Intrusion Detection With BASE And Snort

[StupidScript]

Thanks for the tutorial ...

Here's (perhaps) a little help with a potential problem with Step 1 of 5 of the BASE setup program where it cannot verify the Path to ADODB.

Error: "The Path to ADODB does not appear to be correct!"

Following the instructions in the tutorial to the letter, you have an "adodb" directory in /var/www/. Setting "Path to ADODB" in Step 1 of the web-based BASE setup to "/var/www/adodb" returns the error above.

Solution, for me: chown -R apache:apache /var/www/adodb

It was owned by root, before I did that, however the PHP file in BASE's setup routine (setup1.php) requires the ability to check for a particular adodb.inc file in order to validate that location.

As I had php.ini set up to use open_basedir, I needed to add that directory to my /etc/php.ini's open_basedir list of allowed directories and give Apache permission to read it before the setup file worked correctly. (I has previously needed to add the /var/www/html/base-1.2.5 directory to the list and chown it to apache:apache, as well.)

<edit>
I also used the tutorial to make a second installation on another system, and I needed to chmod 755 /var/www/adodb and all of its subdirectories.

Incidentally, I'm running Fedora Core 4 on both systems, however there are some differences between the two.
</edit>

Hope that helps someone ...

[sjau]

Do the global and local values for allowed directories differ? Maybe that is the problem.

[edge]

Hmm.. It's me .. the one who made the howto,

I've had a look at some Debian Sarge systems here, and they all have "/var/www/adodb" owned by root:root and set to 755

Could it be a Debian thingy? Also.. It's using Apache2 (not sure if this has anything todo with it)

[StupidScript]

Thanks a lot for the tutorial, edge. Worked great! Here are my notes about the above stuff.

Running on two servers: Fedora Core 4, Apache 2, PHP 5.x

Both php.ini's using: safe_mode = On , open_basedir = ..allowed dirs..

Both running Bastille (server hardening) HOWEVER the Bastille configurations are a little bit different because one server is sensitive and the other is used for testing things, occasionally, so it's not quite as 'tight' as the other system.

I think the differences in the Bastille setup may account for the owner/permissions differences as noted.

To clarify what I did to get everything working:

1) chown adodb and all children to the user who owns the web server
2) Change permissions on adodb directory and its subdirectories as req.
3) IF using open_basedir: add directories as needed and restart web server

Other than those small tweaks, everything went exactly as you noted in the tutorial, edge. Thanks a lot!

[edge]

I'm (as you might have seen on the way of the howto) new to linux and the howto's :-)

Anyway.. I'll give your things a go tomorrow or the day after on a new (virtual) Debian install, and if all okay I'll add / change it in the howto.
I'm not sure if I will use your nick in it for the thanks to.. (StupidScript)

[wr19026]

I'm havibg problems with the following:

./configure --enable-dynamicplugin --with-mysql
make
make install

when I run it it gives the following error:

checking for mysql...

**********************************************
ERROR: unable to find mysql headers (mysql.h)
checked in the following places
/usr/include
/usr/include/mysql
/usr/local/include
/usr/local/include/mysql
**********************************************

root@bla:~/snorttemp/snort-2.6.0# whereis mysql.h
mysql: /usr/bin/mysql /etc/mysql /usr/bin/X11/mysql /usr/share/mysql /usr/share/man/man1/mysql.1.gz

Environment: Ubuntu 6.06 LTS server set up as per the Perfect Setup; also running ISPConfig.

Help and suggestions are much appreciated!

[falko]

Quote:

Originally Posted by wr19026

**********************************************
ERROR: unable to find mysql headers (mysql.h)

Please run

Code:

apt-get install libmysqlclient12-dev

and try again.

[wr19026]

I'm getting an error message (in Dutch so I don't think it'll help much ). I'll figure out how to get this installed and try again. Thanks for the tip anyway!

EDIT: As per one of the comments for the Perfect Setup for Ubuntu 6.06 I installed libmysqlclient15-dev which solves the problem.