Installing Snare Using Custom Configuration

Owned by Svetlana Sheptiy
Last updated: Oct 13, 2022
1 min read

Snare for Linux comes with a default configuration which can be modified using its Web GUI. The Snare agent's configuration is stored in the file /etc/audit/snare.conf. As the agent's configuration is fine-tuned using the Web GUI, the snare.conf file gets updated. Once you have fine-tuned the configuration of an agent, you may want to use the same configuration across multiple machines. This can be achieved by installing Snare for Linux using the resulting snare.conf file. All the Snare agents, installed using the same snare.conf, will have the same configuration. How to install Snare for Linux  using a custom snare.conf  is described below.

To install the Snare for Linux binary RPM package using custom configuration (snare.conf):

  1. Put the custom snare.conf file in /etc/audit/ folder

  2. Download the required RPM.

  3. Logon as root user, i.e. at the command prompt enter the command /bin/su and enter the root password when prompted. Issue the command, as root as per your distribution:
    # rpm -Uvh filename.rpm

    For example,  
    # rpm -Uvh Snare-RHEL-8-Agent-v5.6.1-1-x64.rpm

  4. This will install Snare for Linux with the custom configuration and restart the audit daemon (auditd).


To install the Snare for Linux binary DEB package using custom configuration (snare.conf):

  1. Put the custom snare.conf file in /etc/audit/ folder

  2. Download the required DEB.

  3. Logon as root user, i.e. at the command prompt enter the command /bin/su and enter the root password when prompted. Issue the command, as root as per your distribution:
    > dpkg -i filename.deb

    For example,  
    > dpkg -i Snare-Ubuntu-20-Agent-v5.6.1-1-x64.deb

  4. This will install Snare for Linux with the custom configuration and restart the audit daemon (auditd).