Installation from sources
- Required files and applications:
- gcc gcc-c++ kernel-devel patch make nano libxml2 libxml2-devel pcre pcre-devel flex bison libpcap libpcap-devel
- libnet-1.0.2a.tar.gz (libnet-1.0.2a.tar.gz)
- libdnet-1.12.tgz (libdnet-1.12.tgz)
- daq-x.x.x.tar.gz (http://www.snort.org)
- snort-x.x.x.tar.gz (http://www.snort.org)
- spp_anomalydetection.* (AnomalyDetection.tar.gz)
- Installation process:
- Install requied packets using yum
yum install gcc gcc-c++ kernel-devel patch make nano libxml2 libxml2-devel pcre pcre-devel flex bison libpcap libpcap-devel
- Go to '/home' directory 'cd /home'
- Extract all the archives using the command syntax 'tar zxvf name_of_file.tgz' or 'tar zxvf name_of_file.tgz.gz'
- Install libnet, go to libnet sources directory 'cd /home/libnet-x.x' and use command './configure && make && make install'
- Install libdnet, go to libdnet sources directory 'cd /home/libdnet-x.x' and use command './configure && make && make install'
- Go to daq sources directory 'cd /home/daq-x.x.x' and use command './configure && make && make install'
- Before you build snort copy spp_anomalydetection.c and spp_anomalydetection.h from '/home' directory to '/home/snort-x.x.x/src/preprocessors', you can to that by typing following command in CLI 'cp /home/spp_anomalydetection.* /home/snort-x.x.x/src/preprocessors'. Next you need to modify plugbase.c (you can find them in '/home/snort-x.x.x/src/'), in section '/* built-in preprocessors */' add header :
#include "preprocessors/spp_anomalydetection.h"
and in function 'void RegisterPreprocessors(void)' add :
SetupAnomalyDetection();
Update Makefile.in you find them in '/home/snort-x.x.x/src/preprocessors/', in the end of 'libspp_a_SOURCES' section add :
spp_anomalydetection.c spp_anomalydetection.h
and in the end of 'am_libspp_a_OBJECTS' add :
spp_anomalydetection.$(OBJEXT)
- Go to snort-x.x.x directory 'cd /home/snort-x.x.x' and build them by typing following command in CLI './configure --disable-ipv6 --disable-reload && make && make install'