This script provides an all-in-one easy installation of Snort in a box in bridge mode with a complex configuration.
527e35e81c79071a3170ba4bc5d9b499b0471717e931e65c8d776e9950ba2744#################################################################
#This script was create by Augusto Pereyra based on www.root0.net script for
#Snort instalation
#Diferences beetween the original and this script are the follow
#Home Net Config
#Layer2Reset Config
#OinkMaster Update
#Install snort from source
#Bridge auto config
#Webmin instalation
#Firewall auto config
##########################
##### MENU #####
##########################
echo -n " Ingrese la clave para EL ROOT DE MYSQL: "
read MYSQL_PASS
echo -n " Ingrese el nombre para la base de snort: "
read DB_NAME
echo -n " Ingrese el usuario de mysql para la base snort: "
read DB_USER
echo -n " Ingrese la clave para el usuario anterior: "
read DB_PASS
echo -n " Ingrese la red que se quiere proteger (Ej. 10.2.3.0 default mask /24): "
read HOME_RED
echo -n " Ingrese el oink-code: "
read OINK_CODE
echo -n "Ingrese la mac adress del gateway para poder hacer reset de layer 2: "
read L2GMAC
echo -n "#SE BAJAN LAS DEPENDENCIA POR YUM"
echo -n " "
yum install -y pcre-devel
yum install -y libpcap-devel
yum install -y iptables-devel
yum install -y mysql-devel
yum install -y bridge-utils
yum install -y php-gd
yum install -y php-pear
yum install -y php-pear-Image-Canvas
yum install -y php-pear-Image-Color
yum install -y php-pear-Image-Graph
yum install -y php-pear-Numbers-Roman
yum install -y php-pear-Numbers-Words
cd /tmp
echo -n "#SE SETEAN LAS URLS"
echo -n " "
SNORT="http://ips-builder.googlecode.com/files/snort-2.8.3.tar.gz"
SNORTSAM_P="http://ips-builder.googlecode.com/files/snortsam-2.8.3.diff"
LIBNET="http://ips-builder.googlecode.com/files/libnet-1.0.2a.tar.gz"
BASE="http://ips-builder.googlecode.com/files/base.tar.gz"
SNORTSAM="http://www.snortsam.net/files/snortsam/snortsam-src-2.57.tar.gz"
WEBMIN="http://ufpr.dl.sourceforge.net/sourceforge/webadmin/webmin-1.441-1.noarch.rpm"
MYSQL_CREATE="/tmp/snort-2.8.3/schemas/create_mysql"
DB_HOST="localhost"
SNORT_CONF="snort.conf"
APACHE_DOC_ROOT="/var/www/html"
BASE_DIR="base"
OINK="http://ufpr.dl.sourceforge.net/sourceforge/oinkmaster/oinkmaster-2.0.tar.gz"
O2="url = http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK_CODE}/snortrules-snapshot-2.8.tar.gz"
FW="http://ips-builder.googlecode.com/files/FWRULES"
INIT="http://ips-builder.googlecode.com/files/bridged"
IPTSAMCONF="http://ips-builder.googlecode.com/files/iptsamconf.sh"
echo -n "#SE DESCARGAN PROGRAMAS"
echo -n " "
wget -U "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "${SNORT}"
wget "${SNORTSAM_P}"
wget "${LIBNET}"
wget "${BASE}"
wget "${SNORTSAM}"
wget "${WEBMIN}"
#######wget "${ADODB}"
wget "${OINK}"
wget "${FW}"
wget "${INIT}"
wget "${IPTSAMCONF}"
echo -n "# CONFIGURA E INSTALA LIBNET"
tar -zxvf /tmp/libnet-1.0.2a.tar.gz
cd Libnet-1.0.2a/
./configure
make
make install
cd ..
echo -n "#CREO USUARIOS"
echo -n ""
groupadd snort
useradd -g snort snort
echo -n "# CONFIGURA E INSTLA EL SNORT"
echo -n ""
tar -zxvf /tmp/snort-2.8.3.tar.gz
cd /tmp/snort-2.8.3/
patch -p1 < ../snortsam-2.8.3.diff
cd m4/
cp libprelude.m4 /usr/share/aclocal
cd ..
aclocal
autoheader
autoconf
automake --add-missing
./configure --with-mysql --enable-flexresp --enable-inline
make
make install
cd ..
mkdir /etc/snort
mkdir /var/log/snort
mkdir /etc/snort/rules
chown snort:snort /var/log/snort
cd /tmp/snort-2.8.3/etc
cp *.conf *.config *.map sid generators /etc/snort
#echo -n "#INSTALA ADODB"
#echo -n " "
#cd /tmp
#tar -zxvf /tmp/adodb504a.tgz
#mv /tmp/adodb5 /var/www/html/adodb5
echo -n "# COPIA SNORTSAM"
echo -n " "
cd /tmp
tar -zxvf snortsam-src-2.57.tar.gz
cd snortsam
./makesnortsam.sh
chmod 755 snortsam
mv snortsam /sbin
mv /tmp/snortsam/conf/snortsam.conf.sample /etc/snortsam.conf
cd /etc
cat snortsam.conf |sed "s/^# iptables <adapter> <logoption>/iptables br0/" > snortsam.conf.tmp
mv snortsam.conf.tmp snortsam.conf
cat snortsam.conf |sed "s/^# accept <host>\/<mask>\,<key>/accept 127.0.0.1\/24/" > snortsam.conf.tmp
cat snortsam.conf.tmp |sed "s/^# daemon/daemon/" > snortsam.conf.tmp1
mv snortsam.conf.tmp1 snortsam.conf
echo -n "#INSTALA WEBMIN"
echo -n " "
rpm -i /tmp/webmin-1.441-1.noarch.rpm
echo -n "# CREA LA BASE DE DATOS"
echo -n " "
/etc/init.d/mysqld start
sleep 5
mysql -u root -e "CREATE DATABASE ${DB_NAME};" || exit 1
mysql -u root -e "CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';" || exit 1
mysql -u root -e "SET PASSWORD FOR '${DB_USER}'@'localhost'=PASSWORD('${DB_PASS}');"|| exit 1
mysql -u root -e "grant INSERT,SELECT,UPDATE,CREATE,DELETE on ${DB_NAME}.* to ${DB_USER}@localhost identified by '${DB_PASS}';" || exit 1
mysql -D ${DB_NAME} -u root < ${MYSQL_CREATE} || exit 1
mysql -u root -e "SET PASSWORD FOR root@localhost=PASSWORD('${MYSQL_PASS}');" || exit 1
echo -n "#CREA BRIDGE"
echo -n " "
echo "lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;" > /sbin/bridge
echo "/etc/init.d/mysqld start " >> /sbin/bridge
echo "sleep 4" >> /sbin/bridge
echo "ifconfig eth1 0.0.0.0 promisc up" >> /sbin/bridge
echo "ifconfig eth2 0.0.0.0 promisc up" >> /sbin/bridge
echo "brctl addbr br0" >> /sbin/bridge
echo "brctl addif br0 eth1" >> /sbin/bridge
echo "brctl addif br0 eth2" >> /sbin/bridge
echo "ifconfig br0 up" >> /sbin/bridge
echo "iptables -F" >> /sbin/bridge
echo "sh /sbin/FWRULES" >> /sbin/bridge
echo "iptables-save -c > /etc/sysconfig/iptables" /sbin/bridge
echo "snortsam /etc/snortsam.conf" >> /sbin/bridge
echo "/usr/local/bin/snort -QD -i br0 -c /etc/snort/snort.conf --pid-path /var/lock/snort/" >> /sbin/bridge
echo -n "#CONFIGURACION DE BASE"
echo -n " "
cd /tmp
tar -zxvf base.tar.gz
mv html /var/www/
echo -n "### BASE ###"
echo -n " "
cd /var/www/html/base
echo " BASE configuration"
echo -n " PROCESS on base_conf.php ... "
sed "s/^\$DBlib_path.*/\$DBlib_path = \"\.\.\/adodb5\";/" base_conf.php | \
sed "s/^\$ChartLib_path.*/\$ChartLib_path = \"\.\.\/jpgraph\/src\";/" | \
sed "s/^\$BASE_urlpath.*/\$BASE_urlpath = \"\/base\";/" | \
sed "s/^\$alert_dbname.*/\$alert_dbname = \"${DB_NAME}\";/" | \
sed "s/^\$alert_host.*/\$alert_host = \"${DB_HOST}\";/" | \
sed "s/^\$alert_user.*/\$alert_user = \"${DB_USER}\";/" | \
sed "s/^\$alert_password.*/\$alert_password = \"${DB_PASS}\";/" > base_conf.php.tmp #|| exit 1
mv base_conf.php.tmp base_conf.php #|| exit 1
#chcon -t httpd_sys_content_t /var/www/html/base/
#chown -R apache /var/www/html/base/
echo "[ OK ]"
echo -n "###Configuracion de archivo de snort###"
echo -n " "
/etc/init.d/httpd start
echo ${O2} >/etc/oinkmaster.conf
cd /tmp
tar -zxvf oinkmaster-2.0.tar.gz
cd oinkmaster-2.0
cp oinkmaster.pl /sbin
cat oinkmaster.conf >> /etc/oinkmaster.conf
echo -n "CONFIGURACION DE FIREWALL"
echo -n " "
mv /tmp/FWRULES /sbin/FWRULES
sh /sbin/FWRULES
echo -n "CONFIGURACION DE SNORT.CONF"
echo -n " "
cd /tmp/snort-2.8.3/etc/
cat snort.conf |sed "s/^var RULE_PATH \.\.\/rules/var RULE_PATH \/etc\/snort\/rules/" > ${SNORT_CONF}.tmp1
cd /tmp/snort-2.8.3/etc/
cat snort.conf.tmp1 |sed "s/^# output database: log, mysql, user=root password=test dbname=db host=localhost/output database: log, mysql, user=${DB_USER} password=${DB_PASS} dbname=${DB_NAME} host=${DB_HOST}/" > ${SNORT_CONF}.tmp
cd /tmp/snort-2.8.3/etc/
cat ${SNORT_CONF}.tmp| sed '/include $RULE_PATH\/local.rules/d' >snort.conf.tmp2
cd /tmp/snort-2.8.3/etc/
cat ${SNORT_CONF}.tmp2| sed '/include $RULE_PATH\/netbios.rules/d' >snort.conf.tmp3
cd /tmp/snort-2.8.3/etc/
cat snort.conf.tmp3| sed "s/^# config layer2resets: .*/config layer2resets: ${L2GMAC}/" >snort.conf.tmp4
cd /tmp/snort-2.8.3/etc/
cat snort.conf.tmp4| sed "s/^var HOME_NET .*/var HOME_NET ${HOME_RED}\/24/" >snort.conf.tmp5
cd /tmp/snort-2.8.3/etc/
cat snort.conf.tmp5 |sed "s/^# output <name_of_plugin>: <configuration_options>/output alert_fwsam: 127.0.0.1/" > /etc/snort/${SNORT_CONF}
echo -n "SETEANDO SCRIPT DE INICIO"
echo -n " "
mv /tmp/bridged /etc/rc.d/init.d/
chmod 755 /etc/rc.d/init.d/bridged
echo -n "ACTUALIZACION DE REGLAS"
echo -n " "
perl /sbin/oinkmaster.pl -v -C /etc/oinkmaster.conf -o /etc/snort/rules
echo -n "REINICIE EL EQUIPO AHORA"
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed