Once you have acquired the computer that you are going to use as your snort machine, the next step is to install the operating system. I will provide the step-by-step instructions that I used when installing Ubuntu Server 10.4 This is an open-source operating system that can be downloaded from http://www.ubuntu.com/server. I burned the downloaded software onto a CD so I could boot from it.
1. Boot from Ubuntu Server CD and Install OS.
a. Things to have ready:
i. ip address to use (if you are going to use a static ip)
ii. computer name
iii. computer password
iv. user name
v. user password
b. Do not encrypt the home directory when asked
c. Select to install updates automatically when prompted
d. Only choose to install OpenSSH server from Software Selection screen
e. Select “Yes” to install GRUB Boot Loader
As you go through the installation screens, it will ask you to choose your location (country), language, keyboard layout, and network settings. I am using a static ip address, but there is an option in the installation setup to select DHCP. There will also be partition questions. I chose the option “Guided – use entire disk and set up LVM”. For all other setup screens not mentioned here, I left the default selections.
After you complete the installation, it will prompt you to remove the disk and reboot. Once the server comes back up, you will log in using the user name and password that you entered during setup. All of the following commands must be run with root privileges, so that is the reason that each command starts with sudo. You could also log in as root, but this is frowned upon in the Linux world due to security concerns.
2. Install the following packages using the commands as shown:
a. sudo apt-get install nmap
b. sudo apt-get install nbtscan
c. sudo apt-get install apache2
d. sudo apt-get install php5
e. sudo apt-get install php5-mysql
f. sudo apt-get install php5-gd
g. sudo apt-get install libpcap0.8-dev
h. sudo apt-get install libpcre3-dev
i. sudo apt-get install g++
j. sudo apt-get install bison
k. sudo apt-get install flex
l. sudo apt-get install libpcap-ruby
m. sudo apt-get install mysql-server **
n. sudo apt-get install libmysqlclient16-dev
**You will be prompted to enter a user name and password for your mysql login so have this information ready. FYI – I orginally setup my mysql password with a $ in it, but this caused numerous problems. It seems that the $ is a “reserved” character in mysql.
3. Run following commands to get latest security patches:
a. sudo apt-get update
b. sudo apt-get upgrade
Please continue to Part 3 for detailed instructions on installing Snort and the Data Acquisition API (Part 3 coming in the next week or two).
These detailed instructions for setting up a snort machine are compiled from 5 different snort installation guides. Each of these articles contained pieces of what I needed. By using them all, I was able to get our snort machine up and running with every feature we wanted.
Gullet, David. Snort 2.9.0 and Snort Report 1.3.1 on Ubuntu 10.04 LTS Installation Guide. October 8, 2010. http://www.symmetrixtech.com/articles/008-snortinstallguide290.pdf
Krautter, Jonathan. Snorby on Ubuntu Server 9.04 (32-bit) with Multiple Interfaces on Apache. October 23, 2009. http://groups.google.com/group/snorby/browse_thread/thread/3ee0265d3de938a3
Ubuntu Community Documentation. Network Connection Bridge. Retrieved on November 4, 2010. https://help.ubuntu.com/community/NetworkConnectionBridge
Ubuntu Geek. Webmin Installation and Configuration in Ubuntu Linux. December 22, 2006.
Willis, Nathan. What can you do with a second Ethernet port? May 6, 2008.