Intrusion Detection With BASE And Snort - Page 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by edge (Contact Author) (Forums) on Sun, 2006-07-09 08:35. ::

BASE web page setup

Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup
If all is setup okay you should see the BASE Setup Program page:

BASE setup

Click on Continue

step 1 of 5:
Enter the path to ADODB (/var/www/adodb):

BASE Step 1 setup
click on Submit Query

step 2 of 5:
Enter the needed info on the next screen: (leave the Use Archive Database as is):

BASE Step 2 setup
click on Submit Query

step 3 of 5:
If you want to Use Authentication for the Base page you can do so here:

BASE Step 3 setup

click on Submit Query

step 4 of 5:
Click on Create BASE AG to create the database.

BASE Step 4a setup
and after Create BASE AG
BASE Step 4b setup

Once done, click on Now continue to step 5...

BASE Step 5 setup

To make the Graph's from BASE work you will also need to install Image_Color, Image_Canvas and Image_Graph.
To do this do:

pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha

That it for BASE!

If you want you can chmod the base-1.2.5 dir back to 775:

chmod 775 base-1.2.5

You can also delete the snorttemp directory, and all the files in it.

Starting Snort

To start SNORT and make BASE show you the Snort's logged info, you will need to run:

/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D

Now wait some time and see all the Snort alerts show up in BASE.

BASE alerts

Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Tue, 2009-05-19 19:29.
thanks.....this tutorial helped me out a lot.
Submitted by Anonymous (not registered) on Wed, 2009-04-15 20:05.

 If u get these :

Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/web/base-php4/includes/base_action.inc.php on line 29

,...........................

 

 Try issuing these commands and see if it helps:

pear install Mail
pear install Mail_Mime

Submitted by pevma (not registered) on Fri, 2010-02-26 12:16.

Also folks,

to get the graphics working by country and world maps:

There are 2 files: 

1. world_map6.png

2. world_map6.txt

do a search:

find / -iregex ".*world_map6.png"

you will find the file...then copy it to where your "PEAR directory" is

You will find your "PEAR directory" after you execute :

pear config-show

Then copy the 2 files in the "PEAR directory" under /Image/Graph/Images/Maps/

so the FULL path should look something like this:

/usr/share/php/Image/Graph/Images/Maps/

 

That solevs one of the problems ...then you get an error like ".... couldn find...or not defined $GeoIPfree_file_ascii and $ip2cc"...something of the sort...for this purpose in your cmd execute:

perl -MCPAN -e 'install  Geography::Countries'

then

 perl -MCPAN -e 'install  IP::Country'

ok...almost there

then find your  base_conf.php  - should be somewhere in your /var/www/ directory  or the directories inder that

edit the file /base_conf.php/   towards the end you will find 

" $IP2CC..." uncomment that ...maybe restart your browser or clear the cahce of your browser and you are ready to go!!!

thats it

Submitted by wisedud2u (not registered) on Mon, 2010-04-05 11:43.

after you install the Geography::Countries do this

root@a3s:~#  cd /usr/lib/perl5/site_perl/5.8.8/Geo/

root@a3s:Geo#wget  http://cpansearch.perl.org/src/BRICAS/Geo-IPfree-0.6/misc/ipct2txt.pl

 root@a3s:Geo#perl ipct2txt.pl ./ipscountry.dat /path/to/your/htdocs/base/ips-ascii.txt


 

Submitted by norbert (registered user) on Mon, 2008-01-14 11:59.
Thanks a lot for your tutorial. It allowed me to get everything up and running in a very short time.
Submitted by oakleeman (registered user) on Mon, 2007-07-23 05:59.
This guide is a pretty good start but I actually found Patrick Harper's guide to be more in-depth. His guide is available at www.internetsecurityguru.com which I've used to develop a Snort/Centos/BASE install cd that I'm calling EasyIDS.
Submitted by kav5 (registered user) on Fri, 2006-09-08 20:51.
Looks good but it is not complete. It would be very nice to add snortsam installation to the tutorial because it implements IPS system. (to block attacker automatically) 
Submitted by Anonymous (not registered) on Mon, 2006-07-10 22:30.

Nice, easy to follow tutorial. Keep up the good work!

It's been a while that I've been meaning to get back to using snort. I think I'll give a try sometime this week. Never used BASE, I'll probably try it out this Wednesday.

Good Stuff.

--Jon Zhttp://jzencovich.blogspot.com/

Submitted by Anonymous (not registered) on Sun, 2006-08-06 01:56.
 Not bad actually, but the project still not grow up, if you use commercial variants you know this is nowhere comparing to them...