56

Chapter 2     Installing Snort and Getting Started

There are many other options which are less frequently used. These options will

be discussed in related sections later on. The functionality of some command line

options can be achieved through snort.conf file as well.

2.5 Step By Step Procedure to Compile and Install Snort 

From Source Code

Installing Snort from the RPM package is very easy since you have to use only one

command,  rpm  install  . However, as you have

seen, installing from the source code requires much more work. To summarize the pro 

cess of installing from the source code, here is a step by step procedure:

  Download source code file from http://www.snort.org.

  Unpack the tar file using  tar zxvf   command.

  Run the configure script. Typical command line is something like

 configure   prefix=/opt/snort   with mysql  with 

snmp  with opnssl .

  Run the make command.

  Run the  make install  command.

  Create a directory /var/log/snort.

  Create a directory /opt/snort/etc.

  Create a directory /opt/snort/rules.

  Copy snort.conf to /opt/snort/etc directory.

  Copy classification.config file to /opt/snort/etc directory.

  Copy reference.config file to /opt/snort/etc directory.

  Copy all rule files to /opt/snort/rules directory.

  Create startup script snortd and copy it to /etc/init.d directory. Create

its links in /etc/rcx directories, where x is a run level number, so that Snort

starts at the boot time.

  If you are using MySQL with Snort, it should be started before starting Snort.

2.6 Location of Snort Files

Snort files can be categorized as follows:

  The Snort binary files, which is the actual executable.

  The Snort configuration file, which is typically snort.conf.