jabez007 · February 12, 2018 15:02
diff --git a/Install-Barnyard.sh b/Install-Barnyard.sh
 !/bin/bash

 # Set the internal field separator 
 IFS=$'\n' 

 ##
 # Install pre-reqs
 ##

 yum install libtool autoconf git

 ##
 # Clone and install Barnyard
 ##

 git clone git://github.com/firnsy/barnyard2.git
 cd barnyard2
 ./autogen.sh
 ./configure 
 make
 make install

 ##
 # Configure Barnyard
 ##

 # This is done by editing the /usr/local/etc/barnyard2.conf
 # But we should first search for these files
 find / -name reference.config
 find / -name classification.config
 find / -name sid-msg.map
 find / -namegen-msg.map  # [Note: this will likely need to be copied from the source code directory]
 # then change these lines in the conf file
 ## config reference_file:     /etc/snort/reference.config
 ## config classification_file: /etc/snort/classification.config
 ## config gen_file:            /etc/snort/gen-msg.map
 ## config sid_file:               /etc/snort/sid-msg.map

 # Setup the input plugins (should already be set)
 # this is not hard, only unified2 is supported ;)
 ## input unified2

 # Set up the output plugins (Set this to the IP address of your syslog server)
 # alert_syslog
 #-----------------------------
 ## output alert_syslog: LOG_AUTH LOG_INFO

 ##
 # Create the Barnyard log directory
 ##

 mkdir /var/log/barnyard2 

 ##
 # Setup Postgresql
 ## 

 /root/sourcecode/barnyard2/schemas/create_postgresql

 unset IFS 
diff --git a/Install-Snort.sh b/Install-Snort.sh
 #!/bin/bash

 ##########
 # https://www.upcloud.com/support/installing-snort-on-centos/
 ##########

 # Set the internal field separator 
 IFS=$'\n' 

 src_dir="$HOME/snort_src"

 ####
 # Preparing your server
 ####
 # Install the required libraries
 sudo yum install gcc flex bison zlib libpcap pcre libdnet tcpdump nano

 ####
 # Installing from the source
 ####
 # you will also need the following development packages in addition to the already install prerequisites
 sudo yum install -y zlib-devel libpcap-devel pcre-devel libdnet-devel
 sudo yum install -y https://dl.fedoraproject.org/pub/epel/7/x86_64/l/libnghttp2-devel-1.21.1-1.el7.x86_64.rpm

 # make a temporary download folder to your home directory and then change into it with the command below
 mkdir "$src_dir"
 cd "$src_dir" || exit

 # Download the latest (stable) DAQ source package from the Snort website with the wget command underneath
 wget -O "$src_dir/daq-2.0.6.tar.gz" https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz

 # extract the source code and jump into the new directory
 tar -xvzf daq-2.0.6.tar.gz
 cd daq-2.0.6 || exit

 # Run the configuration script using its default values, then compile the program with make and finally install DAQ
 ./configure
 make 
 sudo make install

 # With the DAQ installed you can updating the shared libraries and get started with Snort, change back to the download folder
 sudo ldconfig
 cd "$src_dir" || exit

 # Now, we can download the Snort source code with wget
 wget -O "$src_dir/snort-2.9.11.tar.gz" https://www.snort.org/downloads/snort/snort-2.9.11.tar.gz

 # extract the source and change into the new directory
 tar -xvzf snort-2.9.11.tar.gz
 cd snort-2.9.11 || exit

 # Then configure the installation with sourcefire enabled, run make and make install
 ./configure --enable-sourcefire
 make
 sudo make install

 # To run Snort on CentOS as a service in the background you should download a startup script from Snort documentation
 wget https://www.snort.org/documents/snort-startup-script-for-centos -O "$HOME/snortd"
 sudo chmod 755 "$HOME/snortd" 
 sudo mv "$HOME/snortd" /etc/init.d/

 ####
 # Configuring Snort to run in NIDS mode
 ####
 # Start with updating the shared libraries
 sudo ldconfig

 # Snort on CentOS gets installed to /usr/local/bin/snort directory, it is good practice to create a symbolic link to /usr/sbin/snort
 sudo ln -s /usr/local/bin/snort /usr/sbin/snort

 # To run Snort on CentOS safely without root access, you should create a new unprivileged user and a new user group for the daemon to run under
 sudo groupadd snort
 sudo useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort

 # Then create the folder structure to house the Snort configuration
 sudo mkdir -p /etc/snort/rules
 sudo mkdir /var/log/snort
 sudo mkdir /usr/local/lib/snort_dynamicrules

 # Set the permissions for the new directories accordingly
 sudo chmod -R 5775 /etc/snort
 sudo chmod -R 5775 /var/log/snort
 sudo chmod -R 5775 /usr/local/lib/snort_dynamicrules
 sudo chown -R snort:snort /etc/snort
 sudo chown -R snort:snort /var/log/snort
 sudo chown -R snort:snort /usr/local/lib/snort_dynamicrules

 # Create new files for the white and black lists as well as the local rules
 sudo touch /etc/snort/rules/white_list.rules
 sudo touch /etc/snort/rules/black_list.rules
 sudo touch /etc/snort/rules/local.rules

 # copy over the configuration files from the download folder
 sudo cp "$src_dir/snort-2.9.11/etc/"*.conf* /etc/snort  # Inside quotes, the * will not expand to a list of files
 sudo cp "$src_dir/snort-2.9.11/etc/"*.map /etc/snort

 # using community rules 
 wget https://www.snort.org/rules/community -O "$HOME/community.tar.gz"
 sudo tar -xvf "$HOME/community.tar.gz" -C "$HOME/"
 sudo cp "$HOME/community-rules/"* /etc/snort/rules
 # By default, Snort on CentOS expects to find a number of different rule files which are not included in the community rules. Comment out the unnecessary lines
 sudo sed -i 's/include \$RULE\_PATH/#include \$RULE\_PATH/' /etc/snort/snort.conf

 # using registered user rules
 # You can also take a moment and register on the Snort website. 
 # Registering gives you access to use their Oink code to download the registered user rules. 
 # You can find the code in the Snort user account details.
 #wget https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode=<oinkcode> -O ~/registered.tar.gz
 #sudo tar -xvf ~/registered.tar.gz -C /etc/snort

 # With the configuration and rule files in place, edit the snort.conf to modify a few parameters.
 sudo nano /etc/snort/snort.conf

 # Find these sections shown below in the configuration file and change the parameters to reflect the examples here.
 ###
 ## # Setup the network addresses you are protecting
 ## ipvar HOME_NET <server public IP>/32
 ###
 ## # Set up the external network addresses. Leave as "any" in most situations
 ## ipvar EXTERNAL_NET !$HOME_NET
 ###
 ## # Path to your rules files (this can be a relative path)
 ## var RULE_PATH /etc/snort/rules
 ## var SO_RULE_PATH /etc/snort/so_rules
 ## var PREPROC_RULE_PATH /etc/snort/preproc_rules
 ###
 ## # Set the absolute path appropriately
 ## var WHITE_LIST_PATH /etc/snort/rules
 ## var BLACK_LIST_PATH /etc/snort/rules
 ###

 # In the same snort.conf file, scroll down to the section 6 and set the output for unified2 to log under filename of snort.log like below.
 ### 
 ## # unified2
 ## # Recommended for most installs
 ## output unified2: filename snort.log, limit 128
 ###

 # Lastly, scroll down towards the bottom of the file to find the list of included rule sets. You will need to uncomment the local.rules to allow Snort to load any custom rules.
 ###
 ## include $RULE_PATH/local.rules

 # If you are using the community rules, add the line underneath to your rule set as well, for example just below your local.rules line
 ###
 ## include $RULE_PATH/community.rules

 # Once you are done with the configuration file, save the changes and exit the editor.
 
 ####
 # Validating settings
 ####
 # Test the configuration using the parameter -T to enable test mode.
 sudo snort -T -c /etc/snort/snort.conf
 # After running the Snort configuration test, you should get a message like this example below.
 ## Snort successfully validated the configuration!
 ## Snort exiting

 unset IFS
	!/bin/bash

	# Set the internal field separator
	IFS=$'\n'

	##
	# Install pre-reqs
	##

	yum install libtool autoconf git

	##
	# Clone and install Barnyard
	##

	git clone git://github.com/firnsy/barnyard2.git
	cd barnyard2
	./autogen.sh
	./configure
	make
	make install

	##
	# Configure Barnyard
	##

	# This is done by editing the /usr/local/etc/barnyard2.conf
	# But we should first search for these files
	find / -name reference.config
	find / -name classification.config
	find / -name sid-msg.map
	find / -namegen-msg.map # [Note: this will likely need to be copied from the source code directory]
	# then change these lines in the conf file
	## config reference_file: /etc/snort/reference.config
	## config classification_file: /etc/snort/classification.config
	## config gen_file: /etc/snort/gen-msg.map
	## config sid_file: /etc/snort/sid-msg.map

	# Setup the input plugins (should already be set)
	# this is not hard, only unified2 is supported ;)
	## input unified2

	# Set up the output plugins (Set this to the IP address of your syslog server)
	# alert_syslog
	#-----------------------------
	## output alert_syslog: LOG_AUTH LOG_INFO

	##
	# Create the Barnyard log directory
	##

	mkdir /var/log/barnyard2

	##
	# Setup Postgresql
	##

	/root/sourcecode/barnyard2/schemas/create_postgresql

	unset IFS
	#!/bin/bash

	##########
	# https://www.upcloud.com/support/installing-snort-on-centos/
	##########

	# Set the internal field separator
	IFS=$'\n'

	src_dir="$HOME/snort_src"

	####
	# Preparing your server
	####
	# Install the required libraries
	sudo yum install gcc flex bison zlib libpcap pcre libdnet tcpdump nano

	####
	# Installing from the source
	####
	# you will also need the following development packages in addition to the already install prerequisites
	sudo yum install -y zlib-devel libpcap-devel pcre-devel libdnet-devel
	sudo yum install -y https://dl.fedoraproject.org/pub/epel/7/x86_64/l/libnghttp2-devel-1.21.1-1.el7.x86_64.rpm

	# make a temporary download folder to your home directory and then change into it with the command below
	mkdir "$src_dir"
	cd "$src_dir" \|\| exit

	# Download the latest (stable) DAQ source package from the Snort website with the wget command underneath
	wget -O "$src_dir/daq-2.0.6.tar.gz" https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz

	# extract the source code and jump into the new directory
	tar -xvzf daq-2.0.6.tar.gz
	cd daq-2.0.6 \|\| exit

	# Run the configuration script using its default values, then compile the program with make and finally install DAQ
	./configure
	make
	sudo make install

	# With the DAQ installed you can updating the shared libraries and get started with Snort, change back to the download folder
	sudo ldconfig
	cd "$src_dir" \|\| exit

	# Now, we can download the Snort source code with wget
	wget -O "$src_dir/snort-2.9.11.tar.gz" https://www.snort.org/downloads/snort/snort-2.9.11.tar.gz

	# extract the source and change into the new directory
	tar -xvzf snort-2.9.11.tar.gz
	cd snort-2.9.11 \|\| exit

	# Then configure the installation with sourcefire enabled, run make and make install
	./configure --enable-sourcefire
	make
	sudo make install

	# To run Snort on CentOS as a service in the background you should download a startup script from Snort documentation
	wget https://www.snort.org/documents/snort-startup-script-for-centos -O "$HOME/snortd"
	sudo chmod 755 "$HOME/snortd"
	sudo mv "$HOME/snortd" /etc/init.d/

	####
	# Configuring Snort to run in NIDS mode
	####
	# Start with updating the shared libraries
	sudo ldconfig

	# Snort on CentOS gets installed to /usr/local/bin/snort directory, it is good practice to create a symbolic link to /usr/sbin/snort
	sudo ln -s /usr/local/bin/snort /usr/sbin/snort

	# To run Snort on CentOS safely without root access, you should create a new unprivileged user and a new user group for the daemon to run under
	sudo groupadd snort
	sudo useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort

	# Then create the folder structure to house the Snort configuration
	sudo mkdir -p /etc/snort/rules
	sudo mkdir /var/log/snort
	sudo mkdir /usr/local/lib/snort_dynamicrules

	# Set the permissions for the new directories accordingly
	sudo chmod -R 5775 /etc/snort
	sudo chmod -R 5775 /var/log/snort
	sudo chmod -R 5775 /usr/local/lib/snort_dynamicrules
	sudo chown -R snort:snort /etc/snort
	sudo chown -R snort:snort /var/log/snort
	sudo chown -R snort:snort /usr/local/lib/snort_dynamicrules

	# Create new files for the white and black lists as well as the local rules
	sudo touch /etc/snort/rules/white_list.rules
	sudo touch /etc/snort/rules/black_list.rules
	sudo touch /etc/snort/rules/local.rules

	# copy over the configuration files from the download folder
	sudo cp "$src_dir/snort-2.9.11/etc/".conf /etc/snort # Inside quotes, the * will not expand to a list of files
	sudo cp "$src_dir/snort-2.9.11/etc/"*.map /etc/snort

	# using community rules
	wget https://www.snort.org/rules/community -O "$HOME/community.tar.gz"
	sudo tar -xvf "$HOME/community.tar.gz" -C "$HOME/"
	sudo cp "$HOME/community-rules/"* /etc/snort/rules
	# By default, Snort on CentOS expects to find a number of different rule files which are not included in the community rules. Comment out the unnecessary lines
	sudo sed -i 's/include \$RULE\_PATH/#include \$RULE\_PATH/' /etc/snort/snort.conf

	# using registered user rules
	# You can also take a moment and register on the Snort website.
	# Registering gives you access to use their Oink code to download the registered user rules.
	# You can find the code in the Snort user account details.
	#wget https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode=<oinkcode> -O ~/registered.tar.gz
	#sudo tar -xvf ~/registered.tar.gz -C /etc/snort

	# With the configuration and rule files in place, edit the snort.conf to modify a few parameters.
	sudo nano /etc/snort/snort.conf

	# Find these sections shown below in the configuration file and change the parameters to reflect the examples here.
	###
	## # Setup the network addresses you are protecting
	## ipvar HOME_NET <server public IP>/32
	###
	## # Set up the external network addresses. Leave as "any" in most situations
	## ipvar EXTERNAL_NET !$HOME_NET
	###
	## # Path to your rules files (this can be a relative path)
	## var RULE_PATH /etc/snort/rules
	## var SO_RULE_PATH /etc/snort/so_rules
	## var PREPROC_RULE_PATH /etc/snort/preproc_rules
	###
	## # Set the absolute path appropriately
	## var WHITE_LIST_PATH /etc/snort/rules
	## var BLACK_LIST_PATH /etc/snort/rules
	###

	# In the same snort.conf file, scroll down to the section 6 and set the output for unified2 to log under filename of snort.log like below.
	###
	## # unified2
	## # Recommended for most installs
	## output unified2: filename snort.log, limit 128
	###

	# Lastly, scroll down towards the bottom of the file to find the list of included rule sets. You will need to uncomment the local.rules to allow Snort to load any custom rules.
	###
	## include $RULE_PATH/local.rules

	# If you are using the community rules, add the line underneath to your rule set as well, for example just below your local.rules line
	###
	## include $RULE_PATH/community.rules

	# Once you are done with the configuration file, save the changes and exit the editor.

	####
	# Validating settings
	####
	# Test the configuration using the parameter -T to enable test mode.
	sudo snort -T -c /etc/snort/snort.conf
	# After running the Snort configuration test, you should get a message like this example below.
	## Snort successfully validated the configuration!
	## Snort exiting

	unset IFS