Compiling snort in Slitaz

I always like to use Slitaz running server, because of the benefit from it’s tiny size and low hardware requirement. More resources can be reserved for server service in compare with other distro.

With less than 1GB after installed in hard drive, it provides common server packages, including apache, php, mysql, samba, sure it contains a X windows. However, I need admit that it still missing some advanced features comparing with great distros like Ubuntu, Debian and Red Hat. One of the feature is IDS.

Although official package already provided snort, it just supports log file output instead of supporting database. To enjoy such advanced feature, we need download the tarball and install by ourselves. This article is to demonstrate the installation step-by-step. Please sit back and enjoy.

Pre-requirement: (Please prepare the following programs source)

  • Snort
  • jpgraph
  • adodb
  • Base
  • Barnyard2 (Optional), by referring David Gullett’s setup guide, this tiny program can improve the efficiency of Snort

Step-by-step:

  1. Install Slitaz, very simple
  2. Install official packages by using tazpkg get-install
    – apache2
    – php, php-cli, php-apache, php-mysql, mysql
    – mysql-dev, libpcap, nmap, php-gd, php-pear, slitaz-toolschain
  3. Untar jpgraph
    – tar -zxvf jpgraph.tar.gz
    – copy jpgraph/src /var/www/jpgraph
  4. Untar barnyard2
    – tar -xzvf barnyard2.tar.gz
    – cd barnyard2
    – ./configure withmysql
    – make
    – make install
    – cp etc/barnyard2.conf /usr/local/snort/etc
    – mkdir /var/log/barnyard2
    – edit /usr/local/snort/etc/barnyard2.conf
    – change the following settings: 

    config reference_file: /usr/local/snort/etc/reference.config
    config classification_file: /usr/local/snort/etc/classification.config
    config gen_file: /usr/local/snort/etc/genmsg.map
    config sid_file: /usr/local/snort/etc/sidmsg.map
    config hostname: localhost
    config interface: eth1
    output database: log, mysql, user=SNORT_USER password=SNORT_PASSWORD dbname=snort \
    host=localhost

  5. Untar snort tarball
    – tar -zxvf snort.tar.gz
    – ./configurate -with-mysql –prefix=/opt
    – make
    – make install
    – copy etc rules folders into /opt
  6. Create user account for running snort
    – addgroup snort
    – adduse snort
  7. Create mysql database
    – grant access right to snort account
  8. Edit snort config file
    – vi /opt/snort/etc/snort.conf
  9. Copy snort rules to /opt
  10. Test snort config
  11. Install adodb
    – untar downloaded file
    – copy file in web directory
  12. Install base
    – untar downloaded file
    – copy file to web directory

中文版可到這裡 (Please click the following link for chinese version)
Slitaz 自己手動安裝 snort

Please leave your comment on the topic