centos-stream-9下安装snort2.9【ARM虚拟机版】

Gryffinbit

入侵检测snort

发布于：2022年7月25日

次浏览

前言

安装centos的相关配置，跳转Blog：

centOS-Stream9ARM基础配置

tips:

snort的环境是在centos的SNAT快照下进一步安装的，但由于无法访问互联网，所以会先将enp0s5（外网网卡）切换成共享网络模式，且解除绑定的固定IP，不在需要联网环境时，再恢复到SNAT时的网络环境

ps：

snort官方文档里面给出的版本，才更新到centos8，snort 2.9.16.1 。我根据这个官方文档，把snort-2.9.20安装在了centos9-stream。或许有些未知错误。如果发现了，请在评论区交流学习。

环境配置

CentOS: CentOS-Stream-9, ARM, Parallels虚拟机

CentOS操作用户：在root用户下进行snort部署

snort版本：snort-2.9.20

daq版本： daq-2.0.7

CentOS源：阿里源

更改dnf的源

备份

mv /etc/yum.repos.d/centos.repo /etc/yum.repos.d/centos.repo.backup

换成阿里源

vim /etc/yum.repos.d/centos.repo

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/BaseOS/$basearch/os/
        http://mirrors.aliyuncs.com/centos-stream/$stream/BaseOS/$basearch/os/
        http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/BaseOS/$basearch/os/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
 
#additional packages that may be useful
#[extras]
#name=CentOS-$releasever - Extras - mirrors.aliyun.com
#failovermethod=priority
#baseurl=https://mirrors.aliyun.com/centos-stream/$stream/extras/$basearch/os/
#        http://mirrors.aliyuncs.com/centos-stream/$stream/extras/$basearch/os/
#        http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/extras/$basearch/os/
#gpgcheck=1
#gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/centosplus/$basearch/os/
        http://mirrors.aliyuncs.com/centos-stream/$stream/centosplus/$basearch/os/
        http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/centosplus/$basearch/os/
gpgcheck=1
enabled=0
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official

[PowerTools]
name=CentOS-$releasever - PowerTools - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/PowerTools/$basearch/os/
        http://mirrors.aliyuncs.com/centos-stream/$stream/PowerTools/$basearch/os/
        http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/PowerTools/$basearch/os/
gpgcheck=1
enabled=0
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official


[AppStream]
name=CentOS-$releasever - AppStream - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/AppStream/$basearch/os/
        http://mirrors.aliyuncs.com/centos-stream/$stream/AppStream/$basearch/os/
        http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/AppStream/$basearch/os/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official

dnf makecache

更新系统软件

升级所有包同时也升级软件和系统内核

dnf update -y
dnf install epel-release -y

更正时间

sudo timedatectl set-timezone Asia/Shanghai

下载文件

将下载的文件上传到centos

在官网下载daq和snort2.9的包：https://snort.org/downloads#sources

用物理机下载文件，把他们上传到centos

wget https://snort.org/downloads/snort/daq-2.0.7.tar.gz
wget https://snort.org/downloads/snort/snort-2.9.20.tar.gz

新建snort文件夹

新的snort文件夹，用于存放解压好的刚刚下载的两个文件。

cd /home/root
mkdir snortFile
tar -zxvf daq-2.0.7.tar.gz -C snortFile
tar -zxvf snort-2.9.20.tar.gz -C snortFile

安装相关依赖

安装必要的环境

dnf install gcc gcc-c++ libnetfilter_queue-devel git flex bison zlib zlib-devel pcre pcre-devel libdnet tcpdump libnghttp2 wget xz-devel -y

dnf install make cmake automake autoconf libtool -y

报错找不到这个包：libnetfilter_queue-devel

---

添加仓库 CRB

vim /etc/yum.repos.d/centos.repo

最后一行加入

[crb]
name = =CentOS-$releasever - CRB - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/CRB/$basearch/os/
        http://mirrors.aliyuncs.com/centos-stream/$stream/CRB/$basearch/os/
        http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/CRB/$basearch/os/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official

dnf makecache

再次安装这个包

dnf --enablerepo=crb install libnetfilter_queue-devel -y

安装snort依赖

dnf install libpcap-devel pcre-devel libdnet-devel hwloc-devel openssl-devel zlib-devel luajit-devel pkgconf libmnl-devel libunwind-devel -y

报错

Error: Unable to find a match: libmnl-devel

---

换repo重新安装

dnf install libmnl

dnf --enablerepo=crb install libmnl-devel -y

问题解决！

安装daq依赖

dnf install libnfnetlink-devel libnetfilter_queue-devel -y
dnf install libtirpc-devel

安装daq

安装daq数据采集库

cd snortFile/daq-2.0.7
./configure
make && make install

vim ~/.bash_profile
# 添加路径
PATH=$PATH:/usr/local/bin 

检查所需依赖是否都安装成功

which dnet-config
which pcre-config
which daq-modules-config 

安装snort

进入到snort安装包路径

cd snortFile/snort-2.9.20

编译

./configure --enable-sourcefire
sudo make
make install

编译成功

snort安装成功

snort -v

Ctrl + c 退出

参考文章

centos8 snort安装文档

snort3 centos 8 stream官方安装文档

各个版本安装文档

阿里crb库

找不到的库，就去查官方！会给出下载命令、仓库等各种配置

更新于：2023年1月17日

snort

centos-stream-9

ARM架构

parallels虚拟机