Snort on AIX 6.1
After seeing numerous articles about building snort on AIX and the problems that come from it I have decided to build AIX 6.1 Snort packages that can be installed without having to build from source.
Notice
I did not include any rules in these packages so you will need to get your own rules. All three packages are required and you should have no problems installing.
Download
All three packages are required for snort to work you will need the following:
Installing
You will need to decompress these before installing:
gunzip oss.libpcap-0.9.8.1.bff.gz
gunzip oss.pcre-8.0.0.0.bff.gz
gunzip oss.snort-2.5.8.1.bff.gz
Once they are all uncompressed we need to make a .toc file so that we can use smit to install. Make sure you are in the directory you downloaded too.
inutoc .
After this is complete you can use smit to install
smit easy_install
Select the packages or select “all” and hit enter twice. After these are all installed you will be able to configure snort via the configuration file at
vi /etc/snort/snort.conf
Get Rules
Grab some rules for snort.
mkdir /etc/snort/rules
cd /etc/snort/rules
wget http://www.emergingthreats.net/rules/emerging-malware.rules
wget http://www.emergingthreats.net/rules/emerging-exploit.rules
Add your rules to /etc/snort/snort.conf
include $RULE_PATH/emerging-malware.rules
include $RULE_PATH/emerging-exploit.rules
Once you are happy with your configuration and have downloaded any rules you will want. Start it up.
snort -c /etc/snort/snort.conf -i en1 -D
I started my life as a ASP classic developer and have since written code in ASP, ColdFusion, C, C++, PHP, Perl, Ruby, Python and others.
