- 更新系统软件包
sudo apt-get update
sudo apt-get upgrade
- 安装依赖项
sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev liblzma-dev openssl libssl-dev ethtool
- 下载和编译Snort
wget https://www.snort.org/downloads/snort/snort-2.9.17.1.tar.gz
tar -zxvf snort-2.9.17.1.tar.gz
cd snort-2.9.17.1/
./configure --enable-sourcefire --disable-open-appid
make
sudo make install
- 配置Snort
创建一个Snort配置文件:
sudo mkdir /etc/snort
sudo touch /etc/snort/snort.conf
将以下内容添加到snort.conf文件中:
# This is a basic configuration file for Snort.
# You can download more configuration files from the Snort community website.
# Set the network interface to monitor.
var HOME_NET <your_network>
# Set the path to the rules files.
var RULE_PATH /etc/snort/rules
# Set the path to the dynamic rules libraries.
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
# Include the rules files.
include $RULE_PATH/local.rules
include $RULE_PATH/snort.rules
- 下载和配置Snort规则
下载Snort规则文件:
sudo apt-get install -y snort-rules-default
将以下内容添加到snort.conf文件中:
Set the path to the rules files.
var RULE_PATH /etc/snort/rules
# Set the path to the dynamic rules libraries.
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
# Include the rules files.
include $RULE_PATH/local.rules
include $RULE_PATH/snort.rules
- 启动Snort
使用以下命令启动Snort:
sudo snort -i <your_interface> -c /etc/snort/snort.conf -A console