Wednesday, April 11, 2007

Snort 3.0 Pre Alpha

Marty has recently released snort 3.0 pre alpha version, I'm curious to see what has been implemented in it so far, it should be worth to spend some times looking into it. To get snort 3.0 to installed on FreeBSD, it is kind of quicky.

Getting all the dependencies -

shel>pkg_add -vr libdnet

shell>pkg_add -vr lua51

Download snort 3.0 and install -

shell>wget http://www.snort.org/users/roesch/code/snort-03.0.0.a1.4.tar.gz

shell>tar xvzf snort-03.0.0.a1.4.tar.gz

shell>cd snort-03.0.0.a1.4

shell>./configure --prefix=/usr/local/stow/snort-03a14

shell>make && make install

Then copy the configuration files to the prefix directory manually -

shell>cp -fR etc ./usr/local/stow/snort-03a14

Running snort -

shell>cd /usr/local/stow/snort-03a14/bin

shell>./snort
[*] DAQ Modules Loaded...
[*] Loading decoder modules
[+] Loaded ethernet
[+] Loaded null
[+] Loaded arp
[+] Loaded ip
[+] Loaded tcp
[+] Loaded udp
[+] Loaded icmp
[+] Loaded icmp6
[+] Loaded gre
[+] Loaded mpls
[+] Loaded 8021q
[+] Loaded ipv6
[+] Loaded ppp
[+] Loaded pppoe
[+] Loaded raw
[*] Decoder initialized...
[*] Flow manager initialized...
[*] Data source subsystem loaded
[*] Engine manager initialized
[*] Loading command interface
[!] Loading sfips command metatable
[!] Loading data source command metatable
[!] Loading engine command metatable
,,_ -*> Snort! <*- o" )~ Version 03.0.0.a1.4 (Build 7) [PRE-ALPHA] '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 2006 Sourcefire Inc. Load its configuration file and you will get the snort CLI -

> dofile("../etc/snort.lua")
snort>

Looking for helps for the operation of snort 3 system?

snort> sfips.help()
[*] SFIPS Commands:
help()
set_log_level( [debug|info|notice|warn|error|critical] )
shutdown()

Shut it down gracefully

snort> sfips.shutdown()

I suggest you check out other useful functions at -

http://www.snort.org/users/roesch/Site/Snort%203.0.html

There will be some significant changes in snort 3.0 comparing to 2.x, thus it's good to get your hand dirty with it early. Lua scripting language seems to be interesting to learn.

Happy snorting! Oink oink ...

Cheers (;])
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)