466.tgz
cd /var/www
tar zxfv adodb466.tgz

Now download and untar the Base-UI.

wget http://mesh.dl.sourceforge.net/sourceforge/secureideas/base-1.1.4.tar.gz
cd /var/www/html
tar xzfv base-1.1.4.tar.gz
mv base-1.1.4 base
cd base
mv base_conf.php.dist base_conf.php

Follow Harpers docs to edit the base_conf.php.

--------------------------------

Snort and Base should be working now.

Regards,
Robert M. Albrecht

Posted by Joel_Esler on October 10, 2005 09:55:35

Please inform Patrick Harper of your findings. We do not maintain this document.


Joel Esler
SOURCEfire
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.