Difference between revisions of "Instalasi SNORT dan BASE"

From OnnoWiki
Jump to navigation Jump to search
 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Download [[SNORT]] & [[SNORT RULES]] versi terakhir dari
+
* [[SNORT: Compile SNORT dan BASE]]
 +
* [[SNORT: Install SNORT]]
 +
* [[SNORT: Install SNORT untuk BARNYARD2]] '''RECOMMENDED'''
  
http://www.snort.org/dl/
+
==Bacaan==
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
 
 
 
 
 
Siapkan [[software]] pendukung
 
 
 
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 
php5-gd php-image-graph php-image-canvas php-pear
 
 
 
Untuk [[Ubuntu]] 9.04 tampaknya menggunakan
 
 
 
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 
php5-gd php-pear
 
 
 
Untuk [[Ubuntu]] 10.04
 
 
 
# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
 
php5-gd php-pear
 
 
 
pear install Numbers_Roman-1.0.2
 
pear install Numbers_Words-0.16.2
 
pear install Image_Canvas-0.3.2
 
pear install Image_Graph-0.7.2
 
 
 
 
 
<!--
 
Karena [[BASE]] menggunakan [[PHP4]], sebaiknya pakai yang mengenali [[PHP4]] dan [[PHP5]] seperti ini
 
 
 
cp adodb4992.tgz /var
 
cd /var
 
tar zxvf adodb4992.tgz
 
-->
 
 
 
Restart [[Server]]
 
 
 
/etc/init.d/apache2 restart
 
/etc/init.d/mysql restart
 
 
 
Install [[snort]]
 
 
 
cp -Rf snort-2.8.6.1.tar.gz /usr/local/src/
 
cd /usr/local/src
 
tar zxvf snort-2.8.6.1.tar.gz
 
 
 
cd /usr/local/src/snort-2.8.6.1
 
./configure --with-mysql
 
make
 
make install
 
 
 
groupadd snort
 
useradd -g snort snort
 
mkdir /etc/snort
 
mkdir /etc/snort/rules
 
mkdir /var/log/snort
 
 
 
 
 
Ambil [[Snort Rules]] dari
 
 
 
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
 
 
 
Tampaknya alamat di atas sudah tidak valid lagi. Perlu di cari community rules snort yang bebas / gratis :( ..
 
Jika anda berhasil memperoleh community rules snort, lakukan copy [[Snort Rules]]
 
 
 
cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
 
cd /etc/snort
 
tar zxvf snortrules-snapshot-CURRENT.tar.gz
 
 
 
 
 
Siapkan konfigurasi [[Snort]]
 
  
cp /usr/local/src/snort-2.8.6.1/etc/* /etc/snort
+
* http://willy.lecturer.maranatha.edu/?p=817
cd /etc/snort/
 
mkdir /etc/snort/preproc_rules
 
vi /etc/snort/snort.conf
 
 
 
Ubah
 
 
 
var RULE_PATH ../rules                  var RULE_PATH /etc/snort/rules
 
var SO_RULE_PATH ../so_rules            var SO_RULE_PATH /etc/snort/so_rules
 
var PREPROC_RULE_PATH ../preproc_rules  var PREPROC_RULE_PATH /etc/snort/preproc_rules
 
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
 
 
 
 
 
Ujicoba jalankan [[snort]], karena [[Snort rules]] yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan
 
 
 
/usr/local/bin/snort -dev -c /etc/snort/snort.conf
 
 
 
Contoh error
 
 
 
Initializing rule chains...
 
ERROR: (/etc/snort/rules/web-misc.rules)'''98''' => Cannot use 'rawbytes' and  'http_uri' as modifiers for the same "content" nor use 'rawbytes' with  "uricontent".
 
Fatal Error, Quitting..
 
 
 
 
 
Artinya
 
 
 
* file /etc/snort/rules/web-misc.rules mengandung error pada line '''98'''
 
* edit file /etc/snort/rules/web-misc.rules dan buang line yang ada error-nya
 
 
 
sampai keluar error terakhir
 
 
 
ERROR: database: mysql_error: Access denied for user 'snort'@'localhost' (using password: YES)
 
Fatal Error, Quitting..
 
 
 
Siapkan snort di rc.local
 
 
 
# vi /etc/rc.local
 
 
 
masukan
 
 
 
/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D
 
 
 
Siapkan [[database]] [[MySQL]]
 
 
 
mysql
 
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
 
 
 
Selanjutnya dengan [[database]] [[MySQL]]
 
 
 
# mysql -u root -p
 
Enter password:
 
create database snort;
 
grant INSERT,SELECT on root.* to snort@localhost;
 
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
 
grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
 
exit
 
 
 
 
 
Atau jika anda masih dalam tahap ujicoba bukan untuk operasional,
 
dengan asumsi username snort, password snort, database snort; dapat menggunakan perintah
 
 
 
# mysql -u root -p
 
Enter password:
 
create database snort;
 
grant ALL on root.* to snort@localhost;
 
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
 
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
 
exit
 
 
 
 
 
Siapkan tabel di [[database]] [[snort]]
 
 
 
# mysql -u root -p < /usr/local/src/snort-2.8.6.1/schemas/create_mysql snort
 
password:
 
 
 
Atau kalau sedang belajar dengan password root 123456 dapat menggunakan perintah
 
 
 
# mysql -u root -p123456 < /usr/local/src/snort-2.8.6.1/schemas/create_mysql snort
 
 
 
Cek [[database]] [[snort]]
 
 
 
# mysql -p
 
Enter password:
 
mysql> show databases;
 
mysql> use snort
 
mysql> show tables;
 
mysql> exit
 
 
 
 
 
<!--
 
Entah kenapa [[BASE]] versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.
 
 
 
Install [[BASE]] untuk versi 1.3.9
 
 
 
cp base-1.3.9.tar.gz /var/www/
 
cd /var/www
 
tar zxvf base-1.3.9.tar.gz
 
mv base-1.3.9 base
 
cd /var/www/base
 
cp base_conf.php.dist base_conf.php
 
-->
 
 
 
Install [[BASE]] untuk versi 1.4.5
 
 
 
cp base-1.4.5.tar.gz /var/www/
 
cd /var/www
 
tar zxvf base-1.4.5.tar.gz
 
mv base-1.4.5 base
 
cd /var/www/base
 
cp base_conf.php.dist base_conf.php
 
 
 
 
 
 
 
Edit konfigurasi [[BASE]]
 
 
 
# vi base_conf.php
 
 
 
isi dengan
 
 
 
$BASE_urlpath = "/base";
 
$DBlib_path = "/usr/share/php/adodb/";
 
$DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
 
$DBtype = "mysql";
 
 
$alert_dbname  = 'snort';
 
$alert_host    = 'localhost';
 
$alert_port    = '';
 
$alert_user    = 'snort';
 
$alert_password = 'snort';
 
 
$archive_exists  = 0;
 
$archive_dbname  = 'snort';
 
$archive_host    = 'localhost';
 
$archive_port    = '';
 
$archive_user    = 'snort';
 
$archive_password = 'snort';
 
 
 
Beri ijin [[Apache]] [[Web Server]] mengakses folder [[BASE]]
 
 
 
# chown -Rf www-data.www-data /var/www/base
 
 
 
 
 
Akses [[Web]] [[SNORT]] & [[BASE]]
 
 
 
http://localhost/base
 
 
 
Setup page
 
CREATE BASE AG
 
Main page
 
 
 
==Bacaan==
 
  
* http://jogja.linux.or.id/berita/arsip/2010/01/14/kustomisasi-konfigurasi-ids-snort/
+
==Referensi==
  
 +
* http://125.160.17.21/speedyorari/index.php?dir=snort/rules '''RULES JADOEL untuk Percobaan'''
 +
* http://www.snort.org/snort-downloads
 +
* http://www.snort.org/dl/
 +
* http://www.snort.org/start/rules
 +
* http://base.secureideas.net/
  
 
==Pranala Menarik==
 
==Pranala Menarik==
  
 +
* [[SNORT]]
 
* [[Linux Howto]]
 
* [[Linux Howto]]
  
 
[[Category: Linux]]
 
[[Category: Linux]]
 
[[Category: Network Security]]
 
[[Category: Network Security]]

Latest revision as of 05:36, 12 September 2015