Install Snort + Barnyard2 + PulledPork automatically
- A computer running:
- Debian
- Kali Linux
- Raspbian Jessie
- Oinkcode:
- It's FREE! 😉
- Highly recommended!
- Get yours here.
- Identified Network Interface:
ip link show
- Previous dependencies:
sudo apt-get install git
- Patience.
- Cloning the repository:
git clone https://github.com/joanbono/Snorter.git
cd Snorter/src
bash Snorter.sh -h- Recommended: Execute the program using an oinkcode
bash Snorter.sh -o <oinkcode> -i <interface>
Ex: bash Snorter.sh -o XXXXXXXXXXXXX -i eth0- Not Recommended: Execute the program without an oinkcode
bash Snorter.sh -i interface
bash Snorter.sh -i eth0- Superuser password, and wait...
Snortanddaqare installed.
- Now it's time to add the
HOME_NETand theEXTERNAL_NET.
- Press
Enterto continue. It will openvim:- Press
Ato go to the end of the line. - Add the address and the mask you want to protect.
- Press
Escand then:wq!to save the changes.
- Press
- Do the same for the
EXTERNAL_NET:
- Press
Enterto continue. It will openvim:- Press
Ato go to the end of the line. - Add the attacker address. Recommeded:
!$HOME_NET. - Press
Escand then:wq!to save the changes.
- Press
- Now the output. By default,
unified2output is enabled, but you can enable more than one output. I'm going to enable both CSV and TCPdump output.
- Now
SNORTwill start inconsolemode. Send aPINGfrom another machine.
- It will show a
PINGalert. PressCtrl+Conce, and continue the installation.
- Now it's time to install
BARNYARD2if you want. - You will be asked to insert a password for the
SNORTdatabase which is going to be created. In the example, I've usedSNORTSQL
- Now the program will install dependencies.
- It's going to install
MySQL, so if it's not installed, you will insert a password for this service too. In the example, I've usedROOTSQL.
- And the
MySQLpassword.
- Now you are going to be asked for the
MySQLpassword 3 times - Please keep in mind:
MySQLrootpassword 3 times.
- Now it's time to install
PulledPorkif you want.
- Create a system
service:
- You can download rules when everything is installed and configurated.
- Enable at
snort.conftheEmerging ThreatsandCommunityrules
- Install WebSnort for
PCAPanalysis
- Reboot the system.


















