MetU 2007 ____ _ _ _ _ ___ / ___| _ __ ___ _ __| |_ __ _| |_| |_ __ _ ___| | __ / _ \ _ __ __ _ \___ \| '_ \ / _ \| '__| __/ _` | __| __/ _` |/ __| |/ /| | | | '__/ _` | ___) | | | | (_) | | | || (_| | |_| || (_| | (__| < | |_| | | | (_| | |____/|_| |_|\___/|_| \__\__,_|\__|\__\__,_|\___|_|\_(_)___/|_| \__, | |___/ ADVERTISING : Warnings and rules for the correct use of the site and community www.snortattack.org/net/com. www.snortattack.org/net/com leave any responsability of the true and precision of the informations, from text images and animations online on the site and transmitted by email. User of the site accept the data of the site at own risk, snortattack decline any responsability of it. The Admin or the Moderators can change, delete or update any informations in any moment. Snortattack.org/net/com is not responsable about the content of the forum or banner, and the link. Any text, image and animations in the site is protected by copiright of the rispected owners. The message in the forum isn't check in any time, snortattack.org/net/com decline any responsability of it. ------------------------------------------ Debian install script: www.snortattack.it/install-snort.tar.gz ------------------------------------------ # 1.Install The Debian (minimal installation) kernel 2.6.x # # This script is compatible with debian release 3.1 and 4.0 # Tested on debian 3.1r05a, 3.1r5 and debian 4.0r0 # # Setup network connection # Setup apt repository (debian stable) # and you should run (as root): # # apt-get update (OPTIONAL) # # apt-get upgrade (OPTIONAL) # # 2.Download the snortattack tar.gz # # $ cd / # $ wget http://www.snortattack.it/install-snort.tar.gz # $ tar -zxvf install-snort.tar.gz # $ cd /snortattack # # The files must stay in this path: /snortattack/ # # 3.Open with your favourite text editor install.conf and setup the variable # # $ nano install.conf # # 4.Start apt.sh or use the snort static binary (as root) # # $ su root # $ (enter the password) # # cd /snortattack # # sh apt.sh # (you must have debian base repository in /etc/apt/sources.list) # (deb http://ftp.it.debian.org/debian stable main contrib non-free) # # Install some packet with the aptlist from snortattack # leave the default options and press enter to confirm # the configuration. # if there is some error with the packet name try to search it with: # # # apt-cache search paketname # # and install with: # # # apt-get install packetname # # to force install, search and fix error: # # # apt-get -f install # # If you want to use snort static binary from snortattck.org : # # # sh snort-static.sh (optional) # # Your kernel must have this option enable : # # Packet socket: mmapped IO # # You can choose to update your kernel by change # the variable UPDATE_KERNEL="y" in install.conf # Not tested yet! # Use only if your kernel version is < 2.6.18 # # 5.Start download-pkts.sh # # # sh download-pkts.sh # # Download some packet with the mirrorlist from snortattack # if there is some error with the mirror try to search it in internet. # # 6.Start install-pkts.sh # # # sh install-pkts.sh # # Update the kernel and install all the pkts . # At the end you should see : # # ,,_ -*> Snort_Inline! <*- # o" )~ Version 2.4.5 (Build 29) # '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html # (C) Copyright 1998-2005 Sourcefire Inc., et al. # Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness, # Dave Remien, Rob McMillen and Jed Haile # NOTE: Snort's default output has changed in version 2.4.1! # The default logging mode is now PCAP, use "-K ascii" to activate # the old default logging mode. # # ,,_ -*> Snort! <*- # o" )~ Version 2.6.0.2 (Build 85) inline # '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html # (C) Copyright 1998-2006 Sourcefire Inc., et al. # # 7.Start mysql-setup.sh # # # sh mysql-setup.sh # # Setup the mysql snort database with the correct permission # # 8.Start bridge-setup.sh # # # sh bridge-setup.sh # # (don't do this in ssh session) # Create the bridge (br0) with two lan interfaces (eth0,eth1) # # 9.Start snort-config.sh # # # sh snort-config.sh # # Setup snort_inline.conf and download the last rules # with oinkmaster.conf provided by snortattack.org # You have to register to snort.org and obtain the oinkcode! # Howto --> www.snortattack.it/oink/eng.html # # Don't warry if clamav version is 0.88.7 # Snort diff doesn't work with 0.90.x yet # # 10.Start snort-try.sh # # # sh snort-try.sh # # Modprobe ipqueue and setup iptables. # Start snort or snort_inline daemon # # 11.Start stats-ips.sh # # # sh stats-ips.sh # # Show the state of the bridge and the iptables queue. # Connect cross cable to your pc and surf the web, verify # the queue size and the network connection. # # You should see : # # Iptables queue : # Chain INPUT (policy ACCEPT 24946 packets, 4782K bytes) # pkts bytes target prot opt in out source destination # # Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) # pkts bytes target prot opt in out source destination # 13M 8646M QUEUE all -- any any anywhere anywhere # 0 0 ACCEPT all -- any any anywhere anywhere # # Chain OUTPUT (policy ACCEPT 55290 packets, 7393K bytes) # pkts bytes target prot opt in out source destination # # Network Interface status: # eth0: negotiated 100baseTx-FD, link ok # eth1: negotiated 100baseTx-FD, link ok # # 12.Start snort-auto.sh # # # sh snort-auto.sh # # Create a new rc file in /etc/rc2.d/S999snortattack.sh # # Install finish! # # Stay tuned with this script : # # 13.Start visual-install.sh (optional) # # # sh visual-install.sh # # Install base and pmgraph # try to look at http://localhost/base/ (NOT TESTED YET) # follow the step and install # look at http://localhost/usage/ # # 14.To insert a false/positive rules in oinkmaster.conf use disable-sid.sh # # $ sh disable-sid.sh # # 15.To stay update with the ruleset use snort-update.sh # # # sh rules-update.sh # # Nb. Snort.org accept one download per 10 minutes. # # 16.To perform some useful operation with cron, use crontab-setup.sh # # # sh crontab-setup.sh # # Insert in the crontab this command : # # 0 0 * * * /snortattack/snort-update.sh # */30 * * * * freshclam # */30 * * * * /snortattack/pmgraph-0.2/pmgraph.pl ..usage/ ..perform.txt # # if you don't execute visual-install.sh remove the last entry in crontab # # # crontab -e # # 17.To tuning your ips use tuning-ips.sh # # # sh tuning-ips.sh # # Modprobe ipconntrack and setup some useful parameters. # Look at the script for other info. # If you want to enable tuning at boot edit TUNING="y" in install.conf # # Possible error : # # Sorry, you are not root. # $ su root # $ (enter the password) # # Sorry, List unavailable. # verify your connection and try again. # $ wget http://www.snortattack.org/files/apt.txt # Send an email at admin@snortattack.org if the problem persist. # # Sorry, mirror.sh not found. # verify the correct path of mirror.sh or get it and try again. # $ wget http://www.snortattack.org/files/mirror.sh # Send an email at admin@snortattack.org if the problem persist. # # If there is some error with the installation send an email to mailinglist. #