Monday , 20 February 2017
Home » English » Install Snort Inline on Centos

Install Snort Inline on Centos

Install Snort Inline on Centos


[root@server3 ~]# wget
[root@server3 ~]# tar zxvf snort_inline-

[root@server3 ~]# mkdir /etc/snort_inline
[root@server3 ~]# mkdir /etc/snort_inline/rules

[root@server3 ~]# cp snort_inline- /etc/* /etc/snort_inline/
[root@server3 ~]# vi /etc/snort_inline/snort_inline.conf

Find row:

# Path to your rules files (this can be a relative path)
#var RULE_PATH /etc/snort_inline/drop-rules

Replate with:
var RULE_PATH /etc/snort_inline/rules

[root@server3 ~]# cd snort_inline- /etc
[root@server3 etc]# cp classification.config /etc/snort_inline/rules/
[root@server3 etc]# cp reference.config /etc/snort_inline/rules/

[root@server3 etc]# mkdir /var/log/snort_inline

[root@server3 ~]# yum -y install mysql-server libpcap-devel

[root@server3 ~]# /etc/init.d/mysqld start
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password ‘new-password’
/usr/bin/mysqladmin -u root -h server3.centos.hva password ‘new-password’

Alternatively you can run:

which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with
cd mysql-test ; perl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at

Support MySQL by buying support/licenses at
[ OK ] Starting MySQL: [ OK ]

Set password root for MySQL
[root@server3 ~]# mysqladmin -u root password centos

Examble : centos is password

[root@server3 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.77 Source distribution

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> create database snort;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on snort.* to snortuser@localhost identified by ’snort’;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

[root@server3 ~]# mysql -u root -p snort < snort_inline- /schemas/create_mysql
Enter password:

[root@server3 ~]# vi /etc/snort_inline/snort_inline.conf

Tìm dòng output alert_fast: snort_inline-fast thêm vào
output database: log, mysql, user=snortuser password=snort dbname=snort host=localhost

checking for pcap_datalink in -lpcap… no

ERROR! Libpcap library/headers not found, go get it from

or use the –with-libpcap-* options, if you have it installed
in unusual place

[root@server3 ~]# wget
[root@server3 ~]# tar zxvf libpcap-1.1.1.tar.gz
[root@server3 ~]# cd libpcap-1.1.1
[root@server3 libpcap-1.1.1]# ./configure
[root@server3 libpcap-1.1.1]# make
[root@server3 libpcap-1.1.1]# make install

ERROR! Libpcre header not found, go get it from

[root@server3 snort_inline-]# cd

[root@server3 ~]# wget
[root@server3 ~]# tar zxvf pcre-8.02.tar.gz
[root@server3 ~]# cd pcre-8.02
[root@server3 pcre-8.02]# ./configure

[root@server3 pcre-8.02]# make
[root@server3 pcre-8.02]# make install

ERROR: unable to find mysql headers (mysql.h)
checked in the following places

[root@server3]# yum install mysql-devel

[root@server3 snort_inline-]# yum install mysql-devel

./configure: line 24184: dnet-config: command not found
./configure: line 24186: dnet-config: command not found
checking libipq.h usability… no
checking libipq.h presence… no
checking for libipq.h… no
configure: error: libipq.h not found …

# yum install iptables-devel

checking dnet.h presence… no
checking for dnet.h… no

ERROR! Libdnet header not found, go get it from or use the –with-dnet-*
options, if you have it installed in an unusual place

[root@server3 ~]# wget
[root@server3 ~]# tar zxvf libdnet-1.11.tar.gz
[root@server3 ~]# cd libdnet-1.11
[root@server3 libdnet-1.11]# ./configure
[root@server3 libdnet-1.11]# make
[root@server3 libdnet-1.11]# make install

[root@server3 snort_inline-]# ./configure –with-mysql
[root@server3 snort_inline-]# make
[root@server3 snort_inline-]# make install

[root@server3 ~]# snort_inline -Q -v -c /etc/snort_inline/snort_inline.conf -l /var/log/snort_inline
Reading from iptables
Running in IDS mode
Initializing Inline mode
InitInline: : Failed to send netlink message: Connection refused

[root@server3 ~]# modprobe ip_queue
[root@server3 ~]# lsmod | grep ip_queue
ip_queue 14561 0

[root@server3 ~]# iptables -A INPUT -j QUEUE

[root@server3 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[root@server3 ~]# ps -ef | grep snort_inline
root 3163 2989 0 15:23 pts/0 00:00:00 grep snort_inline

[root@server3 ~]# vi /etc/init.d/snort_inlined

# snort_inline

# Start daemons.
echo “Starting ip_queue module:”
lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;
echo “Starting iptables rules:”
# iptables traffic sent to the QUEUE:
# accept internal localhost connections
iptables -A INPUT -i lo -s -d -j ACCEPT
iptables -A OUTPUT -o lo -s -d -j ACCEPT
# send all the incoming, outgoing and forwarding traffic to the QUEUE
iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE
iptables -A OUTPUT -j QUEUE
# Start Snort_inline
echo “Starting snort_inline: ”
/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -D -v \
-l /var/log/snort_inline
# -Q -> process the queued traffic
# -D -> run as a daemon
# -v -> verbose
# -l -> log path
# -c -> config path

stop() {
# Stop daemons.
# Stop Snort_Inline
# echo “Shutting down snort_inline: ”
killall snort_inline
# Remove all the iptables rules and
# set the default Netfilter policies to accept
echo “Removing iptables rules:”
iptables -F
# -F -> flush iptables
iptables -P INPUT ACCEPT
# -P -> default policy


case “$1″ in



echo $”Usage: $0 {start|stop|restart|}”
exit 1

[root@server3 ~]# chmod 755 /etc/init.d/snort_inlined
[root@server3 ~]# /etc/init.d/snort_inlined restart


[root@server3 ~]# snort_inline -Q -v -c /etc/snort_inline/snort_inline.conf -l /var/log/snort_inline
Reading from iptables
Running in IDS mode
Initializing Inline mode

–== Initializing Snort ==–
Initializing Output Plugins!

See more:

If you want to see the password on laptop?

Lượt xem (2066)

About Nguyễn Thanh Sơn

Nguyễn Thanh Sơn
Network Security, Web Design, Computer Science

Xem thêm


Denial of service vulnerability in the OpenSSL serious

OpenSSL founder recently batch processing flaw in their coding library includes a serious flaw could …

Để lại bình luận:

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *