SNORT: Instalasi SNORT, barnyard2 & snorby GUI

Disini kita akan mencoba menginstalasi dan mengkonfigurasi Snorby sebagai front-end Snort IDS. Sebelum melakukan ini sebaiknya snort sudah di instalasi dan di konfifurasi terlebih dulu.

In this guide, I’ll go through installation and Configuration of Snorby as a front-end of Snort IDS. Before this, Snort must be installed and configured. If that’s not done yet, please follow following link:

– Install and Configure Snort HIDS with Barnyard2, Base & MySQL on Ubuntu

– Installing Snort Sensor on Windows Host with Remote Snort +MySQL using WinIDS

Let us start installation of Snorby, first Pre-requisites:

Prerequisites:

Update OS First:

1. apt-get update
2. apt-get upgrade

Installing Required Pre-Requisites:

1. apt-get install mysql-server apache2 libyaml-dev git-core default-jre imagemagick libmagickwand-dev wkhtmltopdf gcc g++ build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev apache2-prefork-dev libcurl4-openssl-dev -y

Install Ruby & Its addons:

1. apt-get install ruby1.9.3 ruby-text-format
2. gem install bundler
3. gem install rails
4. gem install rake –version=0.9.2

Install Snorby:

1. cd /var/www/
2. git clone http://github.com/Snorby/snorby.git
3. cd /var/www/snorby/config/
4. cp database.yml.example database.yml
5. cp snorby_config.yml.example snorby_config.yml
6. sed -i s/”\/usr\/local\/bin\/wkhtmltopdf”/”\/usr\/bin\/wkhtmltopdf”/g /var/www/snorby/config/snorby_config.yml

Configure snorby database username and password:

1. vim /var/www/snorby/cofig/database.yml

Edit the settings to match your MySQL installation, in my network, it is given below as an example:

4 - SnorbyConfig

1. cd /var/www/snorby/
2. bundle install –deployment
3. rake snorby:setup

Setup Apache:

Setup Apache to work with Snorby. First we need to install required module of Apache:

1. gem install passenger
2. passenger-install-apache2-module

5 - InstallPessenger

6 - InstallPessengerApache2Module

Copy the lines provided at the end of the installation script in Apache config file.

1. vim /etc/apache2/apache2.conf

The lines should look something like this at the end of the file

1. Include of directories ignores editors’ and dpkg’s backup files,
2. see README.Debian for details.

LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-3.0.18/ext/apache2/mod_passenger.so PassengerRoot /var/lib/gems/1.9.1/gems/passenger-3.0.18 PassengerRuby /usr/bin/ruby1.9.1

1. Include generic snippets of statements

Include conf.d/

1. Include the virtual host configurations:

Include sites-enabled/

Now add the website as follows:

1. vim /etc/apache2/sites-available/snorby

Add the following lines (change the ServerAdmin and Servername to something of your choice):

<VirtualHost *:80> ServerAdmin snorby@localhost ServerName snorby.localnet DocumentRoot /var/www/snorby/public

<Directory “/var/www/snorby/public”> AllowOverride all Order deny,allow Allow from all Options -MultiViews </Directory> </VirtualHost>

7 - ApacheConfigSnorby

Enable the new website and disable the default site:

1. a2dissite default
2. a2ensite snorby
3. service apache2 reload

Browse to the new website at: http://snorby.localnet (in my example) and login with the following default credentials:

Note: For this, we need to add DNS host entry to either DNS Server (if have access to), or else to hosts file. Credentials:

Username: snorby@snorby.org Password: snorby

You should see a page that looks something like this:

Referensi

• http://blog.muhammadattique.com/installing-snorby-on-ubuntu-for-snort-with-barnyard2/