Snort Installation in CentOS

 

How to Install Snort Firwall In CentOS:-

1.   Preparation 

   • Make Sure That your System is updated:-
     • yum update
     • reboot now 
      
   • Some of Snort 3 dependencies will be installed from source.Create a directory that will hold the source code.
     •  mkdir sources && cd source
      
   • This Package is just for completing the snort installation.And Can be removed later on.
   • yum install  vim git wget  
    
   • Installing Required Packages for Snort.
   • yum install flex bison gcc gcc-c++ make  
   • Make Sure Operating have Latest version of Cmake
   • yum remove cmake
   • wget https://cmake.org/files/v3.12/cmake-3.12.0.tar.gz
   • tar xf cmake-3.12.0.tar.gz && cd cmake-3.12.0
   • ./configure
   • make –j 8
   • make install
    

2. Installing Snort 3 Required Dependencies.

   • Snort 3 required dependencies are installed from both the CentOS base repository and packages source code. 
     
     •  yum install libdnet-devel hwloc-devel openssl-devel zlib-devel pkgconfig 
   • Installing Luajit 
     • wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz
     • tar xf LuaJIT-2.0.5.tar.gz && cd LuaJIT-2.0.5
     • make && make install
     • cp /usr/local/lib/pkgconfig/luajit.pc /usr/lib64/pkgconfig/
   •  Installing PCRE 
   • The pcre package(8.32) in the base repository, while compatible with Snort3,is older than the latest version(8.42), and some of Snort 3 optional requirements, Hyperscan, warns that pcre version 8.41 is not installed.
   •  wget http://www.tcpdump.org/release/libpcap-1.9.0.tar.gz
   • tar xf libpcap-1.9.0.tar.gz &&cd libpcap-1.9.0
   • ./configure --libdir=/usr/lib6 --includedir=/usr/include
   • make && make install
   •  
   • Installing DAQ.
   • yum install libnfnetlink-devel libnetfilter_queue-devel
   • wget https://www.snort.org/downloads/snor/daq-2.0.6-1.centos7.x86_64.rpm
   • tar xf daq-2.0.6.1.tar.gz && cd daq-2.0.6.1
   •  Some of the daq modules can be disabled if not used.The example below configures daq for afpacket while disabling other modules and enabling IPv6 support:
   • ./configure --disable-ipfw-module --disable-ipq-module --disable-nfq-module --enable-ipv6
   • make
   • make install

3.  Installing and Verifying Snort 3 Installation.

• git clone https://github.com/snort3/snort3.git
• cd snort 3 
• export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib:/usr/local/lib
• ./configure_cmake.sh  --prefix=/usr/local/snort --enable-tcmalloc
• cd build
• make -j 8
• make install
• ldd /usr/local/snort/bin/snort
• /usr/local/snort/bin/snort –V