Difference between revisions of "Instalasi SNORT dan BASE"

From OnnoWiki
Jump to navigation Jump to search
Line 11: Line 11:
 
  php5-gd php-image-graph php-image-canvas php-pear
 
  php5-gd php-image-graph php-image-canvas php-pear
  
 +
Untuk Ubuntu 9.04 tampaknya menggunakan
 +
 +
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 +
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 +
php5-gd php-pear
  
 
Karena BASE menggunakan PHP4, sebaiknya pakai yang mengenali PHP4 dan PHP5 seperti ini
 
Karena BASE menggunakan PHP4, sebaiknya pakai yang mengenali PHP4 dan PHP5 seperti ini

Revision as of 08:38, 21 June 2009

Download SNORT & SNORT RULES versi terakhir dari

http://www.snort.org/dl/
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz


Siapkan software pendukung

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-image-graph php-image-canvas php-pear

Untuk Ubuntu 9.04 tampaknya menggunakan

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear

Karena BASE menggunakan PHP4, sebaiknya pakai yang mengenali PHP4 dan PHP5 seperti ini

# cp adodb4991.tgz /var
# cd /var
# tar zxvf adodb4991.tgz


Restart Server

# /etc/init.d/apache2 restart
# /etc/init.d/mysql restart

Install snort


# cp -Rf snort-2.8.4.1.tar.gz /usr/local/src/
# cd /usr/local/src
# tar zxvf snort-2.8.4.1.tar.gz
# cd snort-2.8.4.1
# ./configure --with-mysql
# make
# make install
# groupadd snort
# useradd -g snort snort
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort


Ambil Rules untuk snort dari

http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz

Copy Snort Rules

# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
# cd /etc/snort
# tar zxvf snortrules-snapshot-CURRENT.tar.gz


Siapkan konfigurasi Snort

# cp /usr/local/src/snort-2.8.4.1/etc/* /etc/snort
# cd /etc/snort/
# mkdir /etc/snort/preproc_rules
# vi /etc/snort/snort.conf
       “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
       "var PREPROC_RULE_PATH ../preproc_rules" -> "var PREPROC_RULE_PATH /etc/snort/preproc_rules"
        output database: log, mysql, user=snort password=snort dbname=snort host=localhost


Ujicoba jalankan snort, karena rules yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan

# /usr/local/bin/snort -dev -c /etc/snort/snort.conf


Contoh error

Initializing rule chains...
ERROR: (/etc/snort/rules/web-misc.rules)98 => Cannot use 'rawbytes' and  'http_uri' as modifiers for the same "content" nor use 'rawbytes' with   "uricontent".
Fatal Error, Quitting..


Artinya

  • file /etc/snort/rules/web-misc.rules mengandung error pada line 98
  • edit file /etc/snort/rules/web-misc.rules dan buang line yang ada error-nya


Siapkan snort di rc.local

# vi /etc/rc.local
        /usr/local/bin/snort -dev -c /etc/snort/snort.conf -D


Siapkan database MySQL

mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');

Selanjutnya dengan database MySQL

# mysql -u root -p
Enter password:
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
mysql> exit


Siapkan tabel di database snort

# mysql -u root -p < /usr/local/src/snort-2.8.4.1/schemas/create_mysql snort
password:


Cek database snort

# mysql -p
Enter password: 
mysql> show databases;
mysql> use snort
mysql> show tables;
mysql> exit


Entah kenapa BASE versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.

Install BASE

# cp base-1.3.9.tar.gz /var/www/
# cd /var/www
# tar zxvf base-1.3.9.tar.gz
# mv base-1.3.9 base
# cd /var/www/base
# cp base_conf.php.dist base_conf.php


Edit konfigurasi BASE

# vi base_conf.php
	$BASE_urlpath = "/base";
	# $DBlib_path = "/usr/share/php/adodb/";
	$DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
	$DBtype = "mysql"; 
	$alert_dbname   = 'snort';
	$alert_host     = 'localhost';
	$alert_port     = ;
	$alert_user     = 'snort';
	$alert_password = 'snort'; 
	$archive_exists   = 0;
	$archive_dbname   = 'snort';
	$archive_host     = 'localhost';
	$archive_port     = ;
 	$archive_user     = 'snort';
	$archive_password = 'snort';


Beri ijin Apache Web Server mengakses folder BASE

# chown -Rf www-data.www-data /var/www/base


Akses Web SNORT & BASE

http://localhost/base
		Setup page
		CREATE BASE AG
		Main page



Pranala Menarik