Difference between revisions of "Instalasi SNORT dan BASE"

From OnnoWiki
Jump to navigation Jump to search
(New page: # apt-get install libpcre3 libpcre3-dev libpcrecpp0 # apt-get install libpcap0.8 libpcap0.8-dev # apt-get install libmysqlclient15-dev # apt-get install libphp-adodb # apt-get install...)
 
Line 1: Line 1:
 +
Siapkan software pendukung
 +
 
  # apt-get install libpcre3 libpcre3-dev libpcrecpp0
 
  # apt-get install libpcre3 libpcre3-dev libpcrecpp0
 
  # apt-get install libpcap0.8 libpcap0.8-dev
 
  # apt-get install libpcap0.8 libpcap0.8-dev
Line 9: Line 11:
  
  
alternative install adodb
+
Alternatif cara install adodb
  
 
  # cp adodb494.tgz /var
 
  # cp adodb494.tgz /var
Line 16: Line 18:
  
  
 
+
Restart Server
  
 
  # /etc/init.d/apache2 restart
 
  # /etc/init.d/apache2 restart
 
  # /etc/init.d/mysql restart
 
  # /etc/init.d/mysql restart
  
 +
Install snort
  
  
Line 36: Line 39:
 
  # mkdir /var/log/snort
 
  # mkdir /var/log/snort
  
 +
 +
Copy Snort Rules
  
 
  # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
 
  # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
 
  # cd /etc/snort
 
  # cd /etc/snort
 
  # tar zxvf snortrules-snapshot-CURRENT.tar.gz
 
  # tar zxvf snortrules-snapshot-CURRENT.tar.gz
 +
 +
 +
Siapkan konfigurasi Snort
  
 
  # cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort
 
  # cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort
Line 47: Line 55:
 
         “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
 
         “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
 
         output database: log, mysql, user=snort password=snort dbname=snort host=localhost
 
         output database: log, mysql, user=snort password=snort dbname=snort host=localhost
 +
 +
 +
Siapkan snort di rc.local
  
 
  # vi /etc/rc.local
 
  # vi /etc/rc.local
Line 53: Line 64:
  
  
 +
Siapkan database MySQL
  
 
  mysql
 
  mysql
 
  mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
 
  mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
  
alternatively
+
Selanjutnya dengan database MySQL
  
 
  # mysql -u root -p
 
  # mysql -u root -p
Line 69: Line 81:
  
  
 +
 +
Siapkan tabel di database snort
  
 
  # mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort
 
  # mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort
 
  password:
 
  password:
 +
 +
 +
Cek database snort
  
 
  # mysql -p
 
  # mysql -p
Line 81: Line 98:
  
  
 +
Install BASE
  
 
  # cp base-1.3.5.tar.gz /var/www/
 
  # cp base-1.3.5.tar.gz /var/www/
Line 88: Line 106:
 
  # cd /var/www/base
 
  # cd /var/www/base
 
  # cp base_conf.php.dist base_conf.php
 
  # cp base_conf.php.dist base_conf.php
 +
 +
 +
Edit konfigurasi BASE
 +
 
  # vi base_conf.php
 
  # vi base_conf.php
 
  $BASE_urlpath = "/base";
 
  $BASE_urlpath = "/base";
Line 107: Line 129:
 
  $archive_password = 'snort';
 
  $archive_password = 'snort';
  
 +
 +
Beri ijin Apache Web Server mengakses folder BASE
  
 
  # chown -Rf www-data.www-data /var/www/base
 
  # chown -Rf www-data.www-data /var/www/base
  
  
 
+
Akses Web SNORT & BASE
Web Access
 
  
 
  http://localhost/base
 
  http://localhost/base
Line 119: Line 142:
 
  CREATE BASE AG
 
  CREATE BASE AG
 
  Main page
 
  Main page
 +
 +
 +
 +
 +
==Pranala Menarik==
 +
 +
* [[Linux Howto]]

Revision as of 12:56, 17 March 2008

Siapkan software pendukung

# apt-get install libpcre3 libpcre3-dev libpcrecpp0
# apt-get install libpcap0.8 libpcap0.8-dev
# apt-get install libmysqlclient15-dev
# apt-get install libphp-adodb
# apt-get install libgd2-xpm libgd2-xpm-dev
# apt-get install php5-mysql
# apt-get install php5-gd
# apt-get install php-image-graph php-image-canvas php-pear


Alternatif cara install adodb

# cp adodb494.tgz /var
# cd /var
# tar zxvf adodb494.tgz


Restart Server

# /etc/init.d/apache2 restart
# /etc/init.d/mysql restart

Install snort


# cp -Rf snort-2.6.1.4.tar.gz /usr/local/src/
# cd /usr/local/src
# tar zxvf snort-2.6.1.4.tar.gz
# cd snort-2.6.1.4
# ./configure --with-mysql
# make
# make install
# groupadd snort
# useradd -g snort snort
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort


Copy Snort Rules

# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
# cd /etc/snort
# tar zxvf snortrules-snapshot-CURRENT.tar.gz


Siapkan konfigurasi Snort

# cp /usr/local/src/snort-2.6.1.4/etc/* /etc/snort
# cd /etc/snort/
# vi /etc/snort/snort.conf
       “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
        output database: log, mysql, user=snort password=snort dbname=snort host=localhost


Siapkan snort di rc.local

# vi /etc/rc.local
        /usr/local/bin/snort -dev -c /etc/snort/snort.conf -D


Siapkan database MySQL

mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');

Selanjutnya dengan database MySQL

# mysql -u root -p
Enter password:
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('snort');
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
mysql> exit


Siapkan tabel di database snort

# mysql -u root -p < /usr/local/src/snort-2.6.1.4/schemas/create_mysql snort
password:


Cek database snort

# mysql -p
Enter password: 
mysql> show databases;
mysql> use snort
mysql> show tables;
mysql> exit


Install BASE

# cp base-1.3.5.tar.gz /var/www/
# cd /var/www
# tar zxvf base-1.3.5.tar.gz
# mv base-1.3.5 base
# cd /var/www/base
# cp base_conf.php.dist base_conf.php


Edit konfigurasi BASE

# vi base_conf.php
	$BASE_urlpath = "/base";
	$DBlib_path = "/usr/share/php/adodb/";
	# $DBlib_path = "/var/adodb/";
	$DBtype = "mysql"; 
	$alert_dbname   = 'snort';
	$alert_host     = 'localhost';
	$alert_port     = ;
	$alert_user     = 'snort';
	$alert_password = 'snort'; 
	$archive_exists   = 0;
	$archive_dbname   = 'snort';
	$archive_host     = 'localhost';
	$archive_port     = ;
 	$archive_user     = 'snort';
	$archive_password = 'snort';


Beri ijin Apache Web Server mengakses folder BASE

# chown -Rf www-data.www-data /var/www/base


Akses Web SNORT & BASE

http://localhost/base
		Setup page
		CREATE BASE AG
		Main page



Pranala Menarik