Difference between revisions of "Instalasi SNORT dan BASE"

From OnnoWiki
Jump to navigation Jump to search
Line 32: Line 32:
  
  
  # cp -Rf snort-2.8.4.1.tar.gz /usr/local/src/
+
  cp -Rf snort-2.8.5.1.tar.gz /usr/local/src/
  # cd /usr/local/src
+
  cd /usr/local/src
  # tar zxvf snort-2.8.4.1.tar.gz
+
  tar zxvf snort-2.8.5.1.tar.gz
  # cd snort-2.8.4.1
+
 
  # ./configure --with-mysql
+
  cd snort-2.8.5.1
  # make
+
  ./configure --with-mysql
  # make install
+
  make
  # groupadd snort
+
  make install
  # useradd -g snort snort
+
 
  # mkdir /etc/snort
+
  groupadd snort
  # mkdir /etc/snort/rules
+
  useradd -g snort snort
  # mkdir /var/log/snort
+
  mkdir /etc/snort
 +
  mkdir /etc/snort/rules
 +
  mkdir /var/log/snort
  
  
Line 50: Line 52:
 
  http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
 
  http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
  
Copy [[Snort Rules]]
+
Tampaknya alamat di atas sudah tidak valid lagi. Perlu di cari community rules snort yang bebas / gratis :( ..
 +
Jika anda berhasil memperoleh community rules snort, lakukan copy [[Snort Rules]]
  
  # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
+
  cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
  # cd /etc/snort
+
  cd /etc/snort
  # tar zxvf snortrules-snapshot-CURRENT.tar.gz
+
  tar zxvf snortrules-snapshot-CURRENT.tar.gz
  
  
 
Siapkan konfigurasi [[Snort]]
 
Siapkan konfigurasi [[Snort]]
  
  # cp /usr/local/src/snort-2.8.4.1/etc/* /etc/snort
+
  cp /usr/local/src/snort-2.8.5.1/etc/* /etc/snort
  # cd /etc/snort/
+
  cd /etc/snort/
  # mkdir /etc/snort/preproc_rules
+
  mkdir /etc/snort/preproc_rules
  # vi /etc/snort/snort.conf
+
  vi /etc/snort/snort.conf
  
 
         “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
 
         “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
Line 106: Line 109:
 
  # mysql -u root -p
 
  # mysql -u root -p
 
  Enter password:
 
  Enter password:
  mysql> create database snort;
+
  create database snort;
  mysql> grant INSERT,SELECT on root.* to snort@localhost;
+
  grant INSERT,SELECT on root.* to snort@localhost;
  mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
+
  grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
  mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
+
  grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
  mysql> exit
+
  exit
 +
 
  
 +
Atau jika anda masih dalam tahap ujicoba bukan untuk operasional,
 +
dengan asumsi username snort, password snort, database snort; dapat menggunakan perintah
 +
 +
# mysql -u root -p
 +
Enter password:
 +
create database snort;
 +
grant ALL on root.* to snort@localhost;
 +
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
 +
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
 +
exit
  
  
 
Siapkan tabel di [[database]] [[snort]]
 
Siapkan tabel di [[database]] [[snort]]
  
  # mysql -u root -p < /usr/local/src/snort-2.8.4.1/schemas/create_mysql snort
+
  # mysql -u root -p < /usr/local/src/snort-2.8.5.1/schemas/create_mysql snort
 
  password:
 
  password:
  
Line 132: Line 146:
 
Entah kenapa [[BASE]] versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.
 
Entah kenapa [[BASE]] versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.
  
Install [[BASE]]
+
Install [[BASE]] untuk versi 1.3.9
 +
 
 +
cp base-1.3.9.tar.gz /var/www/
 +
cd /var/www
 +
tar zxvf base-1.3.9.tar.gz
 +
mv base-1.3.9 base
 +
cd /var/www/base
 +
cp base_conf.php.dist base_conf.php
 +
 
 +
 
 +
Install [[BASE]] untuk versi 1.4.4
 +
 
 +
cp base-1.4.4.tar.gz /var/www/
 +
cd /var/www
 +
tar zxvf base-1.4.4.tar.gz
 +
mv base-1.4.4 base
 +
cd /var/www/base
 +
cp base_conf.php.dist base_conf.php
  
# cp base-1.3.9.tar.gz /var/www/
 
# cd /var/www
 
# tar zxvf base-1.3.9.tar.gz
 
# mv base-1.3.9 base
 
# cd /var/www/base
 
# cp base_conf.php.dist base_conf.php
 
  
  

Revision as of 13:55, 30 October 2009

Download SNORT & SNORT RULES versi terakhir dari

http://www.snort.org/dl/
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz


Siapkan software pendukung

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-image-graph php-image-canvas php-pear

Untuk Ubuntu 9.04 tampaknya menggunakan

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear

Karena BASE menggunakan PHP4, sebaiknya pakai yang mengenali PHP4 dan PHP5 seperti ini

# cp adodb4991.tgz /var
# cd /var
# tar zxvf adodb4991.tgz


Restart Server

# /etc/init.d/apache2 restart
# /etc/init.d/mysql restart

Install snort


cp -Rf snort-2.8.5.1.tar.gz /usr/local/src/
cd /usr/local/src
tar zxvf snort-2.8.5.1.tar.gz
cd snort-2.8.5.1
./configure --with-mysql
make
make install
groupadd snort
useradd -g snort snort
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort


Ambil Snort Rules dari

http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz

Tampaknya alamat di atas sudah tidak valid lagi. Perlu di cari community rules snort yang bebas / gratis :( .. Jika anda berhasil memperoleh community rules snort, lakukan copy Snort Rules

cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
cd /etc/snort
tar zxvf snortrules-snapshot-CURRENT.tar.gz


Siapkan konfigurasi Snort

cp /usr/local/src/snort-2.8.5.1/etc/* /etc/snort
cd /etc/snort/
mkdir /etc/snort/preproc_rules
vi /etc/snort/snort.conf
       “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
       "var PREPROC_RULE_PATH ../preproc_rules" -> "var PREPROC_RULE_PATH /etc/snort/preproc_rules"
        output database: log, mysql, user=snort password=snort dbname=snort host=localhost


Ujicoba jalankan snort, karena Snort rules yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan

# /usr/local/bin/snort -dev -c /etc/snort/snort.conf


Contoh error

Initializing rule chains...
ERROR: (/etc/snort/rules/web-misc.rules)98 => Cannot use 'rawbytes' and  'http_uri' as modifiers for the same "content" nor use 'rawbytes' with   "uricontent".
Fatal Error, Quitting..


Artinya

  • file /etc/snort/rules/web-misc.rules mengandung error pada line 98
  • edit file /etc/snort/rules/web-misc.rules dan buang line yang ada error-nya


Siapkan snort di rc.local

# vi /etc/rc.local

masukan

/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D


Siapkan database MySQL

mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');

Selanjutnya dengan database MySQL

# mysql -u root -p
Enter password:
create database snort;
grant INSERT,SELECT on root.* to snort@localhost;
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
exit


Atau jika anda masih dalam tahap ujicoba bukan untuk operasional, dengan asumsi username snort, password snort, database snort; dapat menggunakan perintah

# mysql -u root -p
Enter password:
create database snort;
grant ALL on root.* to snort@localhost;
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
exit


Siapkan tabel di database snort

# mysql -u root -p < /usr/local/src/snort-2.8.5.1/schemas/create_mysql snort
password:


Cek database snort

# mysql -p
Enter password: 
mysql> show databases;
mysql> use snort
mysql> show tables;
mysql> exit


Entah kenapa BASE versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.

Install BASE untuk versi 1.3.9

cp base-1.3.9.tar.gz /var/www/
cd /var/www
tar zxvf base-1.3.9.tar.gz
mv base-1.3.9 base
cd /var/www/base
cp base_conf.php.dist base_conf.php


Install BASE untuk versi 1.4.4

cp base-1.4.4.tar.gz /var/www/
cd /var/www
tar zxvf base-1.4.4.tar.gz
mv base-1.4.4 base
cd /var/www/base
cp base_conf.php.dist base_conf.php


Edit konfigurasi BASE

# vi base_conf.php
	$BASE_urlpath = "/base";
	# $DBlib_path = "/usr/share/php/adodb/";
	$DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
	$DBtype = "mysql"; 
	$alert_dbname   = 'snort';
	$alert_host     = 'localhost';
	$alert_port     = ;
	$alert_user     = 'snort';
	$alert_password = 'snort'; 
	$archive_exists   = 0;
	$archive_dbname   = 'snort';
	$archive_host     = 'localhost';
	$archive_port     = ;
 	$archive_user     = 'snort';
	$archive_password = 'snort';


Beri ijin Apache Web Server mengakses folder BASE

# chown -Rf www-data.www-data /var/www/base


Akses Web SNORT & BASE

http://localhost/base
		Setup page
		CREATE BASE AG
		Main page



Pranala Menarik