Snort's installation prerequisites for Red Hat Enterprise Linux 5

Snort's installation prerequisites for Red Hat Enterprise Linux 5

By James Turnbull

Once you've confirmed that the IDS sensor Snort can run on your customer's hardware, the next step is ensuring that the proper

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information:

By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here

  • Your use of SearchSecurityChannel.com is governed by our Terms of Use
  • We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
  • If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.

software has been installed on Red Hat Enterprise Linux 5 to support Snort -- this includes MySQL/PostgreSQL and PHP. This step lays the groundwork for installing Snort, compiling Snort and then configuring Snort by setting up its network intrusion detection rules.

Snort has a number of prerequisites that you will need to install depending on how you want to configure it. The most common is MySQL, though you could also use PostgreSQL if you prefer. Snort uses MySQL to store events and alerts. If you wish to add a console, such as BASE, to your Snort installation you will also need to install PHP, including MySQL integration for PHP and a Web server like Apache. In this tip, we're going to use MySQL to store events. For the Snort installation with MySQL, we need to add the following RPMs (best done using your package management mechanism as it will prompt you to install additional packages):

  • mysql-server
  • mysql-bench;
  • mysql-devel;
  • mysqlclient10
  • libpcap
  • libpcap-devel
  • pcre-devel

After installing MySQL, start the server up by using the init script. Remember to change the MySQL password when MySQL starts up. 

# /etc/init.d/mysqld start

After installing the prerequisites, you can install Snort. Snort is available in RPM packages, both binary and source, from Sourcefire or it can be compiled. On the Sourcefire site, RPMs are currently only available for RHEL 4. Until RHEL 5 RPMs are available, you'll need to compile Snort from source or build your own RPMs using the Snort spec file. In this scenario, we're going to compile Snort from source.


Intrusion detection with Snort on Red Hat Enterprise Linux 5

  Introduction to network intrusion detection and prevention using Snort
  Snort hardware and network setup requirements
  Snort's installation prerequisites
  Compiling Snort and configuration with MySQL
  Configuring Snort and setting up rules
  Editing the snort.conf file

About the author
James Turnbull works for the National Australia Bank as a Security Architect. He is also the author of Hardening Linux, which focuses on hardening Linux hosts including the base operating system, file systems, firewalling, connections, logging, testing your security and securing a number of common applications including e-mail, FTP and DNS. He is an experienced infrastructure architect with a background in Linux/Unix, AS/400, Windows, and storage systems. He has been involved in security consulting, infrastructure security design, SLA and service definition and has an abiding interest in security metrics and measurement.

This was first published in July 2007

Back to top