| « Tuning Snort and flex response |
Installing Snort sensor with Mysql and BASE on CentOS Linux
![[mail]](img/envelope.gif){kind=small}
Why Centos?
CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by Redhat. It is basically a free version of Redhat's Enterprise Linux Server, so it's a good choice for stable, easy to install Linux server. Making it a perfect choice for a Snort sensor.
Follow up:
Installing CentOS
Download the latest version of CentOs. At the time of this article it's 5.2. I usually download the DVD iso image. Makes life easier to have a single media for the entire install. If you don't have a DVD compatible drive, get the CD images.
Burn the image and boot your system with the disk.
When prompted for choice, start graphical install by just pressing enter at the "boot" prompt.
When the install wizard starts, follow the on screen instructions until you get to partitioning. You can stick to default partitioning scheme, but if you decide to go with custom make sure that "/var" is the largest partition - your Snort logs will be stored there in clear text format and within the mysql database.
Follow the install wizard till you get to software selection. Uncheck all the software sets with the exception of "Server". If you want the graphical interface running on a Snort sensor you can select "Server - GUI" and your favorite desktop - be it "Desktop - KDE" or "Desktop - Gnome". I personally don't see a point in wasting resources on Graphical environments.
After the selection customize the packages further by checking "Customize Now" option, as the default software sets include a lot of packages you don't need and some packages you do need are not included. Click "Next". You should be at the package selection screen now.
- Go to "Development" and select "Development Tools" and "Development Libraries".
- Go to "Servers". In this section only "Web Server" and "MySQL Database" should be checked.
- Go to "Base System" and uncheck "Dial-up Networking Support".
- If you need support for your native language go to "Languages" and select your locale.
Click "Next". Follow the installation instructions. After the install is finished, eject the install media and click "Reboot".
After the system comes back, it will start the "Setup Agent".
Navigate to "Firewall" and press "Run Tool". In this screen disable "Security Level" and disable "SELinux". Press "OK".
Go into "System Services" and press "Run Tool". Disable the following services: bluetooth, cups, ip6tables, netfs, nfslock, rpcgssd, rpcidmapd, sendmail, xfs. Press "OK".
Press "Exit" to quit the "Setup Agent".
This will take you to the prompt. The OS installation is finished now.
At the prompt login as user "root" with the password you set during the installation.
The first step to perform after the OS install is system update. To achieve that execute:
# yum update
When prompted if it's ok to download a bunch of updates say "yes". The update will start. This step can take a few minutes. Take a coffee break... 
When the update is finished reboot the system:
# reboot
6 comments
execute the "./configure --with-mysql --prefix-/usr
" ,it prompts "no such file or directory",what
is the purpose of this command?Besides,when i
run the "yum install mysqlclient10",it tells me
there is no mysqlclient10 available then i install
the mysqlclient10-3.23.58-9.2.1.i386.rpm,is that
OK?Lookforward your reply.
and pear install Image_Graph-alpha. it said my PEAR installer version is not enough. what you have to do is download new package and intall it.
This post has 16 feedbacks awaiting moderation...
Comment feed for this postLeave a comment
