Friday, September 23, 2011

Snort 2.9.1 Installation Guide for CentOS 5.6 has been released

Thanks to Nick Moore for producing his awesome installation guide for CentOS 5.6 for Snort 2.9.1.

One of the biggest changes of note for Snort 2.9.1 that troubled people in the past was all the compile tags that we recommend that you build in.  The recommended configuration was to download the VRT ruleset and use the compile tags at the top of the snort.conf included in that ruleset and compile Snort with those options.  So, in order to ease the pain of installation of Snort, we took those compile options (except for the rule performance monitoring and preprocessor monitoring compile options) and built those in by default.

Building Snort with the recommended options is as simple as "./configure" now, in addition, if you want to enable the performance monitoring for rules and preprocessors, just add the --enable-sourcefire compile tag to your configure line (./configure --enable-sourcefire) and you'll have the same Snort build we use here at Sourcefire.

Once again, thanks Nick for his document, it's posted on as always!