Wednesday, August 22, 2012

Autosnort v1 for Ubuntu 12.04 released


Hello Snort Users!

My name is Tony Robinson, and I often go by da_667 as my handle in cyberspace.  Are you sick and tired of people telling you how snort is so hard to set up? That all that work isn’t worth it? How it is pain to gather all the packages, read the (very) well put together documentation or download all the different parts to get a full-blown snort install working? Well, I would like to introduce a little project I’m working on called Autosnort.

Autosnort is a simple script written in bash that will take an Ubuntu 12.04 system (32 or 64-bit) and essentially follow David Gullett’s Ubuntu 12.04 snort installation guide from base install to finish – It installs snort 2.9.3 (can easily be modified to install 2.9.3.1), barnyard 2 and snort report automagically. If you provide the install with a snort rules snapshot tarball that is compatible with the snort release (e.g. snortrules-snapshot-2930.tar.gz – registered user or subscriber edition) the script will copy the 32 or 64-bit Ubuntu precompiled rules (as appropriate) and modify snort.conf to use them.  The script will configure the interface you will be running snort against to be brought up at boot and will configure snort and barnyard to run at startup as well. This script will take you from 0 to a full snort in less than an hour!

All you have to do is download the script, run chmod u+x against the script (to make it executable) then run the script as root (sudo su – then ./autosnort.sh or sudo ./autosnort.sh) and follow the on-screen prompts as they come up. The script verifies you ran it as the root user, confirms internet connectivity, confirms it is being ran on Ubuntu 12.04, then goes through the entire install process, ending with a recommendation to reboot the system to apply system updates and changes.

This script is only the beginning. I have a massive to-do list that involves porting the script to run on Debian, CentOS/Redhat, Backtrack 5r2 and r3 in addition to various feature enhancements such as automated inline mode configuration, selection of alternate web frontends (i.e. BASE and snorby in addition to snort report), a barebones, no mysql, no web front-end, syslog only (intended for SIEM integration) configuration, and pulled pork integration in addition to other plans.

If this script sounds like something you are interested in, I’m releasing it as an open-source project under the MIT license at github. So if you want to take a copy of the code and get autosnort to drop a snort install on Gentoo or GNU/HURD by all means, I would love to see it! My e-mail address is deusexmachina667@gmail.com and my twitter is @da_667 happy snorting!