Overview: What’s Snort?
Snort is an open source Intrusion Detection/Prevention application (IPS)
written in 1998 by Marty Roesch. It is the world’s most widely used IPS and
has been downloaded over 4 million times. The 250,000+ active Snort
users worldwide contribute new rules, plugins and complimentary
applications to work with Snort.
Scope and Limitations
This paper covers Snort, not Linux system, web or database administration
and is offered with no explicit or implied warranty. All code referenced in
this paper is open source.
This paper is focused on the initial installation of Snort with some
supporting applications. Tuning, rule writing, policy definition and other
operational issues are outside this scope.
Why CentOS instead of Fedora?
Mostly due to the author’s lack of Linux skills and general laziness, Fedora
15 threw up some road blocks in the way it had been installed before.
CentOS is a reasonable substitute for most of the Red Hat Linux flavors. If
someone out there is really upset by this substitution, I would encourage
that person to write a set up guide for Fedora.
Assumptions
This paper will cover the installation of Snort 2.9.1 on CentOS 5.6 with:
• MySQL 5.0.77
• Libdnet
• Libpcap 1.0.0-5
• SnortReport 1.3.1
• Barnyard2-1.9
• Apache 2.2.11
• Using VMWare
Why Snort in VM?
As a laptop user, I am mobile and often have to use public guest networks,
such as those in hotels, coffee shops and others. One never knows when
