Note:- Make sure that you applied the tutorial in the post correctly
1. Install MySQL DB Environment
# /etc/init.d/mysqld start
# mysql -u root -P(password)
mysql> create database snort;
mysql> grant select,insert on root.* to snort@localhost;
mysql> set password for snort@localhost=password('123');
mysql> grant create,insert,select,delete,update on snort.* to snort@localhost;
mysql> grant create,insert,select,delete,update on snort.* to snort;
2. Import MySQL DB schema
# mysql -u root -p < /root/snort-install/snort-2.9.1/schemas/create_mysql snort
Note:- create_mysql will be found under snort source code directory in schema sub-directory
3. Setup Snort NIDS /etc/snort envirmonment
# mkdir /etc/snort && cp -a /root/snort-install/snort-2.9.1/etc/* /etc/snort/
4. Download the latest Snort rules and add it in /etc/snort/rules
# cd /etc/snort/ && tar -xzvf snortrules*
5. Configure /etc/snort/snort.conf to use MySQL and rules
# vim /etc/snort/snort.conf
ipvar HOME_NET 192.168.1.0/24
var RULE_PATH /etc/snort/rules
output database: log, mysql , user=<root> password=<123> dbname=<snort> host=<localhost>
6. Start Snort as NIDS mode
# snort -i eth0 -c /etc/snort/snort.conf
ERROR: parser.c(5260) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.
Fatal Error, Quitting..
# mkdir /usr/local/lib/snort_dynamicrules
ERROR: log_tcpdump: Failed to open log file "/var/log/snort/snort.log.1323643665": No such file or directory
Fatal Error, Quitting..
# mkdir /var/log/snort/
7. Setup BASE web analysis application
download adodb*.tgz and extract it in /var/www/html --> It provide connectivity for BASE and MySQL
# mv adodb5 adodb
download base form http://base.secureideas.net and extract it in /var/www/html/
# mv /var/www/html/base* /var/www/html/base && cd /var/www/html/base
# mv base_conf.php.dist base_conf.php
# vim base_conf.php
$BASE_urlpath = '/base';
$DBlib_path = '/var/www/html/adodb';
$DBtype = 'mysql';
$alert_dbname = 'snort';
$alert_host = 'localhost';
$alert_port = '';
$alert_user = 'snort';
$alert_password = '123';
# chown -R apache /var/www/html/base
OR
# mv /var/www/html/base/base_conf.php /var/www/html/base/base_conf.php.bak
Open your favorite web browser and go to: http://www.example.com/base/setup and follow the instructions
Note:- in /etc/php.ini modify the following variable
error_reporting = 'E_ALL & ~E_NOTICE'
This is a list of php packages I installed rpm -qa | grep php
php53-common-5.3.3-1.el5_7.3
php53-5.3.3-1.el5_7.3
php53-mysql-5.3.3-1.el5_7.3
php53-gd-5.3.3-1.el5_7.3
php53-cli-5.3.3-1.el5_7.3
php53-pdo-5.3.3-1.el5_7.3
php53-devel-5.3.3-1.el5_7.3
To make the Graph's from BASE work you will also need to install Image_Color, Image_Canvas and Image_Graph.
To do this do:
Note:- To install pear command for php53
# wget http://pear.php.net/go-pear.phar
# php go-pear.phar and press enter
pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha
To start SNORT and make BASE show you the Snort's logged info, you will need to run:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D
Note:- Make sure that php and php-mysql are installed otherwise BASE will not be able to connect to MySQL
1. Install MySQL DB Environment
# /etc/init.d/mysqld start
# mysql -u root -P(password)
mysql> create database snort;
mysql> grant select,insert on root.* to snort@localhost;
mysql> set password for snort@localhost=password('123');
mysql> grant create,insert,select,delete,update on snort.* to snort@localhost;
mysql> grant create,insert,select,delete,update on snort.* to snort;
2. Import MySQL DB schema
# mysql -u root -p < /root/snort-install/snort-2.9.1/schemas/create_mysql snort
Note:- create_mysql will be found under snort source code directory in schema sub-directory
3. Setup Snort NIDS /etc/snort envirmonment
# mkdir /etc/snort && cp -a /root/snort-install/snort-2.9.1/etc/* /etc/snort/
4. Download the latest Snort rules and add it in /etc/snort/rules
# cd /etc/snort/ && tar -xzvf snortrules*
5. Configure /etc/snort/snort.conf to use MySQL and rules
# vim /etc/snort/snort.conf
ipvar HOME_NET 192.168.1.0/24
var RULE_PATH /etc/snort/rules
output database: log, mysql , user=<root> password=<123> dbname=<snort> host=<localhost>
6. Start Snort as NIDS mode
# snort -i eth0 -c /etc/snort/snort.conf
ERROR: parser.c(5260) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or directory.
Fatal Error, Quitting..
# mkdir /usr/local/lib/snort_dynamicrules
ERROR: log_tcpdump: Failed to open log file "/var/log/snort/snort.log.1323643665": No such file or directory
Fatal Error, Quitting..
# mkdir /var/log/snort/
7. Setup BASE web analysis application
download adodb*.tgz and extract it in /var/www/html --> It provide connectivity for BASE and MySQL
# mv adodb5 adodb
download base form http://base.secureideas.net and extract it in /var/www/html/
# mv /var/www/html/base* /var/www/html/base && cd /var/www/html/base
# mv base_conf.php.dist base_conf.php
# vim base_conf.php
$BASE_urlpath = '/base';
$DBlib_path = '/var/www/html/adodb';
$DBtype = 'mysql';
$alert_dbname = 'snort';
$alert_host = 'localhost';
$alert_port = '';
$alert_user = 'snort';
$alert_password = '123';
# chown -R apache /var/www/html/base
OR
# mv /var/www/html/base/base_conf.php /var/www/html/base/base_conf.php.bak
Open your favorite web browser and go to: http://www.example.com/base/setup and follow the instructions
Note:- in /etc/php.ini modify the following variable
error_reporting = 'E_ALL & ~E_NOTICE'
This is a list of php packages I installed rpm -qa | grep php
php53-common-5.3.3-1.el5_7.3
php53-5.3.3-1.el5_7.3
php53-mysql-5.3.3-1.el5_7.3
php53-gd-5.3.3-1.el5_7.3
php53-cli-5.3.3-1.el5_7.3
php53-pdo-5.3.3-1.el5_7.3
php53-devel-5.3.3-1.el5_7.3
To make the Graph's from BASE work you will also need to install Image_Color, Image_Canvas and Image_Graph.
To do this do:
Note:- To install pear command for php53
# wget http://pear.php.net/go-pear.phar
# php go-pear.phar and press enter
pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha
To start SNORT and make BASE show you the Snort's logged info, you will need to run:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D
Note:- Make sure that php and php-mysql are installed otherwise BASE will not be able to connect to MySQL
No comments:
Post a Comment