This is a continuation of the post on installing Snort 2.9 on CentOS 6.4(http://nkush.blogspot.com.au/2013/03/snort-29-on-centos-63.html). Thispost installs Barnyard2 on the host.
Barnyard is an output system for Snort. If effectively allows bettersnort performance by enabling Snort to produce binary output which isthen processed by Barnyard.
Barnyard processes the binary Snort output files (unified2 binary) andstores the processed data into a database back-end, for example MySQL.The advantage of using Barnyard instead of the database output fromSnort is that Barnyard is able to “cache” the data in case the databaseis unavailable.
Read More →
I had to do some maintenance work on a Linux based server. It was mainlyjust archiving some files around and updating packages andconfigurations. However, as part of the maintenance I took theopportunity to put in some simple technical security controls in placeand documented some of them here for my reference.
MySQL Database There was a MySQL server runningthat was only needed for the local host, but a “netstat -ltn” indicatedthat it was not bound to any specific IP, i.
Read More →
CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort’s DataAcquisition Library (daq) needs a newer version of libpcap (>=1.0.0).The latter is not an issue with the CentOS 6.0. Vishesh Kumar [1]provides an excellent instructions to getting Snort 2.9 to run on RHEL 5(http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html).The purpose of this post is not to duplicate his efforts, but to extendit slightly to include instructions for a complete Snort set-up.
Read More →