Intrusion Detection With BASE And Snort - Page 4

BASE web page setup

Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup
If all is setup okay you should see the BASE Setup Program page:

BASE setup

Click on Continue

step 1 of 5:
Enter the path to ADODB (/var/www/adodb):

BASE Step 1 setup
click on Submit Query

step 2 of 5:
Enter the needed info on the next screen: (leave the Use Archive Database as is):

BASE Step 2 setup
click on Submit Query

step 3 of 5:
If you want to Use Authentication for the Base page you can do so here:

BASE Step 3 setup

click on Submit Query

step 4 of 5:
Click on Create BASE AG to create the database.

BASE Step 4a setup
and after Create BASE AG
BASE Step 4b setup

Once done, click on Now continue to step 5...

BASE Step 5 setup

To make the Graph's from BASE work you will also need to install Image_Color, Image_Canvas and Image_Graph.
To do this do:

pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha

That it for BASE!

If you want you can chmod the base-1.2.5 dir back to 775:

chmod 775 base-1.2.5

You can also delete the snorttemp directory, and all the files in it.

Starting Snort

To start SNORT and make BASE show you the Snort's logged info, you will need to run:

/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -g root -D

Now wait some time and see all the Snort alerts show up in BASE.

BASE alerts

Share this page:

9 Comment(s)

Add comment

Comments

From: Anonymous at: 2009-05-19 18:29:29

thanks.....this tutorial helped me out a lot.

From: Anonymous at: 2006-07-10 21:30:13

Nice, easy to follow tutorial. Keep up the good work!

It's been a while that I've been meaning to get back to using snort. I think I'll give a try sometime this week. Never used BASE, I'll probably try it out this Wednesday.

Good Stuff.

--Jon Zhttp://jzencovich.blogspot.com/

From: Anonymous at: 2006-08-06 00:56:50

 Not bad actually, but the project still not grow up, if you use commercial variants you know this is nowhere comparing to them...

From: kav5 at: 2006-09-08 19:51:18

Looks good but it is not complete. It would be very nice to add snortsam installation to the tutorial because it implements IPS system. (to block attacker automatically) 

From: Anonymous at: 2009-04-15 19:05:35

 If u get these :

Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/web/base-php4/includes/base_action.inc.php on line 29

,...........................

 

 Try issuing these commands and see if it helps:

pear install Mail
pear install Mail_Mime

From: pevma at: 2010-02-26 11:16:57

Also folks,

to get the graphics working by country and world maps:

There are 2 files: 

1. world_map6.png

2. world_map6.txt

do a search:

find / -iregex ".*world_map6.png"

you will find the file...then copy it to where your "PEAR directory" is

You will find your "PEAR directory" after you execute :

pear config-show

Then copy the 2 files in the "PEAR directory" under /Image/Graph/Images/Maps/

so the FULL path should look something like this:

/usr/share/php/Image/Graph/Images/Maps/

 

That solevs one of the problems ...then you get an error like ".... couldn find...or not defined $GeoIPfree_file_ascii and $ip2cc"...something of the sort...for this purpose in your cmd execute:

perl -MCPAN -e 'install  Geography::Countries'

then

 perl -MCPAN -e 'install  IP::Country'

ok...almost there

then find your  base_conf.php  - should be somewhere in your /var/www/ directory  or the directories inder that

edit the file /base_conf.php/   towards the end you will find 

" $IP2CC..." uncomment that ...maybe restart your browser or clear the cahce of your browser and you are ready to go!!!

thats it

From: wisedud2u at: 2010-04-05 10:43:49

after you install the Geography::Countries do this

root@a3s:~#  cd /usr/lib/perl5/site_perl/5.8.8/Geo/

root@a3s:Geo#wget  http://cpansearch.perl.org/src/BRICAS/Geo-IPfree-0.6/misc/ipct2txt.pl

 root@a3s:Geo#perl ipct2txt.pl ./ipscountry.dat /path/to/your/htdocs/base/ips-ascii.txt


 

From: at: 2007-07-23 04:59:25

This guide is a pretty good start but I actually found Patrick Harper's guide to be more in-depth. His guide is available at www.internetsecurityguru.com which I've used to develop a Snort/Centos/BASE install cd that I'm calling EasyIDS.

From: at: 2008-01-14 10:59:27

Thanks a lot for your tutorial. It allowed me to get everything up and running in a very short time.