Previously, we discussed:
- What is a firewall and how does it work?
- What is an Intrusion Detection System (IDS), and how does it work?
- How to configure the iptables firewall on Linux?
- How to make iptables rules permanent across system reboots?
We also discussed a few attacks:
As we know, an Intrusion Detection System or IDS inspects all inbound and outbound traffic on a system and detects suspected attacks. In this article, we will discuss how to install the Snort Intrusion Detection System on a Linux system.
So, let’s start.
1. Install LAMP Server:
LAMP suite is Linux-Apache-Mysql-PHP. We would need to install this for our Snort IDS. To do that, first, install tasksel and then the lamp server.
# sudo apt-get install tasksel # sudo tasksel install lamp-server
You will be prompted for MySQL root password during the installation process. Give a password and remember it. You would again need it later.
2. Create a Snort database :
Follow the steps mentioned below to create the snort database :
# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 42 Server version: Ubuntu Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> create database snort; Query OK, 1 row affected (0.05 sec) mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON snort.* TO 'snort'@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye #
0 Comments