Difference between revisions of "Instalasi SNORT dan BASE"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (New page: # apt-get install libpcre3 libpcre3-dev libpcrecpp0 # apt-get install libpcap0.8 libpcap0.8-dev # apt-get install libmysqlclient15-dev # apt-get install libphp-adodb # apt-get install...) |
Onnowpurbo (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | Siapkan software pendukung | ||
| + | |||
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 | # apt-get install libpcre3 libpcre3-dev libpcrecpp0 | ||
# apt-get install libpcap0.8 libpcap0.8-dev | # apt-get install libpcap0.8 libpcap0.8-dev | ||
| Line 9: | Line 11: | ||
| − | + | Alternatif cara install adodb | |
# cp adodb494.tgz /var | # cp adodb494.tgz /var | ||
| Line 16: | Line 18: | ||
| − | + | Restart Server | |
# /etc/init.d/apache2 restart | # /etc/init.d/apache2 restart | ||
# /etc/init.d/mysql restart | # /etc/init.d/mysql restart | ||
| + | Install snort | ||
| Line 36: | Line 39: | ||
# mkdir /var/log/snort | # mkdir /var/log/snort | ||
| + | |||
| + | Copy Snort Rules | ||
# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/ | # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/ | ||
# cd /etc/snort | # cd /etc/snort | ||
# tar zxvf snortrules-snapshot-CURRENT.tar.gz | # tar zxvf snortrules-snapshot-CURRENT.tar.gz | ||
| + | |||
| + | |||
| + | Siapkan konfigurasi Snort | ||
# cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort | # cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort | ||
| Line 47: | Line 55: | ||
“var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules” | “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules” | ||
output database: log, mysql, user=snort password=snort dbname=snort host=localhost | output database: log, mysql, user=snort password=snort dbname=snort host=localhost | ||
| + | |||
| + | |||
| + | Siapkan snort di rc.local | ||
# vi /etc/rc.local | # vi /etc/rc.local | ||
| Line 53: | Line 64: | ||
| + | Siapkan database MySQL | ||
mysql | mysql | ||
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password'); | mysql> SET PASSWORD FOR root@localhost=PASSWORD('password'); | ||
| − | + | Selanjutnya dengan database MySQL | |
# mysql -u root -p | # mysql -u root -p | ||
| Line 69: | Line 81: | ||
| + | |||
| + | Siapkan tabel di database snort | ||
# mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort | # mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort | ||
password: | password: | ||
| + | |||
| + | |||
| + | Cek database snort | ||
# mysql -p | # mysql -p | ||
| Line 81: | Line 98: | ||
| + | Install BASE | ||
# cp base-1.3.5.tar.gz /var/www/ | # cp base-1.3.5.tar.gz /var/www/ | ||
| Line 88: | Line 106: | ||
# cd /var/www/base | # cd /var/www/base | ||
# cp base_conf.php.dist base_conf.php | # cp base_conf.php.dist base_conf.php | ||
| + | |||
| + | |||
| + | Edit konfigurasi BASE | ||
| + | |||
# vi base_conf.php | # vi base_conf.php | ||
$BASE_urlpath = "/base"; | $BASE_urlpath = "/base"; | ||
| Line 107: | Line 129: | ||
$archive_password = 'snort'; | $archive_password = 'snort'; | ||
| + | |||
| + | Beri ijin Apache Web Server mengakses folder BASE | ||
# chown -Rf www-data.www-data /var/www/base | # chown -Rf www-data.www-data /var/www/base | ||
| − | + | Akses Web SNORT & BASE | |
| − | Web | ||
http://localhost/base | http://localhost/base | ||
| Line 119: | Line 142: | ||
CREATE BASE AG | CREATE BASE AG | ||
Main page | Main page | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ==Pranala Menarik== | ||
| + | |||
| + | * [[Linux Howto]] | ||
Revision as of 12:56, 17 March 2008
Siapkan software pendukung
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 # apt-get install libpcap0.8 libpcap0.8-dev # apt-get install libmysqlclient15-dev # apt-get install libphp-adodb # apt-get install libgd2-xpm libgd2-xpm-dev # apt-get install php5-mysql # apt-get install php5-gd # apt-get install php-image-graph php-image-canvas php-pear
Alternatif cara install adodb
# cp adodb494.tgz /var # cd /var # tar zxvf adodb494.tgz
Restart Server
# /etc/init.d/apache2 restart # /etc/init.d/mysql restart
Install snort
# cp -Rf snort-2.6.1.4.tar.gz /usr/local/src/ # cd /usr/local/src # tar zxvf snort-2.6.1.4.tar.gz # cd snort-2.6.1.4 # ./configure --with-mysql # make # make install # groupadd snort # useradd -g snort snort # mkdir /etc/snort # mkdir /etc/snort/rules # mkdir /var/log/snort
Copy Snort Rules
# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/ # cd /etc/snort # tar zxvf snortrules-snapshot-CURRENT.tar.gz
Siapkan konfigurasi Snort
# cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort # cd /etc/snort/ # vi /etc/snort/snort.conf
“var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
Siapkan snort di rc.local
# vi /etc/rc.local
/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D
Siapkan database MySQL
mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
Selanjutnya dengan database MySQL
# mysql -u root -p
Enter password:
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort');
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
mysql> exit
Siapkan tabel di database snort
# mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort password:
Cek database snort
# mysql -p Enter password: mysql> show databases; mysql> use snort mysql> show tables; mysql> exit
Install BASE
# cp base-1.3.5.tar.gz /var/www/ # cd /var/www # tar zxvf base-1.3.5.tar.gz # mv base-1.3.5 base # cd /var/www/base # cp base_conf.php.dist base_conf.php
Edit konfigurasi BASE
# vi base_conf.php $BASE_urlpath = "/base"; $DBlib_path = "/usr/share/php/adodb/"; # $DBlib_path = "/var/adodb/"; $DBtype = "mysql";
$alert_dbname = 'snort'; $alert_host = 'localhost'; $alert_port = ; $alert_user = 'snort'; $alert_password = 'snort';
$archive_exists = 0; $archive_dbname = 'snort'; $archive_host = 'localhost'; $archive_port = ; $archive_user = 'snort'; $archive_password = 'snort';
Beri ijin Apache Web Server mengakses folder BASE
# chown -Rf www-data.www-data /var/www/base
Akses Web SNORT & BASE
http://localhost/base
Setup page CREATE BASE AG Main page