apt-get install -y gcc zlib1g-dev openssl libssl-dev libdumbnet-dev bison flex libdnet
wget http://www.tcpdump.org/release/libpcap-1.8.1.tar.gz tar xvf libpcap-1.8.1.tar.gz cd libpcap-1.8.1/ ./configure make && make install
pcre使用8.4版的,去官网下载并且编译安装
wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz tar xvf pcre-8.40.tar.gz cd pcre-8.40/ ./configure make && make install
daq直接使用snort官方下载页面上推荐与2.9.9搭配的版本即可
tar xvf daq-2.0.6.tar.gz cd daq-2.0.6/ ./configure autoreconf -ivf make && make install
在Snort 2.9.9的介绍页面中,nghttp2需要被使用,如果你用1.25的版本在wheezy可能装不了,那就用1.19的版本
wget https://github.com/nghttp2/nghttp2/releases/download/v1.19.0/nghttp2-1.19.0.tar.gz tar xvf nghttp2-1.19.0.tar.gz cd nghttp2-1.19.0/ ./configure make && make install ldconfig
最后安装snort,这一部可编译的选项比较多,可以自己看一下configure文件帮助
tar xvf snort-2.9.9.0.tar.gz cd snort-2.9.9.0/ ./configure --enable-sourcefire autoreconf -ivf make make install
启动Snort,运行正常
[root@debian ~]# snort
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
Decoding Ethernet
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.9.0 GRE (Build 56)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.8.1
Using PCRE version: 8.30 2012-02-04
Using ZLIB version: 1.2.7
Commencing packet processing (pid=18702)
WARNING: No preprocessors configured for policy 0.
07/13-02:06:08.985161 172.16.11.196:22 -> 172.16.11.198:49388
TCP TTL:64 TOS:0x10 ID:35782 IpLen:20 DgmLen:108 DF
***AP*** Seq: 0x4F4E4F4 Ack: 0x35E422BA Win: 0x677 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
在安装目录下,直接运行
make uninstall make clean
如果是编译过程出错,要重新编译
make clean 然后再 ./configure make && make install
参考链接:
1. ubuntu下snort的安装
2. How to Install Snort on Ubuntu 16
没有评论:
发表评论