snort_on_centos7
This is an old revision of the document!
Table of Contents
~~TOC~~
Snort on CentOS 7 - As IDS for RouterOS
Create VM
- 2 vCPU
- 2048GB memory
- 32GB storage
Install daq and snort
- Download snort and daq RPM's from https://www.snort.org/downloads
- Verify MD5 sum, for example:
md5sum snort-2.9.7.2-1.centos7.x86_64.rpm 163d62f7dab09c241f6f6e61228a8299 snort-2.9.7.2-1.centos7.x86_64.rpm
- Install RPM's:
yum install ./daq-2.0.4.RH7.x86_64.rpm yum install snort-2.9.7.2-1.centos7.x86_64.rpm
Install Pulled Pork (rule updater)
- Install requirements:
yum install perl-libwww-perl perl-Crypt-SSLeay perl-Archive-Tar perl-Sys-Syslog perl-LWP-Protocol-https
- Download tar.gz from https://code.google.com/p/pulledpork/
- Extract:
tar zxvf pulledpork-0.7.0.tar.gz
- Install:
cd pulledpork-0.7.0/ mkdir -p /opt/pulledpork/{bin,etc} cp pulledpork.pl /opt/pulledpork/bin ; chmod 755 /opt/pulledpork/bin/pulledpork.pl cp etc/* /opt/pulledpork/etc/
- Edit /opt/pulledpork/etc/pulledpork.conf, and add oinkcode.
- Verify:
./pulledpork.pl -vv -c /opt/pulledpork/etc/pulledpork.conf -T -l
- Add to cron-daily:
/opt/pulledpork/bin/pulledpork.pl -c /opt/pulledpork/etc/pulledpork.conf
Install trafr
- Make directory:
mkdir /opt/trafr cd /opt/trafr
- Download:
wget http://www.mikrotik.com/download/trafr.tgz tar zxvf trafr.tgz
- Install 32 bit libraries:
yum install glibc-2.17-78.el7.i686
Configure RouterOS
- Enalble steaming:
/tool sniffer set streaming-enabled=yes streaming-server=<ip_of_the_server> /tool sniffer start
Test trafr
- Test:
./trafr -s | tcpdump -r - -n
snort_on_centos7.1429046995.txt.gz · Last modified: 2015/04/14 21:29 by admin