Comments on Intrusion Detection: Snort, Base, MySQL, And Apache2 On Ubuntu 7.10 (Gutsy Gibbon)

Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7.10 (Gutsy Gibbon) In this tutorial I will describe how to install and configure Snort (an intrusion detection system (IDS)) from source, BASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 7.10 (Gutsy Gibbon). Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which BASE will use to display a graphical interface in a web browser.

6 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Roger Mudd

This was a really good howto, which I enjoyed setting up.  However I did run into the following similar errors: 

Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/web/base-php4/includes/base_action.inc.php on line 29

Warning: include_once() [function.include]: Failed opening 'Mail.php' for inclusion (include_path='.:/usr/share/php') in /var/www/web/base-php4/includes/base_action.inc.php on line 29

Warning: include_once(Mail/mime.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/web/base-php4/includes/base_action.inc.php on line 30

Warning: include_once() [function.include]: Failed opening 'Mail/mime.php' for inclusion (include_path='.:/usr/share/php') in /var/www/web/base-php4/includes/base_action.inc.php on line 30

Warning: Cannot modify header information - headers already sent by (output started at /var/www/web/base-php4/includes/base_action.inc.php:29) in /var/www/web/base-php4/base_common.php on line 1077

It was resolve by installing the following:

pear install Mail

pear install Mail_Mime

By: Anonymous

This Helped me alot i had the same error as above Just installed Pear Mail and Mail_Mime and it works

THANKS

By: Bobb

Hey just FYI the snort download address format has changed.  I just downloaded it from

http://dl.snort.org/snort-current/snort-2.8.5.1.tar.gz

 Now for the rest of the install!

By: jayy

One of the perfect things about ubuntu/debian is that you can just do aptitude/apt-get for almost anything. Why not just aptitude install for both snort, mysql-server and acidbase/acidlab-mysql?

By: James Flockton

All worked perfectly apart from the base stuff, I used an earlier version, this seem to fix this issue.

 Thanks for writting this guide.

James

By: Rob

Hi guys,

i was trying to install snort on Ubuntu 8.04 LST Server...but I am getting this error

omerta@ssp:/etc/snort$ sudo apt-get install snort
Reading package lists... Done
Building dependency tree
Reading state information... Done
snort is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

it says that it is installed...but there is nothing in the /etc/snort/ ... just a rules folder is no conf file or anything....nither in the init.d there is no snort

When I tried to remove it and installit again I got this:

omerta@ssp:/etc/snort$ sudo apt-get remove snort
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
snort-rules-default snort-common libprelude2 snort-common-libraries libltdl3
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
snort
0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded.
After this operation, 1057kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 23667 files and directories currently installed.)
Removing snort ...
invoke-rc.d: unknown initscript, /etc/init.d/snort not found.
dpkg: error processing snort (--remove):
subprocess pre-removal script returned error exit status 100
postinst called with unknown argument `abort-remove'
Errors were encountered while processing:
snort
E: Sub-process /usr/bin/dpkg returned an error code (1)

Please could someone help me with this...cuz I need it for a school project which is due wendesday!

Thanks,

Rob