Installation & Configuration Of Intrusion Detection With Snort, ACIDBASE, MySQL, And Apache2 On Ubuntu 9.04 Using SPM - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by redgreg68 (Contact Author) (Forums) on Mon, 2009-09-21 17:14. ::

5. Apache2 Configuration

Apache2 has already been installed on the computer.

Create a file called test.php in /var/www/ with your favorite text editor.

# vim /var/www/test.php

Write in it:

<?php
phpinfo();
?>

Save and close this file.

Edit /etc/php5/apache2/php.ini file.

# vim /etc/php5/apache2/php.ini

Add the following under "Dynamic Extensions".

extension=mysql.so
extension=gd.so

Restart Apache2.

# /etc/init.d/apache2 restart

Get the IP address of the machine you are working on.

# ifconfig -a

Open a web browser and go to http://YOUR.IP.ADDRESS/test.php.

If everything went well, you will have PHP information displayed.

 

6. Moving and setting up Folders

Move ADOdb into the /var/www directory.

# mv /usr/share/php/adodb /var/www/

Make a directory called web in www and move ACIDBASE.

# mkdir /var/www/web
# mv /usr/share/acidbase /var/www/web/

Temporarily enable writing to the acidbase folder for setup.

# chmod 777 /var/www/web/acidbase

Rename existing base_conf.php file to base_conf.old.

# cd /var/www/web/acidbase
# mv base_conf.php base_conf.old

Install pear extensions for graphs to work in ACIDBASE.

# pear install Image_Color

 

7. ACIDBASE Setup for Snort and Archive Databases

7.1 Setup Snort database via web browser

Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/acidbase/setup. Click to continue on the first page.

Step 1 of 5: Enter the path to ADODB.

This is /var/www/adodb.

Step 2 of 5:

Main Database type = MySQL, Database name = snort, Database Host = localhost, Database username = <your_username>, Database Password = <your_password>, Archive Database type = MySQL, Database name = archive, Database Host = localhost, Database username = <your_username>, Database Password = <your_password>

Step 3 of 5:

If you want to use authentication enter a username and password here (user: <your_username>, password: <your_password>).

Step 4 of 5:

Click on Create BASE AG.

Step 5 of 5:

Once step 4 is done at the bottom click on Now continue to step 5.

Bookmark this page.

 

7.2 Create folder for ACIDBASE Archive database

In order for archive database to work an archive folder needs to be created within ACIDBASE folder.

# mkdir /var/www/web/acidbase/archive
# cd /var/www/web/acidbase
# cp –R * /var/www/web/acidbase/archive
# chmod 777 /var/www/web/acidbase/archive

Rename existing base_conf.php file to base_conf.old.

# cd /var/www/web/acidbase/archive
# mv base_conf.php base_conf.old

 

7.3 Setup Archive database via web browser

Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/acidbase/archive/setup.

Click continue on the first page.

Step 1 of 5: Enter the path to ADODB.

This is /var/www/adodb.

Step 2 of 5:

Archive Database type = MySQL, Database name = archive, Database Host = localhost, Database username = <your_username>, Database Password = <your_password>

Step 3 of 5:

If you want to use authentication enter a username and password here (user: <your_username>, password: <your_password>).

Step 4 of 5:

Click on Create BASE AG.

Step 5 of 5:

Once step 4 is done at the bottom click on Now continue to step 5.

 

8. Start Snort and check services status

To start Snort in the terminal type:

# snort -c /etc/snort/snort.conf -i eth0 -D

This starts snort using eth0 interface in a daemon mode.

To make sure it is running you can check with the following command:

# ps aux | grep snort

If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.

Make sure that all necessary services are running with the following command:

# /etc/init.d/mysql status
# /etc/init.d/apache2 status
# /etc/init.d/snort status

If they are running you will see output <OK>.

If necessary run

# /etc/init.d/<service> restart

command for each of the services that need a restart.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by oly562 (registered user) on Mon, 2011-09-12 22:54.
the user perms on the database for archive are also janked. again, followed, didn't work. post the fix or i will. which ever comes first. thanks
Submitted by oly562 (registered user) on Mon, 2011-09-12 22:52.

i like the howto! its nice Except there are lots of little things that needing cleanup like most howtos. the concepts are clear, Except one, the acidbase/setup sections 7.1, works, 7.2, what to do there? confusing, 7.3. i gave up. not using archive database today, ill figure it out later, hopefully add a comment or 3 here to make this a great! howto.

 

note. not being picky, but i followed your instructions to the T except there are a few things missing in acidbase install.

 

see if you can find them :)

oly562 aka olyanderson

Submitted by TYancey (not registered) on Mon, 2009-09-21 19:03.
This process has one main issue if you use the current rules.  The snort version in the repos. is a version behind.  The current version of the snort rules is not backwards compatible.