How to Set Up an Independent IDS/IPS Lab Enviroment (Using Snort, Pytbull, Eclipse and Tomcat)

Install the required packets using: Sudo apt-get install flex bison build-essential checkinstall Sudo apt-get install libpcap-dev libnet1-dev libpcre3-dev Sudo apt-get install libmysqlclient15-dev libnetfilter-queue-dev iptables-dev; , Download...

33 Steps 2 min read Advanced

Step-by-Step Guide

Step 1: Install the required packets using: Sudo apt-get install flex bison build-essential checkinstall Sudo apt-get install libpcap-dev libnet1-dev libpcre3-dev Sudo apt-get install libmysqlclient15-dev libnetfilter-queue-dev iptables-dev;

Download from: https://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=.

Alternatively, you can search for it online. ,,,, : " Then when it reads ">>".

Press Enter again Enter when it reads "Enter a number to change any of them or press ENTER to continue" Type "n" and Enter when it reads "Do you want me to list them? " Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) : " Install the package: sudo dpkg
-i libdnet_1.12-1_amd64.deb ,, Download it from: https://www.snort.org/downloads, or the https://www.snort.org, or search online for it. , If in main directory then type cd Downloads ,,, : " Then when it reads ">>".

Press Enter again Enter when it reads "Enter a number to change any of them or press ENTER to continue" Type "n" and Enter when it reads "Do you want me to list them? " Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) : "

, Download it from https://www.snort.org/downloads or the https://www.snort.org or search for it online. , If in main directory then type cd Downloads ,,, : " Then when it reads ">>".

Press Enter again Enter when it reads "Enter a number to change any of them or press ENTER to continue" Type "n" and Enter when it reads "Do you want me to list them? " Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) : "

,,,,, Download it from https://www.snort.org/downloads or the https://www.snort.org or search online for it. , If in main directory then type cd Downloads ,,,, Eg: sudo vi /etc/snort/snort.conf Change Line 104 from "var RULE_PATH ../rules" to "var RULE_PATH /etc/snort/rules" Change Line 105 from "var SO_RULE_PATH ../so_rules" to "var SO_RULE_PATH /etc/snort/so_rules" Change Line 105 from "var PREPROC_RULE_PATH ../preproc_rules" to "var PREPROC_RULE_PATH /etc/snort/preproc_rules" Change Line 109 from "var WHITE_LIST_PATH ../rules" to "var WHITE_LIST_PATH /etc/snort/rules" Change Line 110 from "var BLACK_LIST_PATH ../rules" to "var BLACK_LIST_PATH /etc/snort/rules" Save and Exit , sudo snort
-T
-i eth0
-u snort
-g snort
-c /etc/snort/snort.conf
Step 2: Download libdnet-1.12.tgz.
Step 3: Switch to the directory where the file was saved (this should be Downloads): cd Downloads
Step 4: Untar the file tar xvfz libdnet-1.12.tgz
Step 5: Change into libdnet-1.12 directory: cd libdnet-1.12
Step 6: Compile libdnet ./configure "CFLAGS=-fPIC" make sudo checkinstall Type "y" and Enter when it reads "Should I create a default set of package docs?
Step 7: Create the required symbolic link sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
Step 8: Download daq-2.0.4.tar.gz.
Step 9: Switch to the directory where the file was saved (this should be Downloads): If still inside libdnet-1.12 then type cd ..
Step 10: Untar the file: tar xvfvz daq-2.0.4.tar.gz
Step 11: Change into daq-2.0.4 directory: cd daq-2.0.4
Step 12: Compile daq (Similar to how we compiled libdnet): ./configure make sudo checkinstall Type "y" and Enter when it reads "Should I create a default set of package docs?
Step 13: Install the package: sudo dpkg -i daq_2.0.4-1_amd64.deb
Step 14: Download snort-2.9.7.0.tar.gz.
Step 15: Switch to the directory where the file was saved (should be Downloads): If still inside libdnet-1.12 or daq.2.0.4
Step 16: then type cd ..
Step 17: Untar the file: tar xvfvz snort-2.9.7.0.tar.gz
Step 18: Change into snort-2.9.7.0 directory: cd snort-2.9.7.0
Step 19: Compile snort (Similar to how we compiled libdnet and daw): ./configure make sudo checkinstall Type "y" and Enter when it reads "Should I create a default set of package docs?
Step 20: Install the package: sudo dpkg -i snort_2.9.7.0-1_amd64.deb
Step 21: Create the required symbolic link: sudo ln -s /usr/local/bin/snort /usr/sbin/snort sudo ldconfig -v
Step 22: Verify the snort version by typing: snort -V
Step 23: Make snort an individual user with no login for network security: sudo groupadd snort sudo useradd snort -d /var/log/snort/ -s /sbin/nologin -c SNORT_IDS -g snort sudo mkdir /var/log/snort sudo chown snort:snort /var/log/snort
Step 24: In order to download the default snort rule-set
Step 25: you will have to create a log in at https://www.snort.org.
Step 26: Download snortrules-snapshot-2970.tar.gz.
Step 27: Switch to the directory where the file was saved (should be Downloads): If still inside libdnet-1.12 or daq.2.0.4 or snort-2.9.7.0 then type cd ..
Step 28: Make a new directory for the rules: sudo mkdir /etc/snort
Step 29: Untar the file sudo tar xvfvz snortrules-snapshot-2970.tar.gz -C /etc/snort/
Step 30: Configure the rule-set: sudo touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules sudo mkdir /usr/local/lib/snort_dynamicrules sudo chown -R snort:snort /etc/snort/* sudo mv /etc/snort/etc/* /etc/snort/
Step 31: Update snort config file: Use any editor you are familiar with (vim
Step 32: pico) and open /etc/snort/snort.conf with sudo permissions.
Step 33: Verify that snort is fully functional with the default rule-set listening to all the traffic on the network by running it in test mode.

Detailed Guide

Download from: https://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=.

Alternatively, you can search for it online. ,,,, : " Then when it reads ">>".

Press Enter again Enter when it reads "Enter a number to change any of them or press ENTER to continue" Type "n" and Enter when it reads "Do you want me to list them? " Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) : " Install the package: sudo dpkg
-i libdnet_1.12-1_amd64.deb ,, Download it from: https://www.snort.org/downloads, or the https://www.snort.org, or search online for it. , If in main directory then type cd Downloads ,,, : " Then when it reads ">>".

Press Enter again Enter when it reads "Enter a number to change any of them or press ENTER to continue" Type "n" and Enter when it reads "Do you want me to list them? " Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) : "

, Download it from https://www.snort.org/downloads or the https://www.snort.org or search for it online. , If in main directory then type cd Downloads ,,, : " Then when it reads ">>".

Press Enter again Enter when it reads "Enter a number to change any of them or press ENTER to continue" Type "n" and Enter when it reads "Do you want me to list them? " Type "y" and Enter when it reads "Should I exclude them from the package? (Saying yes is a good idea) : "

,,,,, Download it from https://www.snort.org/downloads or the https://www.snort.org or search online for it. , If in main directory then type cd Downloads ,,,, Eg: sudo vi /etc/snort/snort.conf Change Line 104 from "var RULE_PATH ../rules" to "var RULE_PATH /etc/snort/rules" Change Line 105 from "var SO_RULE_PATH ../so_rules" to "var SO_RULE_PATH /etc/snort/so_rules" Change Line 105 from "var PREPROC_RULE_PATH ../preproc_rules" to "var PREPROC_RULE_PATH /etc/snort/preproc_rules" Change Line 109 from "var WHITE_LIST_PATH ../rules" to "var WHITE_LIST_PATH /etc/snort/rules" Change Line 110 from "var BLACK_LIST_PATH ../rules" to "var BLACK_LIST_PATH /etc/snort/rules" Save and Exit , sudo snort
-T
-i eth0
-u snort
-g snort
-c /etc/snort/snort.conf

About the Author

Amber Cooper

Committed to making hobbies accessible and understandable for everyone.

59 articles

View all articles

Share this guide: Twitter Facebook Email

Rate This Guide

How helpful was this guide? Click to rate:

Step-by-Step Guide

Step 1: Install the required packets using: Sudo apt-get install flex bison build-essential checkinstall Sudo apt-get install libpcap-dev libnet1-dev libpcre3-dev Sudo apt-get install libmysqlclient15-dev libnetfilter-queue-dev iptables-dev;

Step 2: Download libdnet-1.12.tgz.

Step 3: Switch to the directory where the file was saved (this should be Downloads): cd Downloads

Step 4: Untar the file tar xvfz libdnet-1.12.tgz

Step 5: Change into libdnet-1.12 directory: cd libdnet-1.12

Step 6: Compile libdnet ./configure "CFLAGS=-fPIC" make sudo checkinstall Type "y" and Enter when it reads "Should I create a default set of package docs?

Step 7: Create the required symbolic link sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

Step 8: Download daq-2.0.4.tar.gz.

Step 9: Switch to the directory where the file was saved (this should be Downloads): If still inside libdnet-1.12 then type cd ..

Step 10: Untar the file: tar xvfvz daq-2.0.4.tar.gz

Step 11: Change into daq-2.0.4 directory: cd daq-2.0.4

Step 12: Compile daq (Similar to how we compiled libdnet): ./configure make sudo checkinstall Type "y" and Enter when it reads "Should I create a default set of package docs?

Step 13: Install the package: sudo dpkg -i daq_2.0.4-1_amd64.deb

Step 14: Download snort-2.9.7.0.tar.gz.

Step 15: Switch to the directory where the file was saved (should be Downloads): If still inside libdnet-1.12 or daq.2.0.4

Step 16: then type cd ..

Step 17: Untar the file: tar xvfvz snort-2.9.7.0.tar.gz

Step 18: Change into snort-2.9.7.0 directory: cd snort-2.9.7.0

Step 19: Compile snort (Similar to how we compiled libdnet and daw): ./configure make sudo checkinstall Type "y" and Enter when it reads "Should I create a default set of package docs?

Step 20: Install the package: sudo dpkg -i snort_2.9.7.0-1_amd64.deb

Step 21: Create the required symbolic link: sudo ln -s /usr/local/bin/snort /usr/sbin/snort sudo ldconfig -v

Step 22: Verify the snort version by typing: snort -V

Step 23: Make snort an individual user with no login for network security: sudo groupadd snort sudo useradd snort -d /var/log/snort/ -s /sbin/nologin -c SNORT_IDS -g snort sudo mkdir /var/log/snort sudo chown snort:snort /var/log/snort

Step 24: In order to download the default snort rule-set

Step 25: you will have to create a log in at https://www.snort.org.

Step 26: Download snortrules-snapshot-2970.tar.gz.

Step 27: Switch to the directory where the file was saved (should be Downloads): If still inside libdnet-1.12 or daq.2.0.4 or snort-2.9.7.0 then type cd ..

Step 28: Make a new directory for the rules: sudo mkdir /etc/snort

Step 29: Untar the file sudo tar xvfvz snortrules-snapshot-2970.tar.gz -C /etc/snort/

Step 30: Configure the rule-set: sudo touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules sudo mkdir /usr/local/lib/snort_dynamicrules sudo chown -R snort:snort /etc/snort/* sudo mv /etc/snort/etc/* /etc/snort/

Step 31: Update snort config file: Use any editor you are familiar with (vim

Step 32: pico) and open /etc/snort/snort.conf with sudo permissions.

Step 33: Verify that snort is fully functional with the default rule-set listening to all the traffic on the network by running it in test mode.

Detailed Guide

About the Author

Amber Cooper

Rate This Guide

More from Other Guides

How to Identify Prints

How to Pick a Stage Name

How to Sit Through Opera

Related Guides

How to Spot the Symptoms of Diabetes

How to Start a Girls Only Club

How to Make a Short Movie