Intrusion Detection With BASE And Snort - Page 3
Installing
Lets start with: LIBPCAP.
Make sure that you are in the directory that you downloaded all files.
cd /root/snorttemp
cd into the libcap map:
cd libpcap-0.9.4
and make / install LIBPCAP:
./configure
make
make install
Next is PCRE.
Again, make sure that you are in the directory that you downloaded all files.
cd /root/snorttemp
cd into the PCRE map:
cd pcre-6.3
and make / install pce-6.3
./configure
make
make install
Now it time for Snort:
Make sure that you are in the directory that you downloaded all files.
cd /root/snorttemp
cd into the snort map:
cd snort-2.6.0
and make / install Snort with some extra needed options!
./configure --enable-dynamicplugin --with-mysql
make
make install
Snort needs some maps, so let’s create them:
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort
Moving the Snort files from the installation map to the just created maps.
Make sure that you are in the directory that you downloaded all files.
cd /root/snorttempand cd into snort-2.6.0:
cd snort-2.6.0and into the rules
cd rulesnow we copy all files from the /rules into /etc/snort/rules
cp * /etc/snort/rulesWe will do the same for the files in the install /etc folder:
cd ../etc
cp * /etc/snort
Fixing the snort.conf
The /etc/snort/snort.conf needs some tuning to get it to work on your system!
So cd into /etc/snort:
cd /etc/snortand open snort.conf with nano (or any other 'text' editor)
nano snort.conf
change "var HOME_NET any" to "var HOME_NET 192.168.0.5/32"
change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET"
change "var RULE_PATH ../rules" to "var RULE_PATH /etc/snort/rules"
As we made snort with the '--with-mysql' option and as BASE needs it, we also need to tell Snort what database to use.
Scroll down till you see "# output database", and remove the # in front of the line for the MySQL.
Now also change the "user", "password" and "dbname". 
Make a note of this as you will need it later!
Save the file and close 'nano'
Setting up the MySQL Database for Snort.
There are many ways to create the snort database.
The table layout can be found in the file create_mysql in the /root/snorttemp/snort-2.6.0/schemas directory.
Whichever way you create the database, make sure the 'user', 'password' and 'dbame' are the same as the one you set in the /etc/snort/snort.conf file!
After creating you can test snort and see if you get any errors with:
snort -c /etc/snort/snort.conf
Exit the test with Ctrl+C
If you get no error's Snort is setup correct.
Moving ADOdb and BASE
Moving ADOdb:
cd back to the download dir
cd /root/snorttemp/
and move adodb it to the root of the www map:
mv adodb /var/www
Next: BASE (Basic Analysis and Security Engine )
Still in the download dir, we move the base dir into the 1st website map that you create with ISPconfig.
mv base-1.2.5 /var/www/www.example.com/web
and cd into /var/www/www.example.com/web
cd /var/www/www.example.com/web
To enable BASE to write the setup file we need to chmod the base-1.2.5 folder to 757:
chmod 757 base-1.2.5
