In
our previous article we had discussed “Manually Snort Installation” in your
system but there is another method also available by apt-repository which reduce your manually effort and automatically
configure snort in your system.
Snort is software created by Martin Roesch,
which is widely use as Intrusion Prevention System [IPS] and Intrusion
Detection System [IDS] in network. It is separated into the five most
important mechanisms for instance: Detection engine, Logging and alerting
system, Packet decoder, Preprocessor and Output modules.
The program is quite famous to carry out real-time
traffic analysis, also used to detect query or attacks, packet
logging on Internet Protocol networks, to detect malicious
activity, denial of service attacks and port scans by monitoring network
traffic, buffer overflows, server message block probes, and
stealth port scans.
Snort can be configured in three main modes:
·
Sniffer mode: it will observe network packets
and present them on the console.
·
Packet logger mode: it will record packets to
the disk.
·
Intrusion detection mode: the program will
monitor network traffic and analyze it against a rule set defined by the user.
After that the application will execute a precise action
depend upon what has been identified.
Let’s Begin!!
Snort Installation
We
had chosen ubuntu 16.02 operating system for installation and
configuration of snort. Earlier than installing snort in your machine, you
should need to install necessary dependencies of ubuntu.
Check
your network interface configuration by executing ifconfig command;
from here I came to know 192.168.1.107 is my network IP.
Earlier than installing snort in your machine, you should
need to install necessary dependencies of ubuntu. Therefore open the terminal
and type given below command to install pre-requisites by a making update.
sudo apt-get update
It is an easiest way to install and configure the snort is
your system because all its requirement whether it is snort rules directory or
logging directory every packages is are stored by apt repository. Enter given
below command to begin the snort installations.
sudo apt-get install
snort*
By defaut eth0 is listening interface is set in
snort configuration since my network belongs to ens33, therefore I choose it
as listening interface as shown in given below image.
In next configuration step it will ask to enter CIDR value
for address range for local network. From given image you can observe I had
mention CIDR 192.168.1.1/24 for a
range of 256 address.
You can also multiple values by using comma without space to
separate those address
After then open the configuration file using gedit for
making some changes inside.
sudo gedit /etc/snort/snort.conf
Scroll down the text file near line number 45 to
specify your network for protection as shown in given image.
#Setup the network addresses you are protecting
ipvar HOME_NET 192.168.1.1/24
Now run given below command to enable IDS mode of snort
sudo snort -A console
-i ens33 -c /etc/snort/snort.conf
Now it will compile the complete file and test the
configuration setting automatically as shown in given below image:
Great!! We
had successfully configured snort as IDS for protecting our network.
[Note: If apt-
repository get failed to install snort then go with manual configuration from here.]
0 comments:
Post a Comment