Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-12-2006, 07:09 AM   #1
Registered: Jun 2005
Location: On the top of the World
Posts: 114

Rep: Reputation: 15
How to setup snort IDS

Hi Dears

Have anyone used snort IDS solution, i have got a tar file from but is there any rpm available for the same,and if someone can guide me how to setup the SNORT IDS solution,i will really be very thankful,

Thanks in advance..
Old 05-12-2006, 06:40 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
They're available at the snort website under pre-compiled binaries here. Make sure to verify the sig and md5 checksum before installing.
Old 05-15-2006, 08:46 AM   #3
LQ Newbie
Registered: Apr 2006
Posts: 10

Rep: Reputation: 0
I've set up snort a while ago and just wrote a perl script, that analyses snort's log file and uses iptables to block malicious IP's. Nothing fancy, but here it is if you wish to use it:


$sbin_path = '/sbin/';
$script_path = '/var/log/snortlogs/';

$file = $script_path.'ips';
%IPs = ();

open FILE, "< $file"||die "can't open ips file";
while (<FILE>){
close FILE;

open FILE, "/usr/bin/tail -f ".$script_path."alert|" ;

$logfile = $script_path.'alert3';

@strings = ();

while (<FILE>){

$test = $_;
$test=~s/ +//;
unless ($test eq '') {push(@strings, $_)};
if ($test eq ''){
$strings[1] =~ m/Priority\: (\d+)/g;
$priority = $1;
if ($strings[0] =~ m/MS Terminal/){$priority = 1};
if ($strings[0] =~ m/ortscan/){$priority=3; $strings[2] = $strings[1]};
if ($priority > 2){
open LOG, ">> $logfile";
$strings[0] =~ s/\[.*\] \[.*\] (.*) \[.*\]/\1/g;
$strings[1] =~ s/\[.*\: (.*)\] \[.*\]/\1/g;
$strings[2] =~ m/(\d+\.\d+\.\d+\.\d+).* ->/ig;
$IP_FROM = $1;
$strings[2] =~ m/(\d+\.\d+\.\d+\.\d+)/ig;
$IP_TO = $1;
print LOG "$strings[1]: $strings[0]\n";
print LOG "($priority) IP: $IP_FROM -> $IP_TO\n";
$match = 0;
foreach $key (keys %IPs){
$match++ if ($IP_FROM =~ m/$key/g);
block_ip($IP_FROM) unless $match;
print LOG "=====\n";
close LOG;
@strings = ();

close FILE;

sub block_ip{
@params = @_; $no_match = 1;
$IP = $params[0];
$ff = $sbin_path."iptables -t mangle -L -vnx";
open IPTABLES, "$ff |";
while (<IPTABLES>){
$no_match=0 if ($_ =~ m/$IP/g);
$command = $sbin_path.'iptables -t mangle -A FORWARD -s '.$IP.' -j DROP';
system($command) if $no_match;
$command = $sbin_path.'iptables -A INPUT -s '.$IP.' -j DROP';
system($command) if $no_match;
open LOG, ">> $logfile";
print LOG "to block $IP\n";
close LOG;
I don't claim it to be the most efficient script or anything of that kind, it works for me

Make sure you have file 'ips', that contains white list of IP addresses. I will be glad to provide further info on that script if required.

Best regards,


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
developing an ids using snort chax Linux - Security 1 01-10-2006 01:20 PM
developing an ids using snort chax Linux - Networking 1 01-10-2006 12:51 PM
Questions regarding the use of Snort (IDS) and security nasty_daemon Linux - Security 8 09-09-2005 11:48 PM
Snort/ACID as an IDS WeNdeL Linux - Security 4 09-10-2004 01:14 PM
snort (ids) not working please help!!! crealkillerI75 Slackware 5 07-18-2002 04:39 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:32 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration