Chapter 1. Installation and Optimization
Introduction
Every journey begins with a single step; with Snort, that step is installation. Snort is a powerful tool under the right conditions, and throughout this book, we fully intend to help you make the most of it. This chapter is dedicated to getting started: the steps required to install Snort onto your system, suggestions about how best to place your IDS sensors, and suggestions about how to connect it. If you already have a working installation, we still suggest skimming through this chapter to see if there are any ways you might be able to optimize your solution. I know someone who reads culinary cookbooks all the time, and yet rarely actually follows a recipe. Cookbooks are like that: they are a source of ideas—a way of trying combinations that you might not have considered before. But unless the recipe title appeals to you, there is no need to read it right away. Just remember that you’ve seen it; you can always come back later.
The recipes in this book are based on the latest stable version of Snort at the time of this writing: Version 2.2.x. We’re aware that 2.3.0 is under development; however, it is not stable enough to use. When appropriate, we address new features that are being incorporated into Version 2.3.0.
1.1. Installing Snort from Source on Unix
Problem
You want to install Snort from source on a Unix-type operating system.
Solution
To install from source, download it from the Snort web site (http://www.snort.org). Uncompress, ...