Previous Section  < Day Day Up >  Next Section

11.2 SnortCenter Agent Installation

The SnortCenter agent is installed on the Snort sensor system itself. It watches Snort and reports back to the SnortCenter console system. It also accepts instructions from the SnortCenter console and makes appropriate changes to the Snort configuration. The installation is fairly uncomplicated. The agent will have to be installed on all sensors that you want to manage with SnortCenter. Snort should be installed and configured before the SnortCenter agent.

11.2.1 Prerequisites

Here are the SnortCenter agent prerequisites:


Perl5

Most systems have Perl installed. If you need to install Perl, you can find it at http://www.perl.com or in your package management system.


OpenSSL library

Most Unix-based systems these days have OpenSSL installed. It is necessary for SSH support. If you do not have it installed, it can be found at http://www.openssl.org.


Net::SSLeay Perl Module

If you are using SSL to secure the communication between the agent and the console (strenuously recommended!), you will need this library. It can be found at http://symlabs.com/Net_SSLeay/.

11.2.2 Installing the Agent

Download the latest agent (snortcenter-agent-v1.0-RC1.tar.gz) from:

http://users.pandora.be/larc/download/

Then install the agent using the following command line:

# mkdir /usr/local/src/snortcenter_agent

# cp snortcenter-agent-v1.0-RC1.tar.gz /usr/local/sec/snortcenter_agent/.

# cd /usr/local/src/snortcenter_agent

# tar -zxvf snortcenter-agent-v1.0-RC1.tar.gz

# cd sensor

# ./setup.sh

The script will ask you several questions; for most, you can accept the default response. You will need to provide:

  • A location to store the config file for the agent (built by the script)

  • A location for the agent logfiles

  • The location of Perl

  • The location of the Snort binary

  • What operating system and version you are running

  • What port you want the agent to listen on

  • The IP address it should use

  • The authentication information for the agent

Once the information has been gathered, the agent is installed. It will then ask if you want the agent to start automatically. The remote portion of the sensor setup should be complete. If you have made any errors during the configuration, stop any running sensor processes, uninstall, and run the setup script again.

    Previous Section  < Day Day Up >  Next Section