I was wondering if anyone here has upgraded Snort from the source code. I have 2.9.1 all compiled and ready, but not installed yet. My concern is this...
The Install doc in the snort bundle recommends that you uninstall any previous version of snort before installing the latest version. If I run yum remove snort, it wants to take away app-snort and app-snortsam as well. :blink:
So, is there a way I can upgrade from the source code and still have it tied to the ClearOS apps, or will I need to switch to webmin for a UI for snort?
Thanks,
James "Zeke" Dehnert
The Install doc in the snort bundle recommends that you uninstall any previous version of snort before installing the latest version. If I run yum remove snort, it wants to take away app-snort and app-snortsam as well. :blink:
So, is there a way I can upgrade from the source code and still have it tied to the ClearOS apps, or will I need to switch to webmin for a UI for snort?
Thanks,
James "Zeke" Dehnert
Share this post:
Responses (7)
-
Accepted Answer
I have a question for Nick, Bob, and Tim.
Has anyone rolled up the Emerging Threats scripts with a How-To on getting this installed and working?
Since I'm just using ClearOS as a home system, the $ charged for the intrusion detection updates are more than I am willing to pay. I'm hoping that a nice clear How-To will become available so I can set up my system to use freely available rules. -
Accepted Answer
I've successfully installed Snort 2.9.x on several instances of ClearOS 5.2, but have yet to document how I did it...
What I can say is that I uninstalled all of the Snort RPMs that come with ClearOS by default, and setup Snort with MySQL and BASE following a combination of HOWTOs and PDFs I found online.
What I have currently lacks the nice feature/functionality that the ClearOS SnortSAM provides (read no blocking functionality), but what I do like is the BASE interface that in my opinion is much more useful, and granular than what ClearOS 5.2 provides. -
Accepted Answer
Emerging Threats still produce rules for 2.8.4 and I think there are other sources of rules as well. I developed a script from something written by Bob Stangarone to allow you do automatically download the ET rules and merge them with the ClearOS rules so you can keep your rules up to date with 2.8.4. -
Accepted Answer
Thanks Tim, I was aware of the differences between the Snort releases. I have been scouring the Snort web site trying to develop an understanding of how things work.
Does it require a subscription to ClearCare to get Snort updates with the ClearOS software? That was one of the reasons that I started digging deeper into snort (the other was to get an operational understanding of Snort) My system is telling me that it isn't getting IDS updates. If this was a company system I'd get them to pay up for all the updates, but I'm working on my home system, and I'd rather not add anything else to my budget these days.
I also noticed that to get the free Snort rules from snort.org that I need to keep snort more current than the release available on ClearOS 5.2. I have set up Oinkmaster, but there are no rulesets available for 2.8.4.1, so I would have to use 2.8.6 rulesets.
Thanks Nick, I have been using Yum instead of rpm for so long that the rpm command totally slipped my mind. -
Accepted Answer
The compatibility between 2.8.4 and 2.9.1 depends on the format on the config file...ClearOS apps will expect to use a certain format, and if the new version is not backwards compatible you will run into problems
Please note you may also have to manually update your ruleset to one compatible with 2.9.x. Nick has been doing some work on this with the ET rulesets
If you can wait till ClearOS6 then there will be a 2.9 version of Snort -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »