源码方式安装
wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz tar xvzf daq-2.0.6.tar.gz cd daq-2.0.6 ./configure && make && sudo make install wget https://www.snort.org/downloads/snort/snort-2.9.15.tar.gz tar xvzf snort-2.9.15.tar.gz cd snort-2.9.15 ./configure --enable-sourcefire && make && sudo make install
参考:https://www.snort.org/#get-started CentOS Fedora FreeBSD可以参考上方官方文档安装
安装过程中常见问题
1.安装daq时遇到
configure: error: Your operating system's lex is insufficient to compile libsfbpf. You should install both bison and flex. flex is a lex replacement that has many advantages, including being able to compile libsfbpf. For more information, see
http://www.gnu.org/software/flex/flex.html
解决方式
CentOSyum install flex bison -y
Ubuntuapt-get install flex bison
2.安装snort时时遇到
ERROR! Libpcre header not found. Get it from
http://www.pcre.org
解决方式
Ubuntu:sudo apt-get install libpcre3-dev
CentOS:sudo yum install pcre-devel
3.安装snort时遇到
ERROR! dnet header not found, go get it from
http://code.google.com/p/libdnet/or use the --with-dnet-* options, if you have it installed in an unusual place
解决方式
wget https://nchc.dl.sourceforge.net/project/libdnet/libdnet/libdnet-1.11/libdnet-1.11.tar.gz tar -zxf libdnet-1.11.tar.gz cd libdnet-1.11 ./configure && make && make install
4.安装snort时遇到
ERROR! LuaJIT library not found. Go get it from
http://www.luajit.org/(or) Try compiling without openAppId using '--disable-open-appid'
解决方式:
sudo wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz sudo tar -zxvf LuaJIT-2.0.5.tar.gz cd LuaJIT-2.0.5/ sudo make && sudo make install
5.运行snort时遇到
snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
解决方式:
方法一(未验证):
第一步:export LD_LIBRARY_PATH=/usr/local/lib;
第二步:运行/sbin/ldconfig命令更新/etc/ld.so.cache;
注意:可以通过命令echo $LD_LIBRARY_PATH来查看设置内容
方法二:
创建一个符号链接:sudo ln -s /usr/local/lib/libdnet.1 /usr/lib/libdnet.1
原因:
1.liddnet.1文件在/usr/local/lib目录下,但是系统默认的装载库路径却没有这个.
2.为了加快程序执行时对共享库的定位速度,避免使用搜索路径,直接读取库列表文件/etc/ld.so.cache.