Aug 21 2009
Compiling snort
Snort is Flexible Network Intrusion Detection and Prevention System. It has rules based logging. It captures network packets, examines them and decide about their intention by comparing the contents to the rules. It can detect a variety of attacks including buffer overflows, stealth port scans, CGI attacks, SMB probes and much more.
In this tutorial, we are going to compile and use snort.
First download snort from snort’s web site.
wget http://dl.snort.org/snort-current/snort-2.8.4.1.tar.gz
tar -xzvf snort-2.8.4.1.tar.gz
cd snort-2.8.4.1/
./configure
oops, I got the following error
ERROR! Libpcre header not found.
Get it from http://www.pcre.org
Since I am on Debian, I would do the following
p libpcre-ocaml – OCaml bindings for PCRE (Perl Compatible Regular Expression)
p libpcre-ocaml-dev – OCaml bindings for PCRE (Perl Compatible Regular Expression)
i libpcre3 – Perl 5 Compatible Regular Expression Library – runtime files
p libpcre3-dev – Perl 5 Compatible Regular Expression Library – development files
p libpcrecpp0 – Perl 5 Compatible Regular Expression Library – C++ runtime files
So I need to install libpcre3-dev, which I would do like so
sudo aptitude -y install libpcre3-dev
Now I would try to configure it again
./configure
And this time it went well.
Now we will compile the source file into a binary by making use of make
make
A lot of messages will scroll by. Compilation will take some time. Staring at them may give you a headache so go prepare a coffee.
We will install the compiled binary. Remember, we need to install it as root
sudo make install
or su root and then make install
To see where it was installed, do
which snort
/usr/local/bin/snort
