Difference between revisions of "SNORT: Install SNORT"

From OnnoWiki
Jump to navigation Jump to search
Line 11: Line 11:
 
  pear install Image_Graph-0.7.2
 
  pear install Image_Graph-0.7.2
 
  pear install --alldeps mail
 
  pear install --alldeps mail
 +
 +
Konfigurasi [[database]]
 +
 +
mysql -u root -p123456
 +
 +
create database snort;
 +
grant ALL on root.* to snort@localhost;
 +
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
 +
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
 +
exit
 +
 +
Instal SNORT
  
 
  apt-get install snort-mysql snort-rules-default acidbase
 
  apt-get install snort-mysql snort-rules-default acidbase
Line 19: Line 31:
 
  mysql password : snort
 
  mysql password : snort
  
 
+
Buang db-pending-config
Konfigurasi [[database]]
 
  
 
  rm /etc/snort/db-pending-config
 
  rm /etc/snort/db-pending-config
mysql -u root -p123456
 
create database snort;
 
grant ALL on root.* to snort@localhost;
 
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
 
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
 
exit
 
 
  
 
Konfigurasi [[database]]
 
Konfigurasi [[database]]

Revision as of 17:58, 16 February 2011

Install menggunakan perintah

sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libpcap0.8 libpcap0.8-dev \
mysql-server libmysqlclient15-dev libphp-adodb libgd2-xpm libgd2-xpm-dev php5-mysql \
php5-gd php-pear apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \
mysql-client libdumbnet1 libdumbnet-dev
pear install Numbers_Roman-1.0.2
pear install Numbers_Words-0.16.2
pear install Image_Canvas-0.3.2
pear install Image_Graph-0.7.2
pear install --alldeps mail

Konfigurasi database

mysql -u root -p123456
create database snort;
grant ALL on root.* to snort@localhost;
grant ALL on snort.* to snort@localhost IDENTIFIED BY 'snort' ;
grant ALL on snort.* to snort IDENTIFIED BY 'snort' ;
exit

Instal SNORT

apt-get install snort-mysql snort-rules-default acidbase

Masukan

192.168.0.0/16
mysql password : snort

Buang db-pending-config

rm /etc/snort/db-pending-config

Konfigurasi database

cd /usr/share/doc/snort-mysql/                                             
zcat create_mysql.gz | mysql -u <user> -h <host> -p <databasename>    

Jika sedang belajar

cd /usr/share/doc/snort-mysql/                                             
zcat create_mysql.gz | mysql -u root -h localhost -p123456 snort


Konfigurasi SNORT

vi /etc/snort/snort.conf
output database: alert, mysql, user=snort password=snort dbname=snort host=localhost
output database: log, mysql, user=snort password=snort dbname=snort host=localhost


Konfigurasi BASE

vi /etc/acidbase/database.php 
$alert_user='snort';
$alert_password='snort';
$basepath='/acidbase';
$alert_dbname='snort';
$alert_host='localhost';
$alert_port=;
$DBtype='mysql';

Restart APACHE

/etc/init.d/apache2 restart

Akses ke

http://localhost/acidbase

jalankan snort

snort -dev -c /etc/snort/snort.conf -D


Perbaiki Rules

Jalankan

snort -dev -c /etc/snort/snort.conf

Akan keluar error seperti

Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead.
ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed
Fatal Error, Quitting..

Perbaiki line yang error misalnya

vi /etc/snort/rules/dos.rules

delete line 42


Ijin Akses Non Localhost

Pada saat belajar, agar mesin non-localhost dapat mengakses kita perlu mengedit

vi /etc/acidbase/apache.conf 

Tambahkan

<DirectoryMatch /usr/share/acidbase/>
  ...
  allow from 127.0.0.0/255.0.0.0
  allow from 0.0.0.0/0.0.0.0
  ...
</DirectoryMatch>

Restart Web Server

/etc/init.d/apache2 restart
                      

Bacaan

Referensi

Pranala Menarik