Comments on Perfect Setup Of Snort + Base + PostgreSQL On Ubuntu 6.06 LTS
Perfect Setup Of Snort + Base + PostgreSQL On Ubuntu 6.06 LTS This tutorial describes how you can install and configure the Snort IDS (intrusion detection system) and BASE (Basic Analysis and Security Engine) on an Ubuntu 6.06 (Dapper Drake) system. With the help of Snort and BASE, you can monitor your system - with BASE you can perform analysis of intrusions that Snort has detected on your network. Snort will use a PostgreSQL database to store/log the data it gathers.
8 Comment(s)
Comments
There's a typo in the base_conf.php.dist text
it says $DBlib_path = '/usr/share/php/adobd' and it probably (when default installed) be $DBlib_path = '/usr/share/php/adodb'
Hi,
I found that a step was missing regarding the Postgres permissions after:
grant all privileges on database snort to snort;
I had to dump out the list of tables at a postgres prompt (using \d), and then grant access to the tables as follows:
GRANT ALL ON TABLE data, detail, encoding, event, icmphdr, iphdr, opt, reference, reference_ref_id_seq, reference_system, reference_system_ref_system_id_seq, schema, sensor, sensor_sid_seq, sig_class, sig_class_sig_class_id_seq, sig_reference, signature, signature_sig_id_seq, tcphdr, udphdr TO snort;
Otherwise snort will fail to start with:
"database: postgresql_error: ERROR: permission denied for relation sensor"
Here's someone else who had the same issue: http://www.snort.org/archive-1-6575.html
Regards,
Patrick
Try this:
ALTER TABLE sensor OWNER TO snort;
You don't want to grant all privileges - certainly not delete, which would allow $BADGUY to remove evidence.
Slightly better is:
GRANT INSERT, SELECT, UPDATE ON TABLE data, detail, encoding, event, icmphdr, iphdr, opt, reference, reference_ref_id_seq, reference_system, reference_system_ref_system_id_seq, schema, sensor, sensor_sid_seq, sig_class, sig_class_sig_class_id_seq, sig_reference, signature, signature_sig_id_seq, tcphdr, udphdr TO snort;
The steps in this how to are in the incorrect order. 1) First you must create the database. DO NOT import the schema yet. # su postgres $ createdb snort 2) Then create the database user. $ createuser -P snort Enter password for new user: snort-password Enter it again: snort-password Shall the new user be a superuser? (y/n) n Shall the new user be allowed to create databases? (y/n) n Shall the new user be allowed to create more new users? (y/n) n 3) Log in to the database, grant all privileges to snort user on the database: $ psql snort psql> grant all privileges on database snort to snort; 4) Finally, import the schema. Here's the important part: Import the schema as the database user, snort. $ zcat /usr/share/doc/snort-pgsql/create_postgresql.gz | psql -U snort snort
The steps in this HOWTO are in the incorrect order.
1) First you must create the database. DO NOT import the schema yet.
# su postgres
$ createdb snort
2) Then create the database user.
$ createuser -P snort
Enter password for new user: snort-password
Enter it again: snort-password
Shall the new user be a superuser? (y/n) n
Shall the new user be allowed to create databases? (y/n) n
Shall the new user be allowed to create more new users? (y/n) n
3) Log in to the database, grant all privileges to snort user on the database:
$ psql snort psql> grant all privileges on database snort to snort;
4) Finally, import the schema. Here's the important part: Import the schema as the database user, snort.
$ zcat /usr/share/doc/snort-pgsql/create_postgresql.gz | psql -U snort snort
NOTE: It worked for me! So, I cleaned up what the commentor wrote to make it easier for others to read.
i did all changes according to tutorial but when i check this command # snort -i eth0 -c /etc/snort/snort.conf
ERROR: database: Connection to database 'snort' failed
how to remove this problem.
plz help
i have probleme with installing snort-pgsql