CentOS 7にSnortをインストールしてみました。
環境
・CentOS Linux release 7.4.1708 (Core)
・Kernel 3.10.0-693.21.1.el7.x86_64
参考サイト
How to Install Snort on CentOS 7
https://www.upcloud.com/support/installing-snort-on-centos/
- epel repoのインストール
- libnghttp2,libdnetのインストール
- daqのインストール
- snortのインストール
- ルールの取得
- ユーザ登録
- Oinkcodeの確認
- Registered rulesのダウンロード
- ruleの設置
- snort.confの編集
- ruleファイルの作成
- libdnetのエラー対処
- Interfaceの設定
- 起動
libnghttp2をインストールする為にepel repoをインストールします。
1 |
# yum -y install epel-release |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# yum info libnghttp2 Available Packages Name : libnghttp2 Arch : x86_64 Version : 1.21.1 Release : 1.el7 Size : 66 k Repo : epel/x86_64 Summary : A library implementing the HTTP/2 protocol URL : https://nghttp2.org/ License : MIT Description : libnghttp2 is a library implementing the Hypertext Transfer Protocol : version 2 (HTTP/2) protocol in C. # yum info libdnet Installed Packages Name : libdnet Arch : x86_64 Version : 1.12 Release : 13.1.el7 Size : 69 k Repo : installed From repo : base Summary : Simple portable interface to lowlevel networking routines URL : http://code.google.com/p/libdnet/ License : BSD Description : libdnet provides a simplified, portable interface to several : low-level networking routines, including network address : manipulation, kernel arp(4) cache and route(4) table lookup and : manipulation, network firewalling (IP filter, ipfw, ipchains, : pf, ...), network interface lookup and manipulation, raw IP : packet and Ethernet frame, and data transmission. # yum -y install libnghttp2 libdnet |
最新のdaq-2.0.6-1.centos7.x86_64.rpmをインストールしました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# rpm -qlp https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm /usr/bin/daq-modules-config /usr/include/daq.h /usr/include/daq_api.h /usr/include/daq_common.h /usr/include/sfbpf.h /usr/include/sfbpf_dlt.h /usr/lib64/daq /usr/lib64/daq/daq_afpacket.la /usr/lib64/daq/daq_afpacket.so /usr/lib64/daq/daq_dump.la /usr/lib64/daq/daq_dump.so /usr/lib64/daq/daq_ipfw.la /usr/lib64/daq/daq_ipfw.so /usr/lib64/daq/daq_pcap.la /usr/lib64/daq/daq_pcap.so /usr/lib64/libdaq.a /usr/lib64/libdaq.la /usr/lib64/libdaq.so /usr/lib64/libdaq.so.2 /usr/lib64/libdaq.so.2.0.4 /usr/lib64/libdaq_static.a /usr/lib64/libdaq_static.la /usr/lib64/libdaq_static_modules.a /usr/lib64/libdaq_static_modules.la /usr/lib64/libsfbpf.a /usr/lib64/libsfbpf.la /usr/lib64/libsfbpf.so /usr/lib64/libsfbpf.so.0 /usr/lib64/libsfbpf.so.0.0.1 # yum -y install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm |
最新のsnort-2.9.11.1-1.centos7.x86_64.rpmをインストールしました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
# rpm -qlp https://www.snort.org/downloads/snort/snort-2.9.11.1-1.centos7.x86_64.rpm /etc/logrotate.d/snort /etc/rc.d/init.d/snortd /etc/snort /etc/snort/classification.config /etc/snort/gen-msg.map /etc/snort/reference.config /etc/snort/rules /etc/snort/snort.conf /etc/snort/threshold.conf /etc/snort/unicode.map /etc/sysconfig/snort /usr/bin/snort_control /usr/bin/u2boat /usr/bin/u2spewfoo /usr/lib64/snort-2.9.11.1_dynamicengine /usr/lib64/snort-2.9.11.1_dynamicengine/libsf_engine.so /usr/lib64/snort-2.9.11.1_dynamicengine/libsf_engine.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dce2_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dce2_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dnp3_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dnp3_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dns_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dns_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ftptelnet_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_gtp_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_gtp_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_imap_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_imap_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_modbus_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_modbus_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_pop_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_pop_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_reputation_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_reputation_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_sdf_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_sdf_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_sip_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_sip_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_smtp_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_smtp_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ssh_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ssh_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ssl_preproc.so /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ssl_preproc.so.0 /usr/lib64/snort-2.9.11.1_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0 /usr/sbin/snort-plain /usr/share/doc/snort-2.9.11.1 /usr/share/doc/snort-2.9.11.1/AUTHORS /usr/share/doc/snort-2.9.11.1/BUGS /usr/share/doc/snort-2.9.11.1/CREDITS /usr/share/doc/snort-2.9.11.1/INSTALL /usr/share/doc/snort-2.9.11.1/NEWS /usr/share/doc/snort-2.9.11.1/OpenDetectorDeveloperGuide.pdf /usr/share/doc/snort-2.9.11.1/PROBLEMS /usr/share/doc/snort-2.9.11.1/README /usr/share/doc/snort-2.9.11.1/README.GTP /usr/share/doc/snort-2.9.11.1/README.PLUGINS /usr/share/doc/snort-2.9.11.1/README.PerfProfiling /usr/share/doc/snort-2.9.11.1/README.SMTP /usr/share/doc/snort-2.9.11.1/README.UNSOCK /usr/share/doc/snort-2.9.11.1/README.WIN32 /usr/share/doc/snort-2.9.11.1/README.active /usr/share/doc/snort-2.9.11.1/README.alert_order /usr/share/doc/snort-2.9.11.1/README.appid /usr/share/doc/snort-2.9.11.1/README.asn1 /usr/share/doc/snort-2.9.11.1/README.counts /usr/share/doc/snort-2.9.11.1/README.csv /usr/share/doc/snort-2.9.11.1/README.daq /usr/share/doc/snort-2.9.11.1/README.dcerpc2 /usr/share/doc/snort-2.9.11.1/README.decode /usr/share/doc/snort-2.9.11.1/README.decoder_preproc_rules /usr/share/doc/snort-2.9.11.1/README.dnp3 /usr/share/doc/snort-2.9.11.1/README.dns /usr/share/doc/snort-2.9.11.1/README.event_queue /usr/share/doc/snort-2.9.11.1/README.file /usr/share/doc/snort-2.9.11.1/README.file_ips /usr/share/doc/snort-2.9.11.1/README.filters /usr/share/doc/snort-2.9.11.1/README.flowbits /usr/share/doc/snort-2.9.11.1/README.frag3 /usr/share/doc/snort-2.9.11.1/README.ftptelnet /usr/share/doc/snort-2.9.11.1/README.gre /usr/share/doc/snort-2.9.11.1/README.ha /usr/share/doc/snort-2.9.11.1/README.http_inspect /usr/share/doc/snort-2.9.11.1/README.imap /usr/share/doc/snort-2.9.11.1/README.ipip /usr/share/doc/snort-2.9.11.1/README.ipv6 /usr/share/doc/snort-2.9.11.1/README.modbus /usr/share/doc/snort-2.9.11.1/README.multipleconfigs /usr/share/doc/snort-2.9.11.1/README.normalize /usr/share/doc/snort-2.9.11.1/README.pcap_readmode /usr/share/doc/snort-2.9.11.1/README.pop /usr/share/doc/snort-2.9.11.1/README.ppm /usr/share/doc/snort-2.9.11.1/README.reload /usr/share/doc/snort-2.9.11.1/README.reputation /usr/share/doc/snort-2.9.11.1/README.sensitive_data /usr/share/doc/snort-2.9.11.1/README.sfportscan /usr/share/doc/snort-2.9.11.1/README.sip /usr/share/doc/snort-2.9.11.1/README.ssh /usr/share/doc/snort-2.9.11.1/README.ssl /usr/share/doc/snort-2.9.11.1/README.stream5 /usr/share/doc/snort-2.9.11.1/README.tag /usr/share/doc/snort-2.9.11.1/README.thresholding /usr/share/doc/snort-2.9.11.1/README.unified2 /usr/share/doc/snort-2.9.11.1/README.variables /usr/share/doc/snort-2.9.11.1/TODO /usr/share/doc/snort-2.9.11.1/USAGE /usr/share/doc/snort-2.9.11.1/WISHLIST /usr/share/doc/snort-2.9.11.1/generators /usr/share/doc/snort-2.9.11.1/snort_manual.pdf /usr/share/doc/snort-2.9.11.1/snort_manual.tex /usr/share/man/man8/snort.8.gz /var/log/snort # yum -y install https://www.snort.org/downloads/snort/snort-2.9.11.1-1.centos7.x86_64.rpm snort-2.9.11.1-1.centos7.x86_64.rpm | 4.4 MB 00:00:05 Examining /var/tmp/yum-root-qC0YMM/snort-2.9.11.1-1.centos7.x86_64.rpm: 1:snort-2.9.11.1-1.x86_64 Marking /var/tmp/yum-root-qC0YMM/snort-2.9.11.1-1.centos7.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package snort.x86_64 1:2.9.11.1-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: snort x86_64 1:2.9.11.1-1 /snort-2.9.11.1-1.centos7.x86_64 19 M Transaction Summary ==================================================================================================== Install 1 Package Total size: 19 M Installed size: 19 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 1:snort-2.9.11.1-1.x86_64 1/1 Verifying : 1:snort-2.9.11.1-1.x86_64 1/1 Installed: snort.x86_64 1:2.9.11.1-1 Complete! |
ルールにはCommunity rules, Registered rules, Subscriber ruleがあります。
snort.orgにユーザ登録するとRegistered rules(無償)、さらにSubscriber rule(有償)が利用できます。
今回はユーザ登録をしてRegistered rulesを利用してみます。
https://www.snort.org/users/sign_upにアクセスして登録します。
ちなみにPersonal(個人利用,教育目的)ライセンスは$29.99/Yearなので利用しやすいと思います。
もし、メーリングリスト購読にチェックが入っていると”Confirmation instructions”メールが登録メールアドレスに届きます。
文中の”Confirm my account”をクリックして確認します。
Registered rulesをダウンロードするにはOinkcodeが必要になります。
ログインしてOinkcodeを確認します。
サイトにログインしていればhttps://www.snort.org/downloads#rulesから最新のRegistered rulesがダウンロードできますが、wgetなどのコマンドではOinkcodeを付加してダウンロードします。
1 |
# wget https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=<oinkcode> -O snortrules-snapshot-29111.tar.gz |
ダウンロードしたsnortrules-snapshot-29111.tar.gzをツールフォルダ(/etc/snort/rules)に設置します。
1 2 3 4 5 6 7 |
# tar xvfz snortrules-snapshot-29111.tar.gz -C /etc/snort/rules/ # ls -l /etc/snort/rules/ drwxr-xr-x 2 1210 wheel 131 Apr 19 03:58 etc drwxr-xr-x 2 1210 wheel 78 Apr 19 03:59 preproc_rules drwxr-xr-x 2 1210 wheel 4096 Apr 19 03:59 rules drwxr-xr-x 4 1210 wheel 4096 Apr 19 04:13 so_rules # chown -R root:root /etc/snort/rules/ |
snort_dynamicrulesはどうも有償ライセンスでないと利用できない(?)ようなので無効にしています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# diff -up snort.conf.org snort.conf --- snort.conf.org 2018-04-19 10:54:21.139109487 +0900 +++ snort.conf 2018-04-19 11:45:06.336242869 +0900 @@ -42,7 +42,7 @@ ################################################### # Setup the network addresses you are protecting -ipvar HOME_NET any +ipvar HOME_NET 192.168.1.0/24 # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any @@ -101,17 +101,17 @@ ipvar AIM_SERVERS [64.12.24.0/23,64.12.2 # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules -var RULE_PATH /etc/snort/rules -var SO_RULE_PATH ../so_rules -var PREPROC_RULE_PATH ../preproc_rules +var RULE_PATH /etc/snort/rules/rules +var SO_RULE_PATH /etc/snort/rules/so_rules +var PREPROC_RULE_PATH /etc/snort/rules/preproc_rules # If you are using reputation preprocessor set these # Currently there is a bug with relative paths, they are relative to where snort is # not relative to snort.conf like the above variables # This is completely inconsistent with how other vars work, BUG 89986 # Set the absolute path appropriately -var WHITE_LIST_PATH ../rules -var BLACK_LIST_PATH ../rules +var WHITE_LIST_PATH /etc/snort/rules +var BLACK_LIST_PATH /etc/snort/rules ################################################### # Step #2: Configure the decoder. For more information, see README.decode @@ -250,7 +250,7 @@ dynamicpreprocessor directory /usr/lib64 dynamicengine /usr/lib64/snort-2.9.11.1_dynamicengine/libsf_engine.so # path to dynamic rules libraries -dynamicdetection directory /usr/local/lib/snort_dynamicrules +#dynamicdetection directory /usr/local/lib/snort_dynamicrules ################################################### # Step #5: Configure preprocessors @@ -543,7 +543,7 @@ include reference.config ################################################### # site specific rules -include $RULE_PATH/local.rules +include /etc/snort/rules/local.rules include $RULE_PATH/app-detect.rules include $RULE_PATH/attack-responses.rules |
local.rules, white_list.rules, black_list.rulesが無いとエラーになったので、取り敢えず空ファイルを作成します。
1 2 3 |
# touch /etc/snort/rules/local.rules # touch /etc/snort/rules/white_list.rules # touch /etc/snort/rules/black_list.rules |
起動すると下記のエラーが表示されました。
Apr 20 11:21:11 centos7 snortd: Starting snort: /usr/sbin/snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
Apr 20 11:21:11 centos7 snortd: [失敗]
1 |
# ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1 |
/etc/sysconfig/snortの監視インターフェイスを必要に応じて変更して下さい。
今回はVMwareに仮想マシンでのインストールなので変更しました。
1 2 3 4 |
# vi /etc/sysconfig/snort # cat /etc/sysconfig/snort #INTERFACE=eth0 INTERFACE=eno16777799 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# /etc/init.d/snortd start Starting snortd (via systemctl): [ OK ] # /etc/init.d/snortd status * snortd.service - SYSV: snort is a lightweight network intrusion detection tool that currently detects more than 1100 host and network vulnerabilities, portscans, backdoors, and more. Loaded: loaded (/etc/rc.d/init.d/snortd; bad; vendor preset: disabled) Active: active (running) since Sun 2018-04-20 11:49:14 JST; 5s ago Docs: man:systemd-sysv-generator(8) Process: 10883 ExecStop=/etc/rc.d/init.d/snortd stop (code=exited, status=0/SUCCESS) Process: 10957 ExecStart=/etc/rc.d/init.d/snortd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/snortd.service `-10994 /usr/sbin/snort -A fast -b -d -D -i eno16777799 -u snort -g snort -c /etc/snort/snort.conf... Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_REPUTATION Version... 1> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_POP Version 1.0 <... 1> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_MODBUS Version 1.1... 1> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_IMAP Version 1.0 ... 1> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_GTP Version 1.1 <... 1> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_FTPTELNET Version ...13> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_DNS Version 1.1 <... 4> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_DNP3 Version 1.1 ... 1> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Preprocessor Object: SF_DCERPC2 Version 1.... 3> Apr 20 11:49:14 centos7.rootlinks.net snort[10994]: Commencing packet processing (pid=10994) Hint: Some lines were ellipsized, use -l to show in full. # tail -27 /var/log/messages Apr 20 11:49:14 centos7 snort[10994]: --== Initialization Complete ==-- Apr 20 11:49:14 centos7 snort[10994]: Apr 20 11:49:14 centos7 snort[10994]: ,,_ -*> Snort! <*- Apr 20 11:49:14 centos7 snort[10994]: o" )~ Version 2.9.11.1 GRE (Build 268) Apr 20 11:49:14 centos7 snort[10994]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Apr 20 11:49:14 centos7 snort[10994]: Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. Apr 20 11:49:14 centos7 snort[10994]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Apr 20 11:49:14 centos7 snort[10994]: Using libpcap version 1.5.3 Apr 20 11:49:14 centos7 snort[10994]: Using PCRE version: 8.32 2012-11-30 Apr 20 11:49:14 centos7 snort[10994]: Using ZLIB version: 1.2.7 Apr 20 11:49:14 centos7 snort[10994]: Apr 20 11:49:14 centos7 snort[10994]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 3.0 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_SSH Version 1.1 <Build 3> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_POP Version 1.0 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_DNS Version 1.1 <Build 4> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Apr 20 11:49:14 centos7 snort[10994]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Apr 20 11:49:14 centos7 snort[10994]: Commencing packet processing (pid=10994) |
ログにはWARNINGが多数でていますが、どうにが起動までたどり着きました。