Comprehensive VMware Installation Guide with Detailed Snort Configuration and Testing Steps

Contents hide

Snort Installation and Configuration: Use Default Settings

Operating System: Windows 7
Required Software:
- Virtual Machine: VMware
- Network Packet Capture Driver: WinPcap 4.1.3 ( WinPcap_4_1_3.exe)
- Snort for Windows Installer: Snort 2.8.6 for Win32 ( Snort_2_8_6_Installer.exe)
- Official Certified Snort Rule Set: snortrules-snapshot-2900.tar.gz
- Database Component and Analysis Platform: AppServ 8.6.0 ( appserv-win32-8.6.0.exe)
- Web Frontend: Basic Analysis and Security Engine 1.4.5 ( base-1.4.5.tar.gz)
- To download the installation packages used this time, please comment “666”, and I will privately message you the shared link. Feel free to exchange technical knowledge.

Since we are setting up a test environment, all components will be installed on a single machine as part of the VMware installation.

Preparation Before Installation

VMware Installation Guide: VMware Installation (Babysitter-Level Guide, with Installation Package) _vmware Virtual Machine – CSDN Blog

VMware Install Windows 7 Guide: VMWare Workstation Installation Windows 7 Image (Babysitter-Level Guide) _vmware Install Win7 ISO Image File – CSDN Blog WinPcap Installation: Click next and use default settings.

Snort Installation and Configuration: Use Default Settings

Click confirm and it will prompt a successful installation.

Testing, go to the path in the first image and enter cmd.

In the command line enter snort -W, and if the result is as shown, the installation is successful.

Extract snortrules-snapshot-2900.tar and copy the three files to the snort path.

Modify the snort.conf configuration file

Open the configuration file snort.conf with an editor, it’s easy to find with the line numbers, screenshots are of the modified version.

var RULE_PATH c:\snort\rules var SO_RULE_PATH c:\snort\so_rules var PREPROC_RULE_PATH c:\snort\preproc_rules

# path to dynamic preprocessor libraries dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor

# path to base preprocessor engine dynamicengine c:\snort\lib\snort_dynamicengine\sf_engine.dll

preprocessor http_inspect: global iis_unicode_map c:\snort\etc\unicode.map 1252

output database: alert, mysql, user=snort password=snort dbname=snortdb host=localhost

include $RULE_PATH/snmp.rules include $RULE_PATH/icmp.rules include $RULE_PATH/tftp.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/policy.rules include $RULE_PATH/info.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules include $RULE_PATH/chat.rules include $RULE_PATH/multimedia.rules include $RULE_PATH/p2p.rules include $RULE_PATH/spyware-put.rules include $RULE_PATH/specific-threats.rules include $RULE_PATH/voip.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/bad-traffic.rules

# decoder and preprocessor event rules include $PREPROC_RULE_PATH/preprocessor.rules include $PREPROC_RULE_PATH/decoder.rules

# dynamic library rules include $SO_RULE_PATH/bad-traffic.rules include $SO_RULE_PATH/chat.rules include $SO_RULE_PATH/dos.rules include $SO_RULE_PATH/exploit.rules include $SO_RULE_PATH/imap.rules include $SO_RULE_PATH/misc.rules include $SO_RULE_PATH/multimedia.rules include $SO_RULE_PATH/netbios.rules include $SO_RULE_PATH/nntp.rules include $SO_RULE_PATH/p2p.rules include $SO_RULE_PATH/smtp.rules include $SO_RULE_PATH/sql.rules include $SO_RULE_PATH/web-activex.rules include $SO_RULE_PATH/web-client.rules include $SO_RULE_PATH/web-misc.rules