Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically...
Transcript of Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically...
![Page 1: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/1.jpg)
Snorter
Install Guide
Install Snort + Barnyard2 + PulledPork automatically
@joan_bono
![Page 2: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/2.jpg)
What do you need?
A computer running:Debian
Kali Linux
Raspbian Jessie
Oinkcode:It's FREE!
Highly recommended!
Get yours here.
Identified Network Interface: ip link show
Previous dependencies: sudo apt-get install git
Patience.
![Page 3: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/3.jpg)
First steps
Cloning the repository:
git clone https://github.com/joanbono/Snorter.git̀ cd Snorter/srcbash Snorter.sh -h
Recommended: Execute the program using an oinkcode
bash Snorter.sh -o <oinkcode> -i <interface>Ex: bash Snorter.sh -o XXXXXXXXXXXXX -i eth0
Not Recommended: Execute the program without an oinkcode
bash Snorter.sh -i interfacebash Snorter.sh -i eth0
![Page 4: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/4.jpg)
Snort installation
Superuser password, and wait...
![Page 5: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/5.jpg)
Snort and daq are installed.
![Page 6: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/6.jpg)
Now it's time to add the HOME_NET and the EXTERNAL_NET .
Press Enter to continue. It will open vim :Press A to go to the end of the line.
Add the address and the mask you want to protect.
Press Esc and then :wq! to save the changes.
![Page 7: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/7.jpg)
Do the same for the EXTERNAL_NET :
Press Enter to continue. It will open vim :Press A to go to the end of the line.
Add the attacker address. Recommeded: !$HOME_NET .
Press Esc and then :wq! to save the changes.
![Page 8: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/8.jpg)
Now the output. By default, unified2 output is enabled, butyou can enable more than one output. I'm going to enable bothCSV and TCPdump output.
![Page 9: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/9.jpg)
Now SNORT will start in console mode. Send a PING fromanother machine.
It will show a PING alert. Press Ctrl+C once, and continue theinstallation.
![Page 10: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/10.jpg)
Barnyard2 installation
Now it's time to install BARNYARD2 if you want.
You will be asked to insert a password for the SNORT databasewhich is going to be created. In the example, I've used SNORTSQL
![Page 11: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/11.jpg)
Now the program will install dependencies.
It's going to install MySQL , so if it's not installed, you will insert apassword for this service too. In the example, I've used ROOTSQL .
![Page 12: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/12.jpg)
And the MySQL password.
![Page 13: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/13.jpg)
Now you are going to be asked for the MySQL password 3times
Please keep in mind: MySQL root password 3 times.
![Page 14: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/14.jpg)
PulledPork installation
Now it's time to install PulledPork if you want.
![Page 15: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/15.jpg)
service creation
Create a system service :
![Page 16: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/16.jpg)
Download and install new rules
You can download rules when everything is installed andconfigurated.
![Page 17: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/17.jpg)
Enabling Emerging Threats and Community rules
Enable at snort.conf the Emerging Threats and Community rules
![Page 18: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/18.jpg)
WebSnort
Install WebSnort for PCAP analysis
![Page 19: Snorter - Joan Bono · Snorter Install Guide Install Snort + Barnyard2 + PulledPork automatically @joan_bono](https://reader033.fdocuments.net/reader033/viewer/2022050219/5f646696478cda5bf109245b/html5/thumbnails/19.jpg)
Reboot
Reboot the system.