前言
安装centos的相关配置,跳转Blog:
tips:
snort的环境是在centos的SNAT快照下进一步安装的,但由于无法访问互联网,所以会先将enp0s5(外网网卡)切换成共享网络模式,且解除绑定的固定IP,不在需要联网环境时,再恢复到SNAT时的网络环境
ps:
snort官方文档里面给出的版本,才更新到centos8,snort 2.9.16.1 。我根据这个官方文档,把snort-2.9.20安装在了centos9-stream。或许有些未知错误。如果发现了,请在评论区交流学习。
环境配置
CentOS: CentOS-Stream-9, ARM, Parallels虚拟机
CentOS操作用户:在root用户下进行snort部署
snort版本:snort-2.9.20
daq版本: daq-2.0.7
CentOS源:阿里源
更改dnf的源
备份
mv /etc/yum.repos.d/centos.repo /etc/yum.repos.d/centos.repo.backup
换成阿里源
vim /etc/yum.repos.d/centos.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/BaseOS/$basearch/os/
http://mirrors.aliyuncs.com/centos-stream/$stream/BaseOS/$basearch/os/
http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/BaseOS/$basearch/os/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
#additional packages that may be useful
#[extras]
#name=CentOS-$releasever - Extras - mirrors.aliyun.com
#failovermethod=priority
#baseurl=https://mirrors.aliyun.com/centos-stream/$stream/extras/$basearch/os/
# http://mirrors.aliyuncs.com/centos-stream/$stream/extras/$basearch/os/
# http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/extras/$basearch/os/
#gpgcheck=1
#gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/centosplus/$basearch/os/
http://mirrors.aliyuncs.com/centos-stream/$stream/centosplus/$basearch/os/
http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/centosplus/$basearch/os/
gpgcheck=1
enabled=0
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
[PowerTools]
name=CentOS-$releasever - PowerTools - mirrors.aliyun.com
failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/PowerTools/$basearch/os/
http://mirrors.aliyuncs.com/centos-stream/$stream/PowerTools/$basearch/os/
http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/PowerTools/$basearch/os/
gpgcheck=1
enabled=0
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
[AppStream]
name=CentOS-$releasever - AppStream - mirrors.aliyun.com
#failovermethod=priority
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/AppStream/$basearch/os/
http://mirrors.aliyuncs.com/centos-stream/$stream/AppStream/$basearch/os/
http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/AppStream/$basearch/os/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
dnf makecache
更新系统软件
升级所有包同时也升级软件和系统内核
dnf update -y
dnf install epel-release -y
更正时间
sudo timedatectl set-timezone Asia/Shanghai
下载文件
将下载的文件上传到centos
在官网下载daq和snort2.9的包:https://snort.org/downloads#sources
用物理机下载文件,把他们上传到centos
wget https://snort.org/downloads/snort/daq-2.0.7.tar.gz
wget https://snort.org/downloads/snort/snort-2.9.20.tar.gz
新建snort文件夹
新的snort文件夹,用于存放解压好的刚刚下载的两个文件。
cd /home/root
mkdir snortFile
tar -zxvf daq-2.0.7.tar.gz -C snortFile
tar -zxvf snort-2.9.20.tar.gz -C snortFile
安装相关依赖
安装必要的环境
dnf install gcc gcc-c++ libnetfilter_queue-devel git flex bison zlib zlib-devel pcre pcre-devel libdnet tcpdump libnghttp2 wget xz-devel -y
dnf install make cmake automake autoconf libtool -y
报错找不到这个包:libnetfilter_queue-devel
添加仓库 CRB
vim /etc/yum.repos.d/centos.repo
最后一行加入
[crb] name = =CentOS-$releasever - CRB - mirrors.aliyun.com #failovermethod=priority baseurl=https://mirrors.aliyun.com/centos-stream/$stream/CRB/$basearch/os/ http://mirrors.aliyuncs.com/centos-stream/$stream/CRB/$basearch/os/ http://mirrors.cloud.aliyuncs.com/centos-stream/$stream/CRB/$basearch/os/ gpgcheck=1 gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
dnf makecache
再次安装这个包
dnf --enablerepo=crb install libnetfilter_queue-devel -y
安装snort依赖
dnf install libpcap-devel pcre-devel libdnet-devel hwloc-devel openssl-devel zlib-devel luajit-devel pkgconf libmnl-devel libunwind-devel -y
报错
Error: Unable to find a match: libmnl-devel
换repo重新安装
dnf install libmnl
dnf --enablerepo=crb install libmnl-devel -y
问题解决!
安装daq依赖
dnf install libnfnetlink-devel libnetfilter_queue-devel -y
dnf install libtirpc-devel
安装daq
安装daq数据采集库
cd snortFile/daq-2.0.7
./configure
make && make install
vim ~/.bash_profile
# 添加路径
PATH=$PATH:/usr/local/bin
检查所需依赖是否都安装成功
which dnet-config
which pcre-config
which daq-modules-config
安装snort
进入到snort安装包路径
cd snortFile/snort-2.9.20
编译
./configure --enable-sourcefire
sudo make
make install
编译成功
snort安装成功
snort -v
Ctrl + c
退出