Menu

#9 Snort with Acid and MySQL on SuSE 9.2

open
SuSEFAQ (8)
5
2014-08-02
2005-07-01
beaknit
No

As root:

Install MySQL
rpm -ivh mysql-4.0.21-4.2.i586.rpm
Install MySQL-devel
rpm -ivh mysql-devel-4.0.21-4.2.i586.rpm
start mysql
rcmysql start
Install PCRE
tar xvf pcre-5.0.tar
cd pcre-5.0
./configure && make && make install
cd ../
Install snort
tar zxvf snort-2.3.3.tar.gz
cd snort-2.3.3
./configure --with-snmp --with-mysql
make
make install
mysqladmin create snort
mysql snort < schemas/create_mysql
mysql
grant select, insert on snort.* to
snortuser@localhost identified by "<password>";
grant select, insert, update on snort.sensor to
snortuser@localhost identified by "<password>";
mkdir /var/log/snort
mkdir /etc/snort
cp snortrules-snapshot-CURRENT.tar.gz /etc/snort
(you'll have to register at their site to download it)
cd /etc/snort
tar zxvf snortrules-snapshot-CURRENT.tar.gz
cp rules/* ./
rm -rf rules
mv /etc/snort/snort.conf /etc
Find and set in /etc/snort.conf:
iis_unicode_map to /etc/snort/unicode.map
RULE_PATH=/etc/snort
classification.config=/etc/snort/classification.
config
reference.config=/etc/snort/reference.config
output database: log,mysql, user=snortuser
password=<password from above> dbname=snort host=localhost
/usr/local/bin/snort -T
Sort any errors that come up
/usr/local/bin/snort -D
mysql snort
select * from snort.sensor;
Should see the active nics
cd ../
Install zlib
tar zxvf zlib-1.2.2.tar.gz
cd zlib-1.2.2
./configure && make test
make install
cd ../
Install libpng
tar zxvf libpng-1.2.8.tar.gz
cd libpng-1.2.8
cp scripts/makefile.linux ./makefile
make
make test
make install
cd ../
Install gd
tar zxvf gd-2.0.33.tar.gz
cd gd-2.0.33
./configure
make
make check
make install
cd ../
Build openssl
tar zxvf openssl-0.9.7.tar.gz
cd openssl-0.9.7
sh config no-threads
make
make test
cd ../
Untar apache
tar zxvf apache-1.3.33.tar.gz
Build mod_ssl
tar zxvf mod_ssl-2.8.22-1.3.33.tar.gz
cd mod_ssl-2.8.22-1.3.33
./configure --with-apache=../apache-1.3.33
cd ../
Install apache
cd apache-1.3.33
SSL_BASE=../openssl-0.9.7g ./configure --enable-
module=ssl --enable-shared=ssl
make
make certificate
make install
cd ../
Install php
tar zxvf php-4.3.11.tar.gz
cd php-4.3.11
./configure --with-apxs=/usr/local/apache/bin/apxs --with-gd
--with-zlib-dir=/usr/local/lib --with-mysql --enable-sockets
make
make install
cp php.ini-dist /usr/local/lib/php.ini
echo AddType application/x-httpd-php .php .phtml >> /usr/
local/apache/conf/httpd.conf
cd ../
Install php extensions
tar zxvf adodb463.tgz
cp -r adodb /usr/local/apache/htdocs
tar zxvf jpgraph-1.18.tar.gz
cp -r jpgraph-1.18 /usr/local/apache/htdocs
Install acid
tar zxvf acid-0.9.6b23.tar.gz
cd acid
mysql snort < create_acid_tbls_mysql.sql
cp -r ../acid /usr/local/apache/htdocs
mysql snort
grant select, insert, update, delete on snort.* to
aciduser@localhost identified by "<password>";
Edit /usr/local/apache/htdocs/acid/acid_conf.php:
$DBlib_path="/usr/local/apache/htdocs/adodb"
$Chartlib_path="/usr/local/apache/htdocs/jpgraph-1.
18/src"
Edit the db entries to reflect the appropriate
usernames and db types
Clean Up
chown -R root:root /usr/local/apache/htdocs
chmod -R o-w /usr/local/apache/htdocs
Edit the following files to add years past 2004 (just copy
the 2004 lines, paste them and edit as appropriate):
Under /usr/local/apache/htdocs/acid:
acid_graph_form.php
acid_state_citems.inc
acid_stat_time.php
Create an apache password file with a "starter" user:
cd /usr/local/apache
mkdir users
bin/htpassword -c users/passwords admin
chown root:nogroup users/passwords
chmod 640 /usr/local/apache/users/passwords
Edit /usr/local/apache/conf/httpd.conf
Add the following after <Directory "/usr/local/
apache/htdocs"> . . . </Directory>:
<Directory "/usr/local/apache/htdocs/acid">
AuthType Basic
AuthName "Please Log In"
AuthUserFile /usr/local/apache/users/
passwords
Require valid-user
</Directory>
Set
Group nogroup
Set
Servername <whatever hostname fqdn you
want>
Make sure whatever firewall you're running is permitting
port 443 in.
Make sure your Apache ServerName attribute matches
your cert.
Start apache:
/usr/local/apache/bin/apachectl startssl
(supply the password you entered back in the
"make certificate" step)

NOTES:
For the certs to work, the client has to be able to resolve
the hostname
Backup your apache dir after you get everything configured
You need to add some mechanism to bring it up
automatically at boot. Preferably an init.d script.

Discussion


Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.