1.安装依赖
sudo yum install gcc flex bison zlib zlib-devel libpcap libpcap-devel pcre pcre-devel libdnet libdnet-devel tcpdump2.Snort安装
2.1 snort&daq安装
yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm
yum install https://www.snort.org/downloads/snort/snort-2.9.9.0-1.centos7.x86_64.rpm在安装snort的时候可能会报错:缺少libnghttp2.so.14()(64bit). 请尝试:
sudo yum install epel-release -y
sudo yum install nghttp2再次安装即可.
2.2 规则下载
Snort官方提供的三类规则:
Community rules:无需注册or购买,可直接下载使用
Registered rules:需要注册才可以下载(建议大家用这个,只需要注册即可,可以说是零成本)
Subscriber rules:需要注册花钱购买注册登录之后根据你下载的snort版本下载即可,这里我用的是最新版本即2.9.9.0,同样的对国内不是很友好,我已经上传至网盘.
2.3 规则解压
tar -xvf snortrules-snapshot-.tar.gz -C /etc/snort/rules
