This is an old revision of the document!
pkg install snort apache22 mysql56-server mod_php5 phpMyAdmin base wget
Barnyard2 needs to be built from port to have mysql support
cd /usr/ports/security/barnyard2 make config (enable mysql) make install
#!/bin/sh cd /tmp wget --no-check-certificate https://www.snort.org/downloads/community/community-rules.tar.gz tar xzf community-rules.tar.gz -C /usr/local/etc/snort/rules/ rm community-rules.tar.gz wget --no-check-certificate https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz?oinkcode=068c4616106479c8d9a55d11fc5eff4c9fbaaf6d tar xzf snortrules-snapshot-2962.tar.gz?oinkcode=<Oinkcode from above> -C /usr/local/etc/snort/ rm snortrules-snapshot-2962.tar.gz?oinkcode=<Oinkcode from above> rm /usr/local/etc/snort/etc/snort.conf rm /usr/local/etc/snort/etc/threshold.conf cd /usr/local/etc/snort/etc mv * ../ rm -r /usr/local/etc/snort/etc
Edit /usr/local/etc/snort/snort.conf
... # Setup the network addresses you are protecting ipvar HOME_NET 10.1.0.22,192.168.111.0/24,127.0.0.1 # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET 209.81.120.225/27,216.189.128.9/30 ... # unified2 # Recommended for most installs output unified2: filename snort.log, limit 128, mpls_event_types, vlan_event_types ...