Difference between revisions of "Downloading and using latest snort rules"
From Notes_Wiki
(Created page with "=Downloading and using latest snort rules= #Download latest snort rules from https://www.snort.org/snort-rules/#registered Note that we cannot download subscriber release w...") |
m |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Security tools]] > [[Snort configuration]] > [[Downloading and using latest snort rules]] | |||
#Download latest snort rules from https://www.snort.org/snort-rules/#registered Note that we cannot download subscriber release without becoming subscriber, but we can use registered user release by free registration. The subscriber rules are available for registered users with a months delay. | #Download latest snort rules from https://www.snort.org/snort-rules/#registered Note that we cannot download subscriber release without becoming subscriber, but we can use registered user release by free registration. The subscriber rules are available for registered users with a months delay. | ||
| Line 25: | Line 25: | ||
#Use '<tt>service snort start</tt>'. It may take some time for snort to start. | #Use '<tt>service snort start</tt>'. It may take some time for snort to start. | ||
#One can use 'tail -100 /var/log/messages | less' to see the detailed information on rules that got loaded. | #One can use 'tail -100 /var/log/messages | less' to see the detailed information on rules that got loaded. | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Security tools]] > [[Snort configuration]] > [[Downloading and using latest snort rules]] | |||
Latest revision as of 15:53, 24 March 2022
Home > CentOS > CentOS 6.x > Security tools > Snort configuration > Downloading and using latest snort rules
- Download latest snort rules from https://www.snort.org/snort-rules/#registered Note that we cannot download subscriber release without becoming subscriber, but we can use registered user release by free registration. The subscriber rules are available for registered users with a months delay.
- Copy snortrules-snapshot-2905.tar.gz to folder named snortrules. Here 2905 means snort version 2.9 and ruleset version 05.
- Extract snortrules-snapshot-2905.tar.gz using 'tar xzf snortrules-snapshot-2905.tar.gz'
- rm -rf /etc/snort
- mkdir /etc/snort /etc/snort/rules /etc/snort/so_rules /etc/snort/preproc_rules
- Copy all files and directories from 'etc' folder to '/etc/snort'
- Copy all files and directories from 'rules' folder to '/etc/snort/rules'
- Copy all files and directories from 'so_rules' folder to '/etc/snort/so_rules'
- Copy all files and directories from 'preproc_rules' folder to '/etc/snort/preproc_rules'
- chown -R snort:snort /etc/snort
- Edit file '/etc/snort/snort.conf' and make changes to following lines
- ipvar HOME_NET [10.0.0.0/8,172.16.0.0/12,192.168.0.0/16]
- ipvar EXTERNAL_NET any
- ipvar DNS_SERVERS [192.168.36.222,192.168.36.204,10.4.2.210,10.4.3.203]
- ipvar SMTP_SERVERS [10.4.2.200,10.4.2.202,10.4.2.250]
- ipvar HTTP_SERVERS [10.4.2.208]
- portvar HTTP_PORTS [80,3128,8080]
- var RULE_PATH /etc/snort/rules
- var SO_RULE_PATH /etc/snort/so_rules
- var PREPROC_RULE_PATH /etc/snort/preproc_rules
- Use 'service snort start'. It may take some time for snort to start.
- One can use 'tail -100 /var/log/messages | less' to see the detailed information on rules that got loaded.
Home > CentOS > CentOS 6.x > Security tools > Snort configuration > Downloading and using latest snort rules
