Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › snort IDS running on turnkey or CentOS
New Posts  All Forums:Forum Nav:

snort IDS running on turnkey or CentOS

post #1 of 4
Thread Starter 
I was wondering if anyone here has any experience setting up and running snort on turnkey linux(debian based) or CentOS(Redhat based). I Installed a product called snorby using their Insta snorby ISO which works great out of the box. It runs on turnkey use's snort and mysql to generate and log alerts then uses their own snorby front end. This works great out of the box but when adding any kind of custom suppression rule or threshold rule to the threshold.conf file it breaks and snorby stops reporting alerts.
http://www.snorby.org/

After this hassle i tried to fire up a virtual install of CentOS and install everything from source code but can't seem to get snort running there are dozens and dozens of errors in the snort.conf file. Just wondering if anyone has been down this road before and has any advice?

Iv'e tried the all mighty google and tried just about every guide I could find. Thanks in advance for any help!!
5ghz =)
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz Gigabyte P67a-UD3-B3 ATI HD 6970 4Gb Patriot ddr3 1333mhz. 
Hard DriveOptical DriveOSMonitor
2x 60gb Mushkin SSD Raid-0, 1tb spinpoint Lg DvD Burner. windows 7, Ubuntu 9.10, Centos 5. 30'' Samsung 305T 2560x1600 =D 
KeyboardPowerCaseMouse
Dell 610watt PcPower&Cooling Ha f932 Razer Mamba 
Mouse Pad
Razer Vespula 
  hide details  
Reply
5ghz =)
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz Gigabyte P67a-UD3-B3 ATI HD 6970 4Gb Patriot ddr3 1333mhz. 
Hard DriveOptical DriveOSMonitor
2x 60gb Mushkin SSD Raid-0, 1tb spinpoint Lg DvD Burner. windows 7, Ubuntu 9.10, Centos 5. 30'' Samsung 305T 2560x1600 =D 
KeyboardPowerCaseMouse
Dell 610watt PcPower&Cooling Ha f932 Razer Mamba 
Mouse Pad
Razer Vespula 
  hide details  
Reply
post #2 of 4
Greetz
I wish I could help you because I am a long time convert to Snort but I don't do virtual installs since it always feels like halfway compromise measures to me. If I want it bad enough to install it it's going on a hard drive. They're cheap these days. I am also unfamiliar with CentOS and haven't played with anything RedHat related in over 10 years.

The only way I might possibly help you is to inform you of how easy and full Snort is on Slackware. Below is a link for SlackBuilds listing Snort and all of it's dependencies and most used addons. Each one consists of a link to the original source code of the version guaranteed to run well with each other and with Slackware v13 and Current as well as an install script that basically automates "./configure, make, and makepkg" and followed by a simple "installpkg" and KaBlammo! it all works. One can do a complete install of everything on this page in less than a half hour and be up and running that quickly.

Enjoy! (assuming you consider giving it a shot)

http://slackbuilds.org/result/?search=snort&sv=13.1

cool.gif

Also you might appreciate Tripwire which is a single package HERE
Edited by enorbet2 - 4/20/11 at 1:43am
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #3 of 4
Thread Starter 
Quote:
Originally Posted by enorbet2;13199058 
Greetz
I wish I could help you because I am a long time convert to Snort but I don't do virtual installs since it always feels like halfway compromise measures to me. If I want it bad enough to install it it's going on a hard drive. They're cheap these days. I am also unfamiliar with CentOS and haven't played with anything RedHat related in over 10 years.

The only way I might possibly help you is to inform you of how easy and full Snort is on Slackware. Below is a link for SlackBuilds listing Snort and all of it's dependencies and most used addons. Each one consists of a link to the original source code of the version guaranteed to run well with each other and with Slackware v13 and Current as well as an install script that basically automates "./configure, make, and makepkg" and followed by a simple "installpkg" and KaBlammo! it all works. One can do a complete install of everything on this page in less than a half hour and be up and running that quickly.

Enjoy! (assuming you consider giving it a shot)

http://slackbuilds.org/result/?search=snort&sv=13.1

cool.gif

Also you might appreciate Tripwire which is a single package HERE

Very Nice! Thank you very much!! I'm going to give it a shot. Right now im only using virtualbox to test different distros and configurations ect.. I have a real machine running snort right now but for some reason every time I try to write in a suppression rule it seems to break snort and it stops alerting but this is also coming from a insta-snorby install which uses turnkey and the entire file layout looks different so it might just be me doing it wrong? I had a really good snort machine running once on ubuntu I had all of my supression and thresholds set using this guide
https://help.ubuntu.com/community/SnortIDS But when I had it running I couldn't get ruby/rails/phusion to work right which is needed for the front end I wanted to use www.snorby.org Ill Give Slackware a try and see where I land!! Thanks again for the links!!
5ghz =)
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz Gigabyte P67a-UD3-B3 ATI HD 6970 4Gb Patriot ddr3 1333mhz. 
Hard DriveOptical DriveOSMonitor
2x 60gb Mushkin SSD Raid-0, 1tb spinpoint Lg DvD Burner. windows 7, Ubuntu 9.10, Centos 5. 30'' Samsung 305T 2560x1600 =D 
KeyboardPowerCaseMouse
Dell 610watt PcPower&Cooling Ha f932 Razer Mamba 
Mouse Pad
Razer Vespula 
  hide details  
Reply
5ghz =)
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz Gigabyte P67a-UD3-B3 ATI HD 6970 4Gb Patriot ddr3 1333mhz. 
Hard DriveOptical DriveOSMonitor
2x 60gb Mushkin SSD Raid-0, 1tb spinpoint Lg DvD Burner. windows 7, Ubuntu 9.10, Centos 5. 30'' Samsung 305T 2560x1600 =D 
KeyboardPowerCaseMouse
Dell 610watt PcPower&Cooling Ha f932 Razer Mamba 
Mouse Pad
Razer Vespula 
  hide details  
Reply
post #4 of 4
Sounds like a pretty crazy night there,....
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Xeon E5506  Intel DX58SO Evga GTX 460 1GB 8gb Ramaxel 12800u  
Hard DriveCoolingOSMonitor
x2 Western Digital 500 RAID0 Stock Intel Windows 10 x64 Vizio  
KeyboardPowerCaseMouse
HP Seasonic 650 Lian Li V1200 Microsoft Comfort Mouse 
Audio
Realtek 
  hide details  
Reply
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Xeon E5506  Intel DX58SO Evga GTX 460 1GB 8gb Ramaxel 12800u  
Hard DriveCoolingOSMonitor
x2 Western Digital 500 RAID0 Stock Intel Windows 10 x64 Vizio  
KeyboardPowerCaseMouse
HP Seasonic 650 Lian Li V1200 Microsoft Comfort Mouse 
Audio
Realtek 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › snort IDS running on turnkey or CentOS