It took me a while and a lot of searching around to find all the pieces to do this install so I figured that I might as well document the whole process step by step in case someone else needs help and to help me remember what I did.
They do have RPMs for Snort if you'd rather go that route, but Sourcefire (the makers of Snort) recommend that you install by compiling from source, which is what this instructional blog post is about.
The first thing you'll want to do is install CentOS 5.6 and run the autoupdater.
Next you'll want to download the following source packages:
After downloading those files, you'll want to extract them. It's your choice where to extract them, but I just do it in the same folder that I downloaded them to.
Open up a terminal (command line) window and log in as root using
su - root
and enter your root password.
Make sure that gcc and the c++ module for gcc are installed:
yum install gcc
yum install gcc-c++
Change directories to where the libpcap source files were extracted to using the cd command, in my case the command is:
cd /home/alex/downloads/cd libpcap-1.1.1
Follow that with the following commands (these commands assume that libpcap 0.9.4 was installed per the default CentOS 5.6 install):
That finishes the install of libpcap, so now we have to remove the links to the old version and create the new symbolic links.
ln -s /usr/local/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so.1.1.1
ln -s /usr/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so.1
ln -s /usr/lib/libpcap.so.1 /usr/lib/libpcap.so
And now to the extracted directories from above for the daq source files and to do the install of daq:
Next we need to install libpcre:
Next we need to install libdnet:
And finally we can install snort:
And you are done with the installation of Snort. You can now run it by doing this command:
You should now see information on the console for any packets that are received by your system's network adapters. You use ctrl-c command to exit from Snort.