Full Autosnort - Automated Snort IDS deployment tool for Kali Linux

[da_667]

Greetings Kali Users,

I wanted to stop in and announce a tool I've been working on for a little while and finally completed called Autosnort. If some of you in the infosec on twitter know me, I'm a packet analysis guy, and most of my background is in IDS, particularly snort. You may already be familiar with the project, but keep reading anyhow.

For those of you who have no idea what I'm talking about, I created a collection of relatively simple Linux shell (BASH) scripts designed to handle the heavy lifting involved in putting a stand-alone snort sensor together. In a nutshell Autosnort does the following:

-Installs system updates and pre-requisite packages required for compiling and running snort
-Pulls latest version of snort and DAQ (data acquisition libs) from snort.org and libdnet (required library for snort) from google code then compiles and installs each of them and configures snort properly (e.g. to the libraries it needs, rule files, config files, unifed2 output, etc.)
-Installs pulled pork (a rule management script by JJ Cummings), and uses to set up a "Security over Connectivity" rule installation.
-Pulls barnyard2 via git and handles installation compiling and configuration
-Supports installation of the following IDS consoles/output types:
--Symmetrix Technologies' Snort Report Web Console
--BASE Web Console
--Tactical Flex's Aanval Web Console
--Snorby Web console
--output of syslog_full messages to a syslog server or SIEM
--remote database connectivity (e.g. supports logging to a centralized IDS console and database)
--no interface at all

I made these scripts for a few different versions of Linux -- CentOS/RHEL, Ubuntu, Debian and now Kali, but this Kali Linux version has something pretty cool that the others do not (not yet anyhow): Full Automation. Autosnort for Kali is 100% driven by a configuration file. No prompts for passwords, installation, anything. Just fill out the (very meticulously commented) configuration file and execute the script and before you know it, you'll have the latest version of snort ready for install.

Some of you may ask why I decided to do this. Well first is that Kali doesn't come with snort pre-installed like they did with Backtrack what seems like so many years ago. "Not a big deal. It's available in the repos." You respond. And right you are, but what version is available in the repos? 2.9.2.2; same as what's available in the Debian repos which, by the way was EOL'd nearly 2 years ago (http://blog.snort.org/2012/08/snort-...d-of-life.html). You're missing out on new rules, new functionality updates, new everything by just installing what's in the repos.

I could put in a request to the developers to install snort by default and install the currently latest version, but by the time they get through what I assume is a very busy development and/or ticket queue and actually do get to my request, a newer version will be made available with other bug fixes and features. This tool gives power to Kali's user community to download and install the latest and greatest on their own.

If you're interested and want to use Autosnort, check out the git repo: https://github.com/da667/Autosnort Problems? Bugs? Issues? Feature Requests? My contact information is all over the repo.

Thanks for your time,

da_667

p.s. Kali Linux forum moderators: I wasn't sure if this was considered something to go under General Use or Development; even after reading the stickies. If this is in the wrong place or against forum guidelines, apologies in advance.