Installing Snort on CentOS7

yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump wget
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y libnghttp2 daq
yum -y install https://www.snort.org/downloads/snort/snort-2.9.13-1.centos7.x86_64.rpm
ldconfig; mkdir /usr/local/lib/snort_dynamicrules
chmod -R 5775 /etc/snort; chmod -R 5775 /var/log/snort; chmod -R 5775 /usr/local/lib/snort_dynamicrules
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules /etc/snort/rules/local.rules
wget https://www.snort.org/rules/snortrules-snapshot-29140.tar.gz?oinkcode=9e71199b974cd3ff84c0ae2482d97758eab55363 -O ~/registered.tar.gz
tar -xvf ~/registered.tar.gz -C /etc/snort
vi /etc/snort/snort.conf
# Setup the network addresses you are protecting
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
ipvar HOME_NET [172.20.0.0/20,172.20.16.0/23,172.20.32.0/20,192.168.20.0/24]
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
# unified2
# Recommended for most installs
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
vi /etc/sysconfig/snort
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
nmtui
nmcli
snort -T -c /etc/snort/snort.conf
systemctl enable snortd
systemctl start snortd
yum -y install setroubleshoot setools
sealert -a /var/log/audit/audit.log
ausearch -c 'snort' --raw | audit2allow -M my-snort
semodule -i my-snort.pp
systemctl stop snortd
systemctl start snortd
ps xa | grep snort