automatically install and configure SNORT via script

Discussion in 'all things UNIX' started by linuxforall, Nov 13, 2012.

Thread Status:
Not open for further replies.
  1. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    http://autosnort.blogspot.in/


    So... to start, what exactly is autosnort? To boil it down, autosnort is a shell script that will take a supported operating system and give you a fully updated, fully functional snort installation with minimal effort.
     
  2. da_667

    da_667 Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    1
    Location:
    US
    Hi there!

    This is DA, the current maintainer for the autosnort script, project.... whatever-you-may-call-it.

    I wanted to stop by and say thank you for linking the project on your forums. For anyone who is interested in the script, the blog post above gives you a rough idea of the goals and links to my github repo which currently houses 3 different variations of the script - one for CentOS, one for Ubuntu and another for Backtrack (with more planned in the near future).

    The scripts are entirely free, open-source and being released under the MIT license, meaning you can do practically anything you'd like with them.

    If you you are a user, and have questions, run into difficulties or would like to contribute, feel free to contact me. My contact information is plastered all over the script readme and the blog post.

    Thanks!

    da_667
     
  3. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Many thanks DA, am linking your work at the Ubuntu forums as well as the Chakra forums.
     
  4. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    How do you install this? I saved it to a emty document file, renamed it but it wont run :mad:
     
  5. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136

    Its a script, you need to give it execute permissions.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Out of curiosity, why would you want to do this if you face the problem of configuring the software? What added benefit will you have in such a scenario?

    Mrk
     
  7. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Linux is all about curiosity and SNORT is a good start.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    I asked him. Besides, I can think of at least 304 things before using Snort.
    Mrk
     
  9. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    And I ask you, why would you discourage one from trying out stuff in LINUX? One can only learn by trial and error and breakage, arent we all here to learn btw?
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Sure, but you don't become a ninja by applying for brown belt first.
    If someone does not know how to chmod a file, they are not ready for snort.

    Besides, as an intrusion detection system, it's mostly a network tool. The fact it runs on Linux is less important here, and the implication is in understanding protocols, signatures, etc. Linux is secondary. And before going Snort, I would advise someone to learn about the OS architecture, startup scripts, reading logs, etc, before using a highly sophisticated tool for analyzing potentially tricky network patterns in a home environment, where these are quite unlikely to happen.

    Mrk
     
  11. Strixv

    Strixv Registered Member

    Joined:
    Aug 15, 2009
    Posts:
    1
    Thank you da_667

    For taking the time to work on and providing autosnort script/project it will be helpful to a lot of Users from beginner to expert users.

    Can add the emergingthreats sigs

    and do a FreeBSD script

    Thanks
     
  12. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    That is a good point but we can only learn how to drive by getting on the road as we learn how to swim by getting into the water. Sure we make mistakes but then they can be easily rectified, Linux is all about chances.
     
  13. BrandiCandi

    BrandiCandi Guest

    I'm going to have to agree with Mr.K on this one. If I would have started with snort I would have suffered endless frustration. I would advise starting with a firewall, learn to configure it & read the logs. Then maybe graduate to snort.

    Incidentally, the auto snort script sounds quite intriguing. I'll have to give it a try.
     
  14. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Come on guys be nice :mad:

    Just let me know how to install the script?!!
     
  15. BrandiCandi

    BrandiCandi Guest

    ComputerSaysNo, it looks like it downloads a tarball. Have you uncompressed it? Does it come with a readme or anything?
     
  16. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    With Mrk we use to repeat the same thing since years about Snort...useless for desktops.
    In the past an easy way to make a Centos based install wass EasyIDS liveCD
    http://www.skynet-solutions.net/About-EasyIDS
    If we take into consideration the technology, soft ids appears now obsolete.
    Their management costs a lot of time (rules updates, falses positives etc) for an hypothetyical interest (low probability of DDOS, fast flux bot/worm etc) in a desktop/small lan environment.
    For the rules for instance (blacklist cat and mouse game), paid subscribtions is often better, even if there is an active open source community
    http://rules.emergingthreats.net/
    UTM appliance ( http://www.watchguard.com/products/xtm-main.asp ) appears much more serious, as simple IDSs are not enough against the current arsenal offered to attackers (ip segmentation/fragmentation evasion methods etc).
    What could do Snort against professional hacking? As IDS are deployed before the firewall, trust first your hardening checklist.
    As pointed out by Mrk, what are the chances for a Linux desktop user to be victim of an DDOS for instance...if so (example of scenario:Russian nationalists hacktivisst DDOS attack against Mrk article about Georgia/Russia cyberwar)..then Snort will not help...unplug the modem/box and go walk with the dog...
    A popular anti-IDS tool (for BackTrack users) is Inundator, designed to obfuscate a real attack by generating serial falses positives http://inundator.sourceforge.net/
    Instead of a network based IDS, it is suited to use a host based IDS like OSSEC wich provides interesting antimalwares features (integrity checking)
    http://ossec.net/

    Anyway for those really interested in IDS, i suggest a focused network security distro, Security Onion
    http://code.google.com/p/security-onion/wiki/Beta
    http://securityonion.blogspot.fr/2012/09/security-onion-1204-beta-available-now.html

    rgds
     
Loading...
Thread Status:
Not open for further replies.