How to do it...

  1.  First, install Snort:
    1. Navigate to System | Package Manager.
    2. Click on the Available Packages tab.
    3. Find Snort in the list and click on the Install button:

    1. You will be redirected to the Package Installer tab. Click on the Confirm button on this tab to install Snort and its dependencies.
    2. The Package Installation list should keep you informed of the progress in downloading and installing Snort. The process should not take long.
  2. If you haven't done so, already, set up a Snort account:
    1. From a web browser, navigate to https://www.snort.org/subscribe.
    2. Click on the Sign up link. (or navigate to https://www.snort.org/users/sign_up).
    3. Enter your email address, password, and password confirmation in the appropriate fields.
    1. Check the checkbox for Agree to Snort License. There are also several checkboxes for subscribing to Snort mailing lists; check the boxes for whichever lists you wish to receive.
    2. Click on the Sign up button.
    3. Snort will send you a confirmation email. Click on the link in the confirmation email and log into the Snort website again with the credentials you created in the previous steps.
    4. Once you are logged in, scroll down to the Sign Up/Subscribe button (this should be step 2 on the Get Started page).
    5. The menu on the left side of the page should have an option that reads Oinkcode. Click on this menu item to retrieve your Oinkcode. You will need to enter this code when you begin Snort configuration.
  1. Now we can begin Snort configuration:
    1. Navigate to Services | Snort.
    2. Click on the Global Settings tab.
    3. Check the Enable Snort VRT checkbox:

    1. Copy your Oinkcode into the Snort Oinkmaster Code edit box.
    2. Check the Enable Snort GPLv2 checkbox.
    3. Check the Enable ET Open checkbox to enable download of Emerging Threats Open rules.
    4. For the Update Interval, select 1 DAY:

    1. Click on the Updates tab.
    2. Click on the Update Rules button:

    1. We still have to enable Snort on one or more interfaces. Click on the Snort Interfaces tab.
    2. Click on the Add button to add an interface.
    3. Check the Enable interface checkbox:

    1. Set Interface to WAN; in most cases, you only need to run Snort on one interface.
    2. In the Alert Settings section, be sure to check the Send Alerts to System Log checkbox.
    3. You also should check the Block Offenders checkbox (automatically block hosts that generate a Snort alert) and the Kill States checkbox (kill firewall states for the blocked IP).
    4. Leave the Which IP to Block drop-down set to BOTH to block both the source and destination IP:

    1. When you are done making changes, click on the Save button.
    2. We still have to select rulesets for Snort, so when the page reloads, click on the Edit icon for the WAN interface (the pencil).
    3. When the page reloads, click on the WAN categories tab.
    4. In the ET Open Rules column, check the emerging-p2p.rules ruleset:

    1. When you are done selecting any other rulesets you wish to enable, click on the Save button.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.210.17