iptables -N LIMIT
iptables -t filter -A INPUT -p tcp --syn -m limit --limit 10/m --limit-burst 10 -j LIMIT
nmap -n -r -sS -p 1-65535 218.224.254.10

yum -y install libdnet libnet-devel

https://inaba-serverdesign.jp/blog/20140131/snort_inline_ips.html
https://centossrv.com/snort.shtml
https://www.snort.org/

wget http://netfilter.org/projects/libnfnetlink/files/libnfnetlink-1.0.1.tar.bz2
tar jxvf libnfnetlink-1.0.1.tar.bz2
cd libnfnetlink-1.0.1/
export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig
./configure --libdir=/usr/local/lib64
make
make install

ls -l /usr/local/lib64/libnfnetlink*
ls -l /usr/local/include/libnfnetlink/

cd /usr/local/src/
wget http://netfilter.org/projects/libmnl/files/libmnl-1.0.3.tar.bz2
tar jxvf libmnl-1.0.3.tar.bz2
cd libmnl-1.0.3/
export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig
./configure --libdir=/usr/local/lib64
make
make install
 
ls -l /usr/local/lib64/libmnl*
  
cd /usr/local/src/
wget http://netfilter.org/projects/libnetfilter_queue/files/libnetfilter_queue-1.0.2.tar.bz2
tar jxvf libnetfilter_queue-1.0.2.tar.bz2
cd libnetfilter_queue-1.0.2/
./configure
 
make
make install
 
ls -l /usr/local/lib/libnetfilter_queue*

wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
wget https://www.snort.org/downloads/snort/snort-2.9.8.2.tar.gz
tar xvfz daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && sudo make install

tar xvfz snort-2.9.8.2.tar.gz
cd snort-2.9.8.2
./configure --enable-sourcefire && make && sudo make install

PC にて https://www.snort.org/ のダウンロードから snortrules-snapshot-XXXX.tar.gz (XXXX は最新の番号) をダウンロードし、サーバーにコピー

mkdir /etc/snort
cd /etc/snort/
tar zxvf /usr/local/src/snortrules-snapshot-2955.tar.gz
cp ./etc/* .
cp -Rf /usr/local/src/snort-2.9.8.2/etc/* .
rm /etc/snort/Makefile*
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules

PC で snortrules-snapshot-2982.tar.gz をダウンロードし、/usr/local/src にコピーしておく
(snort-2.9.8.2 なら 2982 という風にバージョンを合わせておく)

tar xzvf /usr/local/rrc/snortrules-snapshot-2982.tar.gz
mkdir /etc/snort
cd /etc/snort/
tar zxvf /usr/local/src/snortrules-snapshot-2955.tar.gz
cp ./etc/* .
cp /usr/local/src/snort-2.9.5.6/etc/* .
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules

mkdir /usr/local/lib/snort_dynamicrules
cp /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.8.2/* /usr/local/lib/snort_dynamicrules/

groupadd -g 444 snort
useradd snort -u 444 -d /var/log/snort -s /sbin/nologin -c ‘Snort User’ -g snort
chown -R snort.snort /etc/snort
chown -R snort.snort /var/log/snort

cp -p /etc/snort/snort.conf /etc/snort/snort.conf.default
vi /etc/snort/snort.conf

ipvar HOME_NET グローバルIPアドレス/32,ローカルIPアドレス/マスク(16 とか 24 とか)
ipvar EXTERNAL_NET !$HOME_NET
var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules

cd /usr/local/lib/
chown -R snort.snort snort* pkgconfig
chmod -R 700 snort* pkgconfig
ls -l | grep snort

cd /usr/local/bin/
chown snort.snort daq-modules-config u2*
chmod 700 daq-modules-config u2*

cd /usr/local/bin/
./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf

www.snort.org の Oinkcode はアカウントページにあります。
chkconfig snort on

cp -p /etc/snort/snort.conf /etc/snort/snort.conf.bak

sed -i ‘/^include $RULE_PATH/d’ /etc/snort/snort.conf
echo “include \$RULE_PATH/snort.rules” >> /etc/snort/snort.conf
echo “include \$RULE_PATH/local.rules” >> /etc/snort/snort.conf
echo “include \$RULE_PATH/so_rules.rules” >> /etc/snort/snort.conf

touch /etc/snort/rules/so_rules.rules /etc/snort/rules/snort.rules
chown snort.snort /etc/snort/rules/so_rules.rules /etc/snort/rules/snort.rules
chmod 700 /etc/snort/rules/so_rules.rules /etc/snort/rules/snort.rules

https://www.snort.org/reg-rules/snortrules-snapshot-2982.tar.gz.md5
wget http://www.snort.org/reg-rules/snortrules-snapshot-2982.tar.gz/acc315c3314e7bb0359ace13484449a6cf1fca93 -O snortrules-snapshot-2982.tar.gz
wget https://www.snort.org/reg-rules/snortrules-snapshot-2982.tar.gz.md5/acc315c3314e7bb0359ace13484449a6cf1fca93 -O snortrules-snapshot.md5-2982
wget http://www.snort.org/reg-rules/snortrules-snapshot-2982.tar.gz.md5/acc315c3314e7bb0359ace13484449a6cf1fca93 -O snortrules-snapshot.md5-2982
http://www.snort.org/reg-rules/snortrules-snapshot-2982.tar.gz.md5
http://www.snort.org/
https://www.snort.org/reg-rules/snortrules-snapshot-2982.tar.gz.md5