How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat)

Part 1 of 5:

Prerequisites To Compiling Snort

  1. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 1
    Install the required packets using:
    1. Sudo apt-get install flex bison build-essential checkinstall
    2. Sudo apt-get install libpcap-dev libnet1-dev libpcre3-dev
    3. Sudo apt-get install libmysqlclient15-dev libnetfilter-queue-dev iptables-dev
Part 2 of 5:

Install Libdnet

  1. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 2
    Download libdnet-1.12.tgz. Download from: https://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=. Alternatively, you can search for it online.
  2. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 3
    Switch to the directory where the file was saved (this should be Downloads):
    1. cd Downloads
  3. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 4
    Untar the file
    1. tar xvfz libdnet-1.12.tgz
  4. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 5
    Change into libdnet-1.12 directory:
    1. cd libdnet-1.12
  5. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 6
    Compile libdnet
    1. ./configure "CFLAGS=-fPIC"
    2. make
    3. sudo checkinstall
      1. Type "y" and Enter when it reads "Should I create a default set of package docs? [y]: "
      2. Then when it reads ">>". Press Enter again
      3. Enter when it reads "Enter a number to change any of them or press ENTER to continue"
      4. Type "n" and Enter when it reads "Do you want me to list them? [n] "
      5. Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) [n]: "
    4. Install the package:
    5. sudo dpkg -i libdnet_1.12-1_amd64.deb
  6. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 7
    Create the required symbolic link
    1. sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
Part 3 of 5:

Install DAQ (Data Acquisition Library)

  1. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 8
    Download daq-2.0.4.tar.gz. Download it from: https://www.snort.org/downloads, or the https://www.snort.org, or search online for it.
  2. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 9
    Switch to the directory where the file was saved (this should be Downloads):
    1. If still inside libdnet-1.12 then type
      1. cd ..
    2. If in main directory then type
      1. cd Downloads
  3. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 10
    Untar the file:
    1. tar xvfvz daq-2.0.4.tar.gz
  4. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 11
    Change into daq-2.0.4 directory:
    1. cd daq-2.0.4
  5. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 12
    Compile daq (Similar to how we compiled libdnet):
    1. ./configure
    2. make
    3. sudo checkinstall
      1. Type "y" and Enter when it reads "Should I create a default set of package docs? [y]: "
      2. Then when it reads ">>". Press Enter again
      3. Enter when it reads "Enter a number to change any of them or press ENTER to continue"
      4. Type "n" and Enter when it reads "Do you want me to list them? [n] "
      5. Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) [n]: "
  6. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 13
    Install the package:
    1. sudo dpkg -i daq_2.0.4-1_amd64.deb
Part 4 of 5:

Install and Configure Snort

  1. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 14
    Download snort-2.9.7.0.tar.gz. Download it from https://www.snort.org/downloads or the https://www.snort.org or search for it online.
  2. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 15
    Switch to the directory where the file was saved (should be Downloads):
    1. If still inside libdnet-1.12 or daq.2.0.4, then type
      1. cd ..
    2. If in main directory then type
      1. cd Downloads
  3. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 16
    Untar the file:
    1. tar xvfvz snort-2.9.7.0.tar.gz
  4. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 17
    Change into snort-2.9.7.0 directory:
    1. cd snort-2.9.7.0
  5. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 18
    Compile snort (Similar to how we compiled libdnet and daw):
    1. ./configure
    2. make
    3. sudo checkinstall
      1. Type "y" and Enter when it reads "Should I create a default set of package docs? [y]: "
      2. Then when it reads ">>". Press Enter again
      3. Enter when it reads "Enter a number to change any of them or press ENTER to continue"
      4. Type "n" and Enter when it reads "Do you want me to list them? [n] "
      5. Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) [n]: "
  6. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 19
    Install the package:
    1. sudo dpkg -i snort_2.9.7.0-1_amd64.deb
  7. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 20
    Create the required symbolic link:
    1. sudo ln -s /usr/local/bin/snort /usr/sbin/snort
    2. sudo ldconfig -v
  8. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 21
    Verify the snort version by typing:
    1. snort -V
  9. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 22
    Make snort an individual user with no login for network security:
    1. sudo groupadd snort
    2. sudo useradd snort -d /var/log/snort/ -s /sbin/nologin -c SNORT_IDS -g snort
    3. sudo mkdir /var/log/snort
    4. sudo chown snort:snort /var/log/snort
Part 5 of 5:

Install and Configure Snort Rules

  1. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 23
    In order to download the default snort rule-set, you will have to create a log in at https://www.snort.org.
  2. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 24
    Download snortrules-snapshot-2970.tar.gz. Download it from https://www.snort.org/downloads or the https://www.snort.org or search online for it.
  3. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 25
    Switch to the directory where the file was saved (should be Downloads):
    1. If still inside libdnet-1.12 or daq.2.0.4 or snort-2.9.7.0 then type
      1. cd ..
    2. If in main directory then type
      1. cd Downloads
  4. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 26
    Make a new directory for the rules:
    1. sudo mkdir /etc/snort
  5. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 27
    Untar the file
    1. sudo tar xvfvz snortrules-snapshot-2970.tar.gz -C /etc/snort/
  6. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 28
    Configure the rule-set:
    1. sudo touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
    2. sudo mkdir /usr/local/lib/snort_dynamicrules
    3. sudo chown -R snort:snort /etc/snort/*
    4. sudo mv /etc/snort/etc/* /etc/snort/
  7. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 29
    Update snort config file:
    1. Use any editor you are familiar with (vim, emac, gedit, pico) and open /etc/snort/snort.conf with sudo permissions. Eg: sudo vi /etc/snort/snort.conf
      1. Change Line 104 from "var RULE_PATH ../rules" to "var RULE_PATH /etc/snort/rules"
      2. Change Line 105 from "var SO_RULE_PATH ../so_rules" to "var SO_RULE_PATH /etc/snort/so_rules"
      3. Change Line 105 from "var PREPROC_RULE_PATH ../preproc_rules" to "var PREPROC_RULE_PATH /etc/snort/preproc_rules"
      4. Change Line 109 from "var WHITE_LIST_PATH ../rules" to "var WHITE_LIST_PATH /etc/snort/rules"
      5. Change Line 110 from "var BLACK_LIST_PATH ../rules" to "var BLACK_LIST_PATH /etc/snort/rules"
      6. Save and Exit
  8. How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat) Picture 30
    Verify that snort is fully functional with the default rule-set listening to all the traffic on the network by running it in test mode.
    1. sudo snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf
3.9 ★ | 25 Vote

May be interested

  • How to Install Custom Fonts in UbuntuPhoto of How to Install Custom Fonts in Ubuntu
    this tutorial will show you how to install, custom fonts with font manager in ubuntu. linux it's a little bit different than windows when it comes to installing, but there has no need to be confused, it's an easy task. first you must to...
  • How to Clear Ubuntu Software Center HistoryPhoto of How to Clear Ubuntu Software Center History
    have you ever installed a software using the ubuntu software center, but wanted to clear the history of the installation? this easy guide will show you how to remove the history from ubuntu software center using a few terminal commands....
  • How to Upgrade VLC in UbuntuPhoto of How to Upgrade VLC in Ubuntu
    the version of vlc in the standard ubuntu repository (version 0.9.9) contains the controls in a separate window to the video output. this article lists steps to upgrade vlc to a beta test of version 1.0. * the problem: the issue that does...
  • How to Install Mumble on UbuntuPhoto of How to Install Mumble on Ubuntu
    mumble is a voip (voice over internet protocol) software program that allows one to connect with other people and voice chat with them. it's a bit comparable to teamspeak and ventrilo and is primarily used by gamers. open a terminal...
  • How to Auto Hide the Launcher in UbuntuPhoto of How to Auto Hide the Launcher in Ubuntu
    have you tried getting the launcher (side bar) to auto-hide, but you don't know how? this article presents two ways that might solve your problem. click on the drop-down menu on the top right.
  • How to Install Flash Player on UbuntuPhoto of How to Install Flash Player on Ubuntu
    flash is no longer being developed for linux, and the newest versions are only available built-in to chrome. if you use the chromium browser, you can extract the flash plugin from chrome and use it. if you use firefox, you'll need to...