Difference between revisions of "Instalasi SNORT dan BASE"

Download SNORT & SNORT RULES versi terakhir dari

http://www.snort.org/dl/
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz

Siapkan software pendukung

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-image-graph php-image-canvas php-pear

Alternatif cara install adodb

# cp adodb494.tgz /var
# cd /var
# tar zxvf adodb494.tgz

Restart Server

# /etc/init.d/apache2 restart
# /etc/init.d/mysql restart

Install snort

# cp -Rf snort-2.8.4.beta.tar.gz /usr/local/src/
# cd /usr/local/src
# tar zxvf snort-2.8.4.beta.tar.gz
# cd snort-2.8.4.beta
# ./configure --with-mysql
# make
# make install
# groupadd snort
# useradd -g snort snort
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort

Copy Snort Rules

# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
# cd /etc/snort
# tar zxvf snortrules-snapshot-CURRENT.tar.gz

Siapkan konfigurasi Snort

# cp /usr/local/src/snort-2.8.4.beta/etc/* /etc/snort
# cd /etc/snort/
# vi /etc/snort/snort.conf

       “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
       "var PREPROC_RULE_PATH ../preproc_rules" -> "var PREPROC_RULE_PATH /etc/snort/preproc_rules"
        output database: log, mysql, user=snort password=snort dbname=snort host=localhost

Siapkan snort di rc.local

# vi /etc/rc.local
        /usr/local/bin/snort -dev -c /etc/snort/snort.conf -D

Siapkan database MySQL

mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');

Selanjutnya dengan database MySQL

# mysql -u root -p
Enter password:
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
mysql> exit

Siapkan tabel di database snort

# mysql -u root -p < /usr/local/src/snort-2.8.4.beta/schemas/create_mysql snort
password:

Cek database snort

# mysql -p
Enter password: 
mysql> show databases;
mysql> use snort
mysql> show tables;
mysql> exit

Install BASE

# cp base-1.3.9.tar.gz /var/www/
# cd /var/www
# tar zxvf base-1.3.9.tar.gz
# mv base-1.3.9 base
# cd /var/www/base
# cp base_conf.php.dist base_conf.php

Edit konfigurasi BASE

# vi base_conf.php
	$BASE_urlpath = "/base";
	$DBlib_path = "/usr/share/php/adodb/";
	# $DBlib_path = "/var/adodb/";
	$DBtype = "mysql"; 

	$alert_dbname   = 'snort';
	$alert_host     = 'localhost';
	$alert_port     = ;
	$alert_user     = 'snort';
	$alert_password = 'snort'; 

	$archive_exists   = 0;
	$archive_dbname   = 'snort';
	$archive_host     = 'localhost';
	$archive_port     = ;
 	$archive_user     = 'snort';
	$archive_password = 'snort';

Beri ijin Apache Web Server mengakses folder BASE

# chown -Rf www-data.www-data /var/www/base

Akses Web SNORT & BASE

http://localhost/base

		Setup page
		CREATE BASE AG
		Main page

Pranala Menarik

• Linux Howto