Difference between revisions of "Instalasi SNORT dan BASE"

From OnnoWiki
Jump to navigation Jump to search
Line 1: Line 1:
Download SNORT & SNORT RULES versi terakhir dari
+
Download [[SNORT]] & [[SNORT RULES]] versi terakhir dari
  
 
  http://www.snort.org/dl/
 
  http://www.snort.org/dl/
Line 5: Line 5:
  
  
Siapkan software pendukung
+
Siapkan [[software]] pendukung
  
 
  # apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
  # apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
Line 11: Line 11:
 
  php5-gd php-image-graph php-image-canvas php-pear
 
  php5-gd php-image-graph php-image-canvas php-pear
  
Untuk Ubuntu 9.04 tampaknya menggunakan
+
Untuk [[Ubuntu]] 9.04 tampaknya menggunakan
  
 
  # apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
 
  # apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
Line 17: Line 17:
 
  php5-gd php-pear
 
  php5-gd php-pear
  
Karena BASE menggunakan PHP4, sebaiknya pakai yang mengenali PHP4 dan PHP5 seperti ini
+
Karena [[BASE]] menggunakan [[PHP4]], sebaiknya pakai yang mengenali [[PHP4]] dan [[PHP5]] seperti ini
  
 
  # cp adodb4991.tgz /var
 
  # cp adodb4991.tgz /var
Line 24: Line 24:
  
  
Restart Server
+
Restart [[Server]]
  
 
  # /etc/init.d/apache2 restart
 
  # /etc/init.d/apache2 restart
 
  # /etc/init.d/mysql restart
 
  # /etc/init.d/mysql restart
  
Install snort
+
Install [[snort]]
  
  
Line 46: Line 46:
  
  
Ambil Rules untuk snort dari
+
Ambil [[Snort Rules]] dari
  
 
  http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
 
  http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
  
Copy Snort Rules
+
Copy [[Snort Rules]]
  
 
  # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
 
  # cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
Line 57: Line 57:
  
  
Siapkan konfigurasi Snort
+
Siapkan konfigurasi [[Snort]]
  
 
  # cp /usr/local/src/snort-2.8.4.1/etc/* /etc/snort
 
  # cp /usr/local/src/snort-2.8.4.1/etc/* /etc/snort
Line 69: Line 69:
  
  
Ujicoba jalankan snort, karena rules yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan
+
Ujicoba jalankan [[snort]], karena [[Snort rules]] yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan
  
 
  # /usr/local/bin/snort -dev -c /etc/snort/snort.conf
 
  # /usr/local/bin/snort -dev -c /etc/snort/snort.conf
Line 97: Line 97:
  
  
Siapkan database MySQL
+
Siapkan [[database]] [[MySQL]]
  
 
  mysql
 
  mysql
 
  mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
 
  mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
  
Selanjutnya dengan database MySQL
+
Selanjutnya dengan [[database]] [[MySQL]]
  
 
  # mysql -u root -p
 
  # mysql -u root -p
Line 114: Line 114:
  
  
Siapkan tabel di database snort
+
Siapkan tabel di [[database]] [[snort]]
  
 
  # mysql -u root -p < /usr/local/src/snort-2.8.4.1/schemas/create_mysql snort
 
  # mysql -u root -p < /usr/local/src/snort-2.8.4.1/schemas/create_mysql snort
Line 120: Line 120:
  
  
Cek database snort
+
Cek [[database]] [[snort]]
  
 
  # mysql -p
 
  # mysql -p
Line 130: Line 130:
  
  
Entah kenapa BASE versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.
+
Entah kenapa [[BASE]] versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.
  
Install BASE
+
Install [[BASE]]
  
 
  # cp base-1.3.9.tar.gz /var/www/
 
  # cp base-1.3.9.tar.gz /var/www/
Line 142: Line 142:
  
  
Edit konfigurasi BASE
+
Edit konfigurasi [[BASE]]
  
 
  # vi base_conf.php
 
  # vi base_conf.php
Line 164: Line 164:
  
  
Beri ijin Apache Web Server mengakses folder BASE
+
Beri ijin [[Apache]] [[Web Server]] mengakses folder [[BASE]]
  
 
  # chown -Rf www-data.www-data /var/www/base
 
  # chown -Rf www-data.www-data /var/www/base
  
  
Akses Web SNORT & BASE
+
Akses [[Web]] [[SNORT]] & [[BASE]]
  
 
  http://localhost/base
 
  http://localhost/base

Revision as of 10:20, 13 August 2009

Download SNORT & SNORT RULES versi terakhir dari 

http://www.snort.org/dl/
http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz


Siapkan software pendukung 

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-image-graph php-image-canvas php-pear

Untuk Ubuntu 9.04 tampaknya menggunakan 

# apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear

Karena BASE menggunakan PHP4, sebaiknya pakai yang mengenali PHP4 dan PHP5 seperti ini 

# cp adodb4991.tgz /var
# cd /var
# tar zxvf adodb4991.tgz


Restart Server 

# /etc/init.d/apache2 restart
# /etc/init.d/mysql restart

Install snort 


# cp -Rf snort-2.8.4.1.tar.gz /usr/local/src/
# cd /usr/local/src
# tar zxvf snort-2.8.4.1.tar.gz
# cd snort-2.8.4.1
# ./configure --with-mysql
# make
# make install
# groupadd snort
# useradd -g snort snort
# mkdir /etc/snort
# mkdir /etc/snort/rules
# mkdir /var/log/snort


Ambil Snort Rules dari 

http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz

Copy Snort Rules 

# cp snortrules-snapshot-CURRENT.tar.gz /etc/snort/
# cd /etc/snort
# tar zxvf snortrules-snapshot-CURRENT.tar.gz


Siapkan konfigurasi Snort 

# cp /usr/local/src/snort-2.8.4.1/etc/* /etc/snort
# cd /etc/snort/
# mkdir /etc/snort/preproc_rules
# vi /etc/snort/snort.conf

       “var RULE_PATH ../rules” -> “var RULE_PATH /etc/snort/rules”
       "var PREPROC_RULE_PATH ../preproc_rules" -> "var PREPROC_RULE_PATH /etc/snort/preproc_rules"
        output database: log, mysql, user=snort password=snort dbname=snort host=localhost


Ujicoba jalankan snort, karena Snort rules yang digunakan biasanya masih banyak bug / error dan harus dibuang supaya hanya rules yang baik yang digunakan 

# /usr/local/bin/snort -dev -c /etc/snort/snort.conf


Contoh error 

Initializing rule chains...
ERROR: (/etc/snort/rules/web-misc.rules)98 => Cannot use 'rawbytes' and  'http_uri' as modifiers for the same "content" nor use 'rawbytes' with   "uricontent".
Fatal Error, Quitting..


Artinya

  • file /etc/snort/rules/web-misc.rules mengandung error pada line 98
  • edit file /etc/snort/rules/web-misc.rules dan buang line yang ada error-nya


Siapkan snort di rc.local 

# vi /etc/rc.local

masukan 

/usr/local/bin/snort -dev -c /etc/snort/snort.conf -D


Siapkan database MySQL 

mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');

Selanjutnya dengan database MySQL 

# mysql -u root -p
Enter password:
mysql> create database snort;
mysql> grant INSERT,SELECT on root.* to snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost IDENTIFIED BY 'snortpass' ;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort IDENTIFIED BY 'snortpass' ;
mysql> exit


Siapkan tabel di database snort 

# mysql -u root -p < /usr/local/src/snort-2.8.4.1/schemas/create_mysql snort
password:


Cek database snort 

# mysql -p
Enter password: 
mysql> show databases;
mysql> use snort
mysql> show tables;
mysql> exit


Entah kenapa BASE versi 1.4 susah untuk di instalasi. Mungkin sebaiknya di coba menggunakan versi lama versi 1.3.9.

Install BASE 

# cp base-1.3.9.tar.gz /var/www/
# cd /var/www
# tar zxvf base-1.3.9.tar.gz
# mv base-1.3.9 base
# cd /var/www/base
# cp base_conf.php.dist base_conf.php


Edit konfigurasi BASE 

# vi base_conf.php
	$BASE_urlpath = "/base";
	# $DBlib_path = "/usr/share/php/adodb/";
	$DBlib_path = "/var/adodb/"; - gunakan ini untuk instalasi adodb manual
	$DBtype = "mysql"; 

	$alert_dbname   = 'snort';
	$alert_host     = 'localhost';
	$alert_port     = ;
	$alert_user     = 'snort';
	$alert_password = 'snort'; 

	$archive_exists   = 0;
	$archive_dbname   = 'snort';
	$archive_host     = 'localhost';
	$archive_port     = ;
 	$archive_user     = 'snort';
	$archive_password = 'snort';


Beri ijin Apache Web Server mengakses folder BASE 

# chown -Rf www-data.www-data /var/www/base


Akses Web SNORT & BASE 

http://localhost/base

		Setup page
		CREATE BASE AG
		Main page



Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Instalasi_SNORT_dan_BASE&oldid=7637"