Difference between revisions of "Instalasi SNORT dan BASE"

From OnnoWiki
Jump to navigation Jump to search
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Download [[SNORT]] & [[SNORT RULES]] versi terakhir dari
+
* [[SNORT: Compile SNORT dan BASE]]
 
+
* [[SNORT: Install SNORT]]
http://www.snort.org/snort-downloads
+
* [[SNORT: Install SNORT untuk BARNYARD2]] '''RECOMMENDED'''
http://www.snort.org/dl/
 
http://www.snort.org/start/rules
 
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
 
http://base.secureideas.net/
 
 
 
==Siapkan Aplikasi Pendukung==
 
 
 
Siapkan [[software]] pendukung
 
 
 
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 
php5-gd php-image-graph php-image-canvas php-pear
 
 
 
Untuk [[Ubuntu]] 9.04 tampaknya menggunakan
 
 
 
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 
php5-gd php-pear
 
 
 
Untuk [[Ubuntu]] 10.04
 
 
 
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 
php5-gd php-pear apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \
 
mysql-client
 
 
 
 
 
pear install Numbers_Roman-1.0.2
 
pear install Numbers_Words-0.16.2
 
pear install Image_Canvas-0.3.2
 
pear install Image_Graph-0.7.2
 
 
 
 
 
<!--
 
Karena [[BASE]] menggunakan [[PHP4]], sebaiknya pakai yang mengenali [[PHP4]] dan [[PHP5]] seperti ini
 
 
 
cp adodb4992.tgz /var
 
cd /var
 
tar zxvf adodb4992.tgz
 
-->
 
 
 
Restart [[Server]]
 
 
 
/etc/init.d/apache2 restart
 
/etc/init.d/mysql restart
 
 
 
==Install [[snort]]==
 
 
 
Compile snort yang terbaru
 
 
 
cp -Rf snort-2.8.6.1.tar.gz /usr/local/src/
 
cd /usr/local/src
 
tar zxvf snort-2.8.6.1.tar.gz
 
 
 
cd /usr/local/src/snort-2.8.6.1
 
./configure --with-mysql
 
make
 
make install
 
 
 
groupadd snort
 
useradd -g snort snort
 
mkdir /etc/snort
 
mkdir /etc/snort/rules
 
mkdir /var/log/snort
 
 
 
Kadang kala kita masih kesulitan untuk menset parameter snort.conf agar bisa deteksi dengan baik.
 
Versi yang baru entah kenapa tidak terlalu tersambung ke database rules.
 
Mungkin sesudah compile snort yang baru akan agak aman kalau compile lagi yang lama.
 
 
 
cp -Rf snort-2.8.0.tar.gz /usr/local/src/
 
cd /usr/local/src
 
tar zxvf snort-2.8.0.tar.gz
 
 
 
cd /usr/local/src/snort-2.8.0
 
./configure --with-mysql
 
make
 
make install
 
 
 
groupadd snort
 
useradd -g snort snort
 
mkdir /etc/snort
 
mkdir /etc/snort/rules
 
mkdir /var/log/snort
 
 
 
==Instalasi Rules==
 
 
 
Ambil [[Snort Rules]] dari
 
 
 
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
 
 
 
Tampaknya alamat di atas sudah tidak valid lagi. Perlu di cari community rules snort yang bebas / gratis :( ..
 
Jika anda berhasil memperoleh community rules snort, lakukan copy [[Snort Rules]]
 
 
 
cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
 
cd /etc/snort
 
tar zxvf snortrules-snapshot-CURRENT.tar.gz
 
 
 
 
 
==Konfigurasi Snort==
 
 
 
Siapkan konfigurasi [[Snort]]
 
 
 
===Versi 2.8.0===
 
 
 
cp /usr/local/src/snort-2.8.0/etc/* /etc/snort
 
cd /etc/snort/
 
mkdir /etc/snort/preproc_rules
 
vi /etc/snort/snort.conf
 
 
 
===Versi 2.8.6.1===
 
 
 
cp /usr/local/src/snort-2.8.6.1/etc/* /etc/snort
 
cd /etc/snort/
 
mkdir /etc/snort/preproc_rules
 
vi /etc/snort/snort.conf
 
 
 
Ubah
 
 
 
var RULE_PATH ../rules                  var RULE_PATH /etc/snort/rules
 
var SO_RULE_PATH ../so_rules            var SO_RULE_PATH /etc/snort/so_rules
 
var PREPROC_RULE_PATH ../preproc_rules  var PREPROC_RULE_PATH /etc/snort/preproc_rules
 
output database: alert, mysql, user=snort password=snort dbname=snort host=localhost
 
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
 
output alert_unified: filename snort.alert, limit 128
 
output log_unified: filename snort.log, limit 128
 
 
 
Ujicoba jalankan [[snort]], karena [[Snort rules]] yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan
 
 
 
/usr/local/bin/snort -dev -c /etc/snort/snort.conf
 
 
 
Contoh error
 
 
 
Initializing rule chains...
 
ERROR: (/etc/snort/rules/web-misc.rules)'''98''' => Cannot use 'rawbytes' and  'http_uri' as modifiers for the same "content" nor use 'rawbytes' with  "uricontent".
 
Fatal Error, Quitting..
 
 
 
Artinya
 
 
 
* file /etc/snort/rules/web-misc.rules mengandung error pada line '''98'''
 
* edit file /etc/snort/rules/web-misc.rules dan buang line yang ada error-nya
 
 
 
sampai keluar error terakhir
 
 
 
ERROR: database: mysql_error: Access denied for user 'snort'@'localhost' (using password: YES)
 
Fatal Error, Quitting..
 
 
 
==Autoexec==
 
 
 
Siapkan snort di rc.local
 
 
 
# vi /etc/rc.local
 
 
 
masukan
 
 
 
/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D
 
 
 
==Siapkan Database==
 
 
 
Siapkan [[database]] [[MySQL]]
 
 
 
mysql
 
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
 
 
 
Selanjutnya dengan [[database]] [[MySQL]]
 
 
 
# mysql -u root -p
 
Enter password:
 
create database snort;
 
grant INSERT,SELECT on root.* to snort@localhost;
 
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
 
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
 
exit
 
 
 
 
 
Atau jika anda masih dalam tahap ujicoba bukan untuk operasional,
 
dengan asumsi root password 123456, username snort, password snort, database snort; dapat menggunakan perintah
 
 
 
# mysql -u root -p123456
 
create database snort;
 
grant ALL on root.* to snort@localhost;
 
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
 
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
 
exit
 
 
 
 
 
Siapkan tabel di [[database]] [[snort]]
 
 
 
# mysql -u root -p < /usr/local/src/snort-2.8.0/schemas/create_mysql snort
 
password:
 
 
 
Atau kalau sedang belajar dengan password root 123456 dapat menggunakan perintah
 
 
 
# mysql -u root -p123456 < /usr/local/src/snort-2.8.0/schemas/create_mysql snort
 
 
atau
 
 
 
# mysql -u root -p123456 < /usr/local/src/snort-2.8.6.1/schemas/create_mysql snort
 
 
 
Cek [[database]] [[snort]]
 
 
 
# mysql -p
 
Enter password:
 
show databases;
 
use snort
 
show tables;
 
exit
 
 
 
 
 
==Siapkan BASE==
 
 
 
Download dari
 
 
 
* http://base.secureideas.net/
 
* http://sourceforge.net/projects/secureideas/
 
 
 
Install [[BASE]] untuk versi 1.4.5
 
 
 
cp base-1.4.5.tar.gz /var/www/
 
cd /var/www
 
tar zxvf base-1.4.5.tar.gz
 
mv base-1.4.5 base
 
cd /var/www/base
 
cp base_conf.php.dist base_conf.php
 
 
 
 
 
 
 
Edit konfigurasi [[BASE]]
 
 
 
# vi base_conf.php
 
 
 
isi dengan
 
 
 
$BASE_urlpath = "/base";
 
$DBlib_path = "/usr/share/php/adodb/";
 
$DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
 
$DBtype = "mysql";
 
 
$alert_dbname  = 'snort';
 
$alert_host    = 'localhost';
 
$alert_port    = '';
 
$alert_user    = 'snort';
 
$alert_password = 'snort';
 
 
$archive_exists  = 0;
 
$archive_dbname  = 'snort';
 
$archive_host    = 'localhost';
 
$archive_port    = '';
 
$archive_user    = 'snort';
 
$archive_password = 'snort';
 
 
 
Beri ijin [[Apache]] [[Web Server]] mengakses folder [[BASE]]
 
 
 
# chown -Rf www-data.www-data /var/www/base
 
 
 
 
 
Akses [[Web]] [[SNORT]] & [[BASE]]
 
 
 
http://localhost/base
 
 
 
Setup page
 
CREATE BASE AG
 
Main page
 
  
 
==Bacaan==
 
==Bacaan==
  
* http://jogja.linux.or.id/berita/arsip/2010/01/14/kustomisasi-konfigurasi-ids-snort/
+
* http://willy.lecturer.maranatha.edu/?p=817
  
 
==Referensi==
 
==Referensi==
  
 +
* http://125.160.17.21/speedyorari/index.php?dir=snort/rules '''RULES JADOEL untuk Percobaan'''
 
* http://www.snort.org/snort-downloads
 
* http://www.snort.org/snort-downloads
 
* http://www.snort.org/dl/
 
* http://www.snort.org/dl/
Line 278: Line 17:
 
==Pranala Menarik==
 
==Pranala Menarik==
  
 +
* [[SNORT]]
 
* [[Linux Howto]]
 
* [[Linux Howto]]
  
 
[[Category: Linux]]
 
[[Category: Linux]]
 
[[Category: Network Security]]
 
[[Category: Network Security]]

Latest revision as of 05:36, 12 September 2015