Skip to content

Instantly share code, notes, and snippets.

@andrewshulgin

andrewshulgin/install.sh

Forked from 2xyo/install.sh
Last active April 26, 2017 14:14
Show Gist options
  • Save andrewshulgin/9a1c731a29198c2f546117e5f93fc761 to your computer and use it in GitHub Desktop.
Save andrewshulgin/9a1c731a29198c2f546117e5f93fc761 to your computer and use it in GitHub Desktop.
Download ZIP
SNORT installation on debian 8
Raw
install.sh
#!/bin/sh
set -e
if [ -z "$1" ]; then
echo "usage: $0 <interface>" > /dev/stderr
exit 1
fi
INTERFACE="$1"
ip link show "$INTERFACE" > /dev/null
rc=$?
if [ $rc -ne 0 ]; then
echo "interface $INTERFACE does not exist" > /dev/stderr
exit 1
fi
export LIBPCAP_VERSION=1.7.4
export LIBDAQ_VERSION=2.0.6
export SNORT_VERSION=2.9.9.0
export PCRE_VERSION=10.23
sudo apt -y install checkinstall curl sudo
sudo mkdir -p /usr/local/share/doc /usr/local/share/man
mkdir ~/snort && cd ~/snort
curl http://www.tcpdump.org/release/libpcap-${LIBPCAP_VERSION}.tar.gz | tar xz
cd libpcap-${LIBPCAP_VERSION}
sudo apt -y install flex byacc bison libpcre3-dev libdumbnet-dev zlib1g-dev
./configure
make -j$(nproc)
sudo checkinstall -y -D --pkgname=libpcap \
--pkgversion=${LIBPCAP_VERSION} \
--nodoc \
make install
sudo ldconfig
cd ~/snort
curl -L https://www.snort.org/downloads/snort/daq-${LIBDAQ_VERSION}.tar.gz | tar xz
cd daq-${LIBDAQ_VERSION}
./configure
make -j$(nproc)
sudo checkinstall -y -D --pkgname=libdaq \
--pkgversion=${LIBDAQ_VERSION} \
--nodoc \
make install
sudo ldconfig
cd ~/snort
curl -L https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}.tar.gz | tar xz
cd snort-${SNORT_VERSION}
./configure --enable-sourcefire
make -j$(nproc)
sudo mkdir -p /usr/local/lib/snort_dynamicengine/ \
/usr/local/include/snort \
/usr/local/lib/snort \
/usr/local/lib/snort/dynamic_preproc/ \
/usr/local/lib/snort_dynamicpreprocessor/ \
/usr/local/lib/snort/dynamic_output/ \
/usr/local/share/doc \
/usr/local/share/man
sudo checkinstall -y -D --pkgname=snort \
--pkgversion=${SNORT_VERSION} \
make install
sudo ldconfig
# Create the Snort directories:
sudo mkdir /etc/snort
sudo mkdir /etc/snort/rules
sudo mkdir /etc/snort/rules/iplists
sudo mkdir /etc/snort/preproc_rules
sudo mkdir /usr/local/lib/snort_dynamicrules
sudo mkdir /etc/snort/so_rules
# Create some files that stores rules and ip lists
sudo touch /etc/snort/rules/iplists/black_list.rules
sudo touch /etc/snort/rules/iplists/white_list.rules
sudo touch /etc/snort/rules/local.rules
sudo touch /etc/snort/sid-msg.map
# Create our logging directories:
sudo mkdir /var/log/snort
sudo mkdir /var/log/snort/archived_logs
sudo groupadd snort
sudo useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
# Adjust permissions:
sudo chmod -R 5775 /etc/snort
sudo chmod -R 5775 /var/log/snort
sudo chmod -R 5775 /var/log/snort/archived_logs
sudo chmod -R 5775 /etc/snort/so_rules
sudo chmod -R 5775 /usr/local/lib/snort_dynamicrules
# Change Ownership on folders:
sudo chown -R snort:snort /etc/snort
sudo chown -R snort:snort /var/log/snort
sudo chown -R snort:snort /usr/local/lib/snort_dynamicrules
cd ~/snort/snort-${SNORT_VERSION}/etc
sudo cp *.conf* /etc/snort
sudo cp *.map /etc/snort
sudo cp *.dtd /etc/snort
cd ~/snort/snort-${SNORT_VERSION}/src/dynamic-preprocessors/build/usr/local/lib/snort_dynamicpreprocessor/
sudo cp * /usr/local/lib/snort_dynamicpreprocessor/
(cat <<EOF
[Unit]
Description=Snort NIDS Daemon
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/snort -q -Q -u snort -g snort -c /etc/snort/snort.conf -i $INTERFACE
[Install]
WantedBy=multi-user.target
EOF
)| sudo tee /lib/systemd/system/snort.service > /dev/null
sudo systemctl enable snort
sudo systemctl start snort
sudo systemctl status --no-pager --full snort
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment