SNORT NIDS SETUP
1. Setup MySQL DB environment
•create database snort;
•grant insert,select on root.* to snort@localhost;
•set password for snort@localhost=password('abc123');
•grant create,insert,select,delete,update on snort.* to snort@localhost;
•grant create,insert,select,delete,update on snort.* to snort;
2. Import MySQL DB schema
•mysql -u root -p < /home/linuxcbt/temp/Snort/snort-2.8.0.2 /schemas/create_mysqlsnort
3. Setup Snort NIDS /etc/snort environment
•mkdir /etc/snort && cp -v /home/linuxcbt/temp/Snort/snort-2.8.0.2 /etc/* /etc/snort
Note: Snort's primary configuration file for NIDS mode: /etc/snort/snort.conf
4. Download the latest Snort rules file and extract to: /etc/snort/rules
Note: Snort rules are available as follows:
1. Registered users: with delay
2. Subscriber: no delay - NOT FREE
3. Unregistered users: release version (very old) of rules
4. Various third-party sites: i.e. Bleeding Snort, etc.
•cd /etc/snort && tar -xzvf snortrules*
5. Configure: /etc/snort/snort.conf to use MySQL and rules
•MySQL - output
•Rules - path to the rules
6. Start Snort in NIDS mode
•snort -i eth0 -c /etc/snort/snort.conf -D
7. Setup BASE web analysis application
•wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz
•tar -xzvf adodb480.tgz
Note: adodb480.tgz - provides DB-connectivity for BASE to MySQL
• Download BASE from http://base.secureideas.net
• Configure: base_conf.php file
• $BASE_urlpath = '/base';
• $Dblib_path = "/var/www/html/adodb";
• $Dbtype = 'mysql';
• alert_dbname = 'snort';
• alert_host = 'localhost';
• alert_password = 'abc123';
Note:•Ensure that your Apache instance has PHP support
•Ensure that 'php-mysql*' package is installed
8. Connect to BASE via web browser
Note: Consider protecting '/base' application using HTDIGEST or basic auth
No comments:
Post a Comment