You should now modify configuration file. Do it using the following commands:Ĭhcon -R system_u:object_r:snort_etc_t:s0 /etc/snortĬhcon -R system_u:object_r:lib_t:s0 /etc/snort/so_rules/precompiled/RHEL-6-0/ Now, if you are using SELinux you should change context of the files you moved to /etc/snort directory. Mv -i snort/rules snort/preproc_rules snort/so_rules /etc/snort/ Note that I'm using force option of move command to overwrite existing files. Next you have to move files in their place. To configure snort you'll have to download snortrules archive. In case there is previous installation be careful not to overwrite existing configuration. I'll assume that you are installing a fresh instance, i.e. Now, download Snort's srpm file and rebuild it using: Those two aren't listed as dependencies in Snort's SRPM file, so you'll get some cryptic error message. Next, for snort you'll need libdnet library which is in EPEL. This is actually something rpmbuild tool will warn you that you have to install. Before rebuilding it, you should install pcap-devel. In the following text I'll assume that you started with a minimal CentOS installation with the following packages installed (and their dependencies, of course): gcc, make, bison, flex, autoconf, automake, rpmbuild.įirst, download daq source rpm file. In case you want to rebuild them, the process is now almost without any problems. Yet, there is a problem with a libdnet dependency (I don't know which one was used during compilation, but it certainly wasn't the one in EPEL). So, you only need to download them and install (or install using URL). In short, binary packages for CentOS 6 are now provided on the Snort's download page. In the mean time I decided it's time to upgrade so the idea of this post is to document what changed with respect to that older post. Some time ago I wrote a post about installing Snort 2.9.1 on CentOS 6.
0 kommentar(er)
