Autosnort v1 for Ubuntu 12.04

[Tony Robinson <deusexmachina667 () gmail com>]

Hello Snort Users!



My name is Tony Robinson, and I often go by da_667 as my handle in
cyberspace.  Are you sick and tired of people telling you how snort is so
hard to set up? That all that work isn’t worth it? How it is pain to gather
all the packages, read the (very) well put together documentation or
download all the different parts to get a full-blown snort install working?
Well, I would like to introduce a little project I’m working on called
Autosnort.


Autosnort is a simple script written in bash that will take an Ubuntu 12.04
system (32 or 64-bit) and essentially follow David Gullett’s Ubuntu 12.04
snort installation guide from base install to finish – It installs snort
2.9.3 (can easily be modified to install 2.9.3.1), barnyard 2 and snort
report automagically. If you provide the install with a snort rules
snapshot tarball that is compatible with the snort release (e.g.
snortrules-snapshot-2930.tar.gz – registered user or subscriber edition)
the script will copy the 32 or 64-bit Ubuntu precompiled rules (as
appropriate) and modify snort.conf to use them.  The script will configure
the interface you will be running snort against to be brought up at boot
and will configure snort and barnyard to run at startup as well. This
script will take you from 0 to a full snort in less than an hour!


All you have to do is download the script, run chmod u+x against the script
(to make it executable) then run the script as root (sudo su – then
./autosnort.sh or sudo ./autosnort.sh) and follow the on-screen prompts as
they come up. The script verifies you ran it as the root user, confirms
internet connectivity, confirms it is being ran on Ubuntu 12.04, then goes
through the entire install process, ending with a recommendation to reboot
the system to apply system updates and changes.


This script is only the beginning. I have a massive to-do list that
involves porting the script to run on Debian, CentOS/Redhat, Backtrack 5r2
and r3 in addition to various feature enhancements such as automated inline
mode configuration, selection of alternate web frontends (i.e. BASE and
snorby in addition to snort report), a barebones, no mysql, no web
front-end, syslog only (intended for SIEM integration) configuration, and
pulled pork integration in addition to other plans.

If this script sounds like something you are interested in, I’m releasing
it as an open-source project under the MIT license at
github<https://github.com/da667/Autosnort>.
So if you want to take a copy of the code and get autosnort to drop a snort
install on Gentoo or GNU/HURD by all means, I would love to see it! My
e-mail address is deusexmachina667 () gmail com and my twitter is @da_667.


Special thanks to Joel Esler for posting this to blog.snort.org and to
David Gullett for the awesome snort 2.9.3 guide for me to base this off of.

I'm attaching a copy of the script and a sha1sum of Autosnort.zip if you
don't want to visit github. Let me re-iterate that this is an open-source
project and you are free to use it and improve it as you see fit!

Happy Snorting!

Attachment: autosnort.sha1
Description:

Attachment: Autosnort.zip
Description:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!