INSTALLING AND CONFIGURING SNORT ON NETWORK USING KALI LINUX

  • Hello everyone this blog is for installing the snort on your network using kali linux.
  • So firstly you have to install kali linux on VIRTUALBOX or VMWARE of your choice.
  • I already install kali linux in my virtual box and you have to set network to BRIDGED ADAPTER and also you have to give permission ( allow all ) in advanced setting.
  • Now i describe below the steps to do the program.
STEP 1:-Go to kali linux terminal,

>use command sudo apt install snort


STEP 2:-Now move to snort directory,

>use command cd /etc/snort

STEP 3:-Original configuration file was snort.conf but for backup we create a clone of this file and make changes in that file.

>use command sudo cp snort.conf test_snort.conf



STEP 4:-Now we have to set our ip address and range in the test_snort.conf for that we have to edit the file.

>use command sudo gedit test_snort.conf
  • If you have not install the gedit then use the command sudo apt install gedit and also you can use nano command instead of gedit to do the editing.




STEP 5:-Now we have to make the rules for that go to the rules directory,

>use command cd /rules

STEP 6:-In snort there are so many rules files or scripts.We define the rules in the local.rules file but for backup i will create a secondary file.

>use command sudo touch custom.rules

STEP 7:-As snort will not take directly rules from our custom file,for that we have include custom file in that local.rules file and for that edit local.rules file,

>use command sudo gedit local.rules
  •  write include $RULE_PATH/custom.rules as shown below in the image.After that save and close the file.

STEP 8:-Now we have to write the desired rules in the custom.rules file and for that edit the custom.rules file.

>use command sudo gedit custom.rules  
  • As shown in the image write the exact script.After that save and close the file.


STEP 9:-Now setup is done and for verify the syntax,

>use command sudo snort -T -i eth0 -c /etc/snort/test_snort.conf


STEP 10:-Match the below output with yours.(lesser number not expected)


STEP 11:-Now for run the snort,

>use command  sudo snort -A console -q -i eth0 -c /etc/snort/test_snort.conf


THANK YOU

FOLLOW THE BLOG FOR AMAZING TECH HACKS.............................................

  • Don't forget to comment ............................... just drop your doubt......................................

Comments

Post a Comment

Popular Posts