Thread: Getting snort up and running on *nix

Ok im sitting here bored so i thought i would write a small how to on getting snort up and running it will be too short for a tutorial so thats why its in gen chit chat

Ok first things first this will be based on a *nix type system first thing to do is download the snort install file (duh!)
imassuming you allready have tcpdump and libpcap installed if not get them from www.tcpdump.org
and get the newest build of snort here
http://www.snort.org/dl/snort-2.0.1.tar.gz


tar zxvf snort-2.0.1.tar.gz

then cd snort-2.0.1 then do a

./configure ; make ; make install as the super user (root)

now download the latest rules from snort
http://www.snort.org/dl/signatures/snortrules.tar.gz

tar zxvf snortrules.tar.gz

now make a directory in /etc called snort

mkdir /etc/snort

and make a directoy for the logging

mkdir /var/log/snort

now cd in to the 'rules' directory left by the snortrules.tar.gz

and copy all the files to /etc/snort

cp * /etc/snort

now if all was done without an error try running snort from either /usr/local/bin/snort or snort if its in you're path

well thats it *yawns*

further reading
http://www.snort.org/docs/
www.snort.org/docs/writing_rules/chap2.html <---wrinting you're own rules

enjoy the pig

Good idea but since im on a stand alone i thought i would keep it as basic as possible for now when i get more boxen up i will write something bigger than this on it. Im just messing with it the now and had a lot of failed attepts with snort so i was bored and wrote that should be getting cable and more boxen soon so hopefully i will write something bigger on it