Wednesday, December 8, 2010

Snort 2.9.0.2 on FreeBSD i386 the easy way!

This is a quick posting to help you get Snort 2.9.0.x up and running on your FreeBSD!

I can't make it much easier than this, I have created new ports for Snort 2.9.0.2 and DAQ 0.4 (and subsequently packages) that you can install directly.  The ports are submitted so look for the following in your ports tree:

updated: /usr/ports/security/snort
new: /usr/ports/security/daq


Components required:
  • Fresh FreeBSD Install
    • Miminal (i386)
  • Access to the internet from said BSD boxen
  • Basic knowledge of Snort

Once you have the above handled, you can issue the following command:
$ pkg_add -r http://www.rootedyour.com/enhanced/snort/snort-2.9.0.2.tbz

Output from the command on a Freshly installed FreeBSD Mimimal system:
$ pkg_add -r http://www.rootedyour.com/enhanced/snort/snort-2.9.0.2.tbz
Fetching http://www.rootedyour.com/enhanced/snort/snort-2.9.0.2.tbz... Done.
Fetching http://www.rootedyour.com/enhanced/All/libpcap-1.1.1.tbz... Done.
Fetching http://www.rootedyour.com/enhanced/All/libdnet-1.11_3.tbz... Done.
Fetching http://www.rootedyour.com/enhanced/All/daq-0.4.tbz... Done.

Some checksums for your reviewing pleasure:
  • MD5 (daq-0.4.tbz) = 249d2d79fc03eb2d4e2e133da505d146
  • MD5 (libdnet-1.11_3.tbz) = b861399b4710825419240a6443ec0eb9
  • MD5 (libpcap-1.1.1.tbz) = 678ec713419066c884ceda82ebcfe66f
  • MD5 (pcre-8.10.tbz) = 03cc8232b4ea9ecb968eb67211246f20

  • SHA256 (daq-0.4.tbz) = f8e60e09c0ab4acc1726f180b2e9d58c7f557b4736a3e53e137d8cb186d71984
  • SHA256 (libdnet-1.11_3.tbz) = 92f731313eea3867ab36ad789d938a66b83dda282e293a5a3d830f138c56b6f1
  • SHA256 (libpcap-1.1.1.tbz) = fe7991735055bb92bc38a2550d6428200eb7491e0152fa59d75db1569918c4a4
  • SHA256 (pcre-8.10.tbz) = e9517918174e4b569d9b4d1b3c902db529e0c3bd67a4a4ae7f1b830aac66e7b1
The above packages were build with the following configuration options: --enable-dynamicplugin --enable-flexresp3 --enable-ipv6 --enable-gre --enable-targetbsed --enable-decoder-preprocessor-rules --enable-zlib --enable-reload --enable-active-response --enable-normalizer --enable-react --enable-perfprofiling

I will likely be updating the ports / packages, so keep an eye out!

JJC

2 comments:

rob said...

Would you be so kind as to post your
Makefile and pkg-list so others can build packages.

JJC said...

Will do, also just as an FYI... updated ports will be in the ports tree shortly.