Snort mailing list archives
Autosnort v1 for Ubuntu 12.04
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Wed, 22 Aug 2012 15:58:06 -0400
Hello Snort Users! My name is Tony Robinson, and I often go by da_667 as my handle in cyberspace. Are you sick and tired of people telling you how snort is so hard to set up? That all that work isn’t worth it? How it is pain to gather all the packages, read the (very) well put together documentation or download all the different parts to get a full-blown snort install working? Well, I would like to introduce a little project I’m working on called Autosnort. Autosnort is a simple script written in bash that will take an Ubuntu 12.04 system (32 or 64-bit) and essentially follow David Gullett’s Ubuntu 12.04 snort installation guide from base install to finish – It installs snort 2.9.3 (can easily be modified to install 2.9.3.1), barnyard 2 and snort report automagically. If you provide the install with a snort rules snapshot tarball that is compatible with the snort release (e.g. snortrules-snapshot-2930.tar.gz – registered user or subscriber edition) the script will copy the 32 or 64-bit Ubuntu precompiled rules (as appropriate) and modify snort.conf to use them. The script will configure the interface you will be running snort against to be brought up at boot and will configure snort and barnyard to run at startup as well. This script will take you from 0 to a full snort in less than an hour! All you have to do is download the script, run chmod u+x against the script (to make it executable) then run the script as root (sudo su – then ./autosnort.sh or sudo ./autosnort.sh) and follow the on-screen prompts as they come up. The script verifies you ran it as the root user, confirms internet connectivity, confirms it is being ran on Ubuntu 12.04, then goes through the entire install process, ending with a recommendation to reboot the system to apply system updates and changes. This script is only the beginning. I have a massive to-do list that involves porting the script to run on Debian, CentOS/Redhat, Backtrack 5r2 and r3 in addition to various feature enhancements such as automated inline mode configuration, selection of alternate web frontends (i.e. BASE and snorby in addition to snort report), a barebones, no mysql, no web front-end, syslog only (intended for SIEM integration) configuration, and pulled pork integration in addition to other plans. If this script sounds like something you are interested in, I’m releasing it as an open-source project under the MIT license at github<https://github.com/da667/Autosnort>. So if you want to take a copy of the code and get autosnort to drop a snort install on Gentoo or GNU/HURD by all means, I would love to see it! My e-mail address is deusexmachina667 () gmail com and my twitter is @da_667. Special thanks to Joel Esler for posting this to blog.snort.org and to David Gullett for the awesome snort 2.9.3 guide for me to base this off of. I'm attaching a copy of the script and a sha1sum of Autosnort.zip if you don't want to visit github. Let me re-iterate that this is an open-source project and you are free to use it and improve it as you see fit! Happy Snorting!
Attachment:
autosnort.sha1
Description:
Attachment:
Autosnort.zip
Description:
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Autosnort v1 for Ubuntu 12.04 Tony Robinson (Aug 22)